The company hired NTA to test if it was possible to get inside the premises without proper identification, Hills said. The penetration tester waited until the smokers finished their break, then slipped in through the unlocked door, which wasn't the main one but publicly accessible.
The tester -- who skirted past other employees by saying the IT department had sent him -- made his way to a meeting room, where he hooked up his laptop to the company's VOIP (voice over Internet Protocol) network, Hills said. The tester could have launched a denial-of-service attack or intercepted phone calls.
Tuesday, February 20, 2007
Smokers may be the weak IT security link
This article from Infoworld talks about how smokers are being targeted in social engineering attacks during security testing. This same premise is valid (even maybe more so) for drinkers at the local watering hole, etc...
0 comments:
Post a Comment