Information security is about people
One morning I pulled on hat and sweater bearing the logo of a well-known telecom company, printed up a fake work order, and headed off to the offices of one of my clients.
With my pseudo-official outfit and scrap of paper, I managed to make my way past security and into the room housing the company's telecommunications hub. A few keystrokes later I had downloaded every username and password on the system and had complete access to every account, file, mailbox and computer on the network.
Luckily for the company, I was working for them as an ethical hacker and security consultant. Unluckily for them, anyone with enough desire, access to a printer, and a few dollars for wardrobe could have done the same.
By Robert Masse at Globetechnology.
[ Read more ]