Are you looking for my non-technical blog?

This is now my technical-only blog, my non-technical blog is here.

12 September 2005

Blog Social Engineering

What is Social Engineering any way?
In the field of computer security, social engineering is the practice of obtaining confidential information by manipulation of legitimate users. A social engineer will commonly use the telephone or Internet to trick people into revealing sensitive information or getting them to do something that is against typical policies. By this method, social engineers exploit the natural tendency of a person to trust his or her word, rather than exploiting computer security holes. It is generally agreed upon that “users are the weak link” in security and this principle is what makes social engineering possible. Wikipedia
So, It's not recommended to put many personal information on your blog as malicious users may extract these information in order to attack you. People sometimes forget that others are reading their blogs and begin to write stuff that the others are not supposed to know about them. Imagine the that you are writing in your blog how you have successfully configured you XYZ ADSL modem and showing people the configuration you are using in order to HELP them configure their simillar CPE's. It is really very nice idea, but did you check this configuration first to see if it doesn't contain IP addresses or clear-text password.