More Social Engineering

You can make the best firewalls, or the coolest piece of security software, but as this experiment shows you still have the very big factor of human nature to overcome. Basically these guys wrote a trojan and put it on a bunch of those small USB memory sticks that are the latest give away gimick. Scatter the drives in the parking lot of the bank (who are on alert that there is a security audit happening) and watch. Soon enough the data and passwords start flowing in. Simple and easy. And hard to protect against using technology without a very rigid security policy (possibly bad enough to prevent users from doing legitimate work) or just pure faschism. Other than that it’s up to training of users, but it’s very hard to train someone about the unknown, especially with software install sites giving instructions all over the place to ‘just ignore the security warning and hit ok’ (paraphrased).