Monday, December 29, 2003

The Remediator Security Digest: The Weakest Link: Social Engineering

Via Meryl's blog I arrived at
The Remediator Security Digest: The Weakest Link: Social Engineering
A good read on Social Engineering.
It amazes me how many people, also at my company, still really don't want to know anything about the need for keeping passwords secure. Two cases I encountered recently are:
  • a user handing, while being at home, her password to a college at work, who needed something from her computer (we have a one user - one computer policy). It took some effort to explain why they shouldn't do something like this.

  • someone just shouting his password through the room to me, when I needed (as an admin) needed access to his computer (where he was logged on to, and had it locked, which was good). After I said something like ".. and I don't want to know your passw...".

Which reminds me: have to walk around the office to look for post-it memo's on which passwords are scribbled