High-Level Take-Aways from Keith Watson’s Talk

by

Major disconnect between theory and practice (great minds @ GT yet not the greatest IT security)

Social engineering since the dawn of time (THIS IS SPARTA)

Users do dumb things (passwords)

Security is politics

Advertisements

8 Responses to “High-Level Take-Aways from Keith Watson’s Talk”

  1. Andrew Mishoe Says:

    Is there such a security team looking after the network connections in the dorms and stuff….or is that considered private?

  2. diabolicalmdog Says:

    Andrew when I was working in network operations there was an especially fine line to walk WRT dorm connections. This is basically somebody’s home computer so you can’t put any expectations that traffic should only be work-related. OTOH anything that jeopardizes the stability of the network (which includes security problems) needs to be remediated.

  3. Hubert Liu Says:

    Are things such as piracy in the dorms monitored because of heavy traffic use, or because of fear of lawsuit?

  4. John Kuipers Says:

    I’m curious how often social engineering is used (or at least attempted).

    Are faculty and staff told things like “If someone claiming to be George P. Burdell calls you and needs your password, don’t give it out” very often? It seems like some attempts would be risky.

  5. Paul Beresuita Says:

    John…I am also very intrigue on the amount and the different ways people are performing social engineering. By the way, I was on web to see passwords people use on the web and I came across a list of the worst passwords of all time(the top 500). Here is the link if you guys want to check it out.
    http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time

  6. Thomas Lester Says:

    As Keith mentioned in class with KeePass, there is also a similar password manager called LastPass that i started using recently. As with KeePass, you can generate secure passwords and then encrypt those passwords on your system. However, with LastPass, the file with all your encrypted passwords is encrypted again and synced online so that you can access your passwords anywhere without the need of any physical device, such as a USB drive. Also, any passwords that were created using KeePass, RoboForm, browser password managers, etc. can be imported into LastPass.

    http://lastpass.com/

  7. Abhishek Chhikara Says:

    I am curious to know if there are any companies out there that help highly prone targets from Social Engineering risks i.e. keeping a track of what all information about a high profile person is public and what could be the risks, has this business evolved?

  8. Rohit Sinha Says:

    Something like LastPass is actually very clever, any secure system is only as secure as the people that are using it. And if the people who are using it do not understand the risks of using insecure passwords or giving out their passwords then the system can never be secure. One thing that websites have done to assist social engineering, is put a password strength meter on their websites. People by nature want to try to be good and secretive and when the meter shows that the password that they have picked is not very strong, then they will automatically want to rethink their decision and come up with something thats a bit stronger. Now when something like LastPass which will randomly generate a password that will not be able to be cracked using a brute-force attack with a dictionary.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: