Archive for the ‘Walt Disney’ Category

If you’re heading down to Orlando in April for InfoSec World, please consider checking out the demo session on auditing wireless networks that I’m doing with Lisa Phifer.

Using Free Tools to Assess and Audit Your Wi-Fi Network
Lisa A. Phifer, President, Core Competence, Inc.
Diana Kelley, Partner, SecurityCurve

Date: Monday, 19 April 2010
Time: 10:30am – 12pm

• Business justification for a Wi-Fi vulnerability assessment (VA)
• The Wi-Fi VA lifecycle: plan, scan, validate, remediate
• How to build your own Wi-Fi VA toolkit without spending a bundle
• Using free tools to pinpoint Wi-Fi network vulnerabilities (live demo)
• Applying lessons learned to improve your network’s security posture

So there’s an interesting article over at InformIT that tongue-in-cheek links social engineering to Walt Disney. It’s an interesting article, and I highly recommend reading it if you haven’t seen it already. The point of the article is about social engineering – what it is, why it’s a risk, and why it works.

The point the article makes is that community brings about a willingness to help between folks in that community, which can in turn put an organization at risk because of social engineering. In other words, Disney instill lessons into people that create a susceptibility later in life to social engineering. An interesting line of thought and one that I’ve always been fascinated about. The reason I’m so interested is that it seems like we just can’t fix the social engineering problem – and whenever there’s a problem we can’t fix, I always find the dynamics of why we can’t fix it very interesting.

In this case, I don’t entirely agree with the Disney argument. I think it goes back before that. Instead, I’m going with the Cialdini argument that states that humans exist only because of the “rule of reciprocity” – meaning, that we are hardwired to trust, accept, and help each other. It’s built into us to allow us to survive – for example, if you help me till the field today, I’ll share my harvest with you tomorrow. Reciprocity. It’s the currency that allows us humans to specialize, develop unique skills that have value to the community, and move beyond small nomadic groups.

So even without Disney and other childhood lessons of similar stripe, I think we’d still have an ingrained reaction to help each other – and in this case, that means social engineering opportunities.

Now, I’m not claiming to have any answers here. I just think it’s useful to point out that the traditional wisdom of ‘tell your employees to just say no’ is flawed. Anyway, an interesting line of thought for a friday…