Stupid People Alert: Free USB Drives!
Dark Reading – Host Security – Social Engineering, the USB Way
“We recently got hired by a credit union to assess thesecurity of its network. The client asked that we really push hard onthe social engineering button. In the past, they’d had problems withemployees sharing passwords and giving up information easily.Leveraging our effort in the report was a way to drive the message hometo the employees.
The client also indicated that USB drives were a concern, since theywere an easy way for employees to steal information, as well as bringin potential vulnerabilities such as viruses and Trojans. Several otherclients have raised the same concern, yet few have done much to protectthemselves from a rogue USB drive plugging into their network. I wantedto see if we could tempt someone into plugging one into theiremployer’s network.“
For all those out there that think “Eh, writing down the password is OK” or “Guess the guy who lost this is a loser, guess I’ll keep it”, here is a great piece on social engineering, USB drives, and idiot credit union employees.