Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Social Engineers demonstrate the damage that could be caused by information

Steve Ragan | Oct. 29, 2013
They say knowledge is power, and the final report from DEF CON 21's Social Engineer Capture the Flag contest shows that in the wrong hands, the amount of information organizations leave exposed online can empower attackers across the globe.

The report also disclosed the fact that the second place top scorer (at DEF CON first and second place were announced as female) was actually a male. Overall the women did better this year, but the original second place was disqualified. There are strict rules for the SECTF contest, the main one being that the person the contestant speaking to should never feel as if they are in jeopardy.

"The contestant in question threatened the employee with termination as well as being responsible for the loss of a major negotiation if she did not comply in order to manipulate her into providing the flags. The judging panels made a unanimous decision that this was unethical conduct, eliminating this contestant from consideration," the report explained.

In terms of the number of flags collected, both with OSI and on the phone, as well as the value of the flags collected, Apple was the top company. They're followed by GM, Home Depot, Johnson & Johnson, Chevron, and Boeing. It should be noted that the rankings do not speak to the actual state of security at the organization, just the value and number of flags collected.

Of the flags collected the most, the type of browser used took the top spot, followed by operating system, wireless access information, and VPN-based information. A full copy of the report is available here.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.