Best security breach tactic is to just walk in and ask. An email
attack works great. Being nice helps and after 20 requests suddenly
you have anything you need to get closer to what you really want. You
don't have to ask for everything to get more. The act of getting
something by asking nice now gives you the credibility to ask for
more. People assume requests made to them are legitimate. In a helpful
work environment people generally do as requested and are happy to do
so.
Security policy attempts to avoid being nice or trusting someone
because they tell you they can be trusted. This seems obvious. The
weakest links in all security systems are the employees. Employees
that are courteous and friendly should never be trusted. There lies
the paradox.
On 21 Oct 2009 19:22:42 -0400, "Stan Keith"
<Stan<AT>@<AT>inno<DASH>pay.com> wrote:
>The main problem is that the hacker used their own code against them. I
>thought it was unique. I don't think any of us would have ever thought of a
>hacker using emails addresses in a database to install a trojan.
---------------------------------------
Paul Blais - Hayes, Virginia