Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
7 Ways To Charm Users Out of Their Passwords
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
dieselnerd
dieselnerd,
User Rank: Strategist
8/2/2016 | 2:01:43 PM
Printing
When are you guys going to fix the print option so that it prints entire articles?
sgordonson***
sgordonson***,
User Rank: Apprentice
8/1/2016 | 11:40:42 AM
Any more recent data on these surveys?
I noticed most of these surveys are 10 years old , do you have any more recent data , to see if attitudes have changed?  In general I agree most non technical users are lax about their security and PI , they have no idea how bad it really is ......
RyanSepe
RyanSepe,
User Rank: Ninja
7/31/2016 | 9:40:09 PM
Re: Your data is my data
As nice as it would be if your optimism turned out true, unfortunately I've seen more of the latter to be true. I've seen first hand people who could care less about Information Security only take an interest after they've had an event that affected them. I wish more people would make use of the old addage, a smart person learns from their mistakes but a brilliant person learns from others.
JulietteRizkallah
JulietteRizkallah,
User Rank: Ninja
7/29/2016 | 2:31:45 PM
Re: Your data is my data
Well you can eitehr call me an optimistic, thinking people will come to their senses and consider that the data they compromised could be theris, or a pessimistic, thinking everyone of us at the pace we are goign with databreach will suffer an identity theft and then will chnage our behavior toward password and data.
Chessie1934
Chessie1934,
User Rank: Apprentice
7/29/2016 | 1:59:16 PM
Re: Your data is my data
Nobody has really been put on the hook for actions that result in a breach so no one cares about truly protecting data.  Once there is a real consquence to the insider who contributes to a data breach--CFO who won't pay for updated software, dumb-ass end user who clicks a supsicious link--in some significant manner, people will start caring about the data that is under their protection.  Until then, the attitude will be they'll just provide credit monitoring to those affected by a breach.  They'd rather pay (more) later than pay (a litlle) up-front to prevent a breach.
rstoney
rstoney,
User Rank: Strategist
7/29/2016 | 9:03:34 AM
Re: Your data is my data
Very true;

 

  But come on - the fresh-baked cookie offering to a group of typically male IT shops is just downright rude and unfair.   Especially around morning coffee time.

 

   My preference is the soft sugar cookies with the hershey kiss in the middle.  Gawd I am hungry now for cookies.  *&&$%## !!!!
phoenix522
phoenix522,
User Rank: Strategist
7/28/2016 | 4:31:03 PM
Re: Wow...
I overheard a person in a non-IT training class a while back as she was stating that the Target breach was blown way out of proportion and there's no need for change when it comes to credit card fraud. Her logic was, "How many people do YOU know who were impacted by that?"

Some people just don't get the need for security, they simply want to bury their head in the sand and let others worry about it. If you add those people who work for a company but they aren't happy there, they are even less worried about what happens to the company data.
T Sweeney
T Sweeney,
User Rank: Moderator
7/28/2016 | 1:01:05 PM
Re: Wow...
Most, if not all, of the examples cited in the slideshow were in-person interactions. Most social engineers -- the malicious ones -- don't have the nerve to pull this off and don't want to risk being ID'd later.

But, yes... there is an incredible amount of unthinking behavior out there on the part of end-users. This just skims the surface.
TerryB
TerryB,
User Rank: Ninja
7/28/2016 | 12:51:33 PM
Re: Wow...
What I couldn't tell from article was who these people thought they were giving their password to? Was the social engineering hook (true in these cases) that this was only a test/survey? 

Surely it wasn't a cold call who told person "My name is Demitri. Would you please provide me your password and I will send you a cookie."

But even replying to what you thought was test/survey shows a real level of either stupidity or lack of caring about corp data. How would they know if real study or not?

Whoopty has good point. Many probably changed passwords after getting gift. Most, like at our our place, are probably forced to change every 90 days, enforced by system tracking last 31 changes to make sure you don't use password again. Chances are they had password like "Cutekitty8". Three guesses what their next password was? 
JulietteRizkallah
JulietteRizkallah,
User Rank: Ninja
7/28/2016 | 11:48:15 AM
Your data is my data
Unfortunately until users consider corporate data - that includes corporate financials but also customers/consumers data like yours and my data- as their own, this behavior will continue.  Individuals who suffered an identity theft through the IRS breach or a healthcare fraud done under their name are less likely to sell passwords or give them away in exchange for cheap bribe.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Practical Network Security Approaches for a Multicloud, Hybrid IT World
The report covers areas enterprises should focus on for their multicloud/hybrid cloud security strategy: -increase visibility over the environment -learning cloud-specific skills -relying on established security frameworks -re-architecting the network
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-30333
PUBLISHED: 2022-05-09
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
CVE-2022-23066
PUBLISHED: 2022-05-09
In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Calculation which is caused by improper implementation of sdiv instruction. This can lead to the wrong execution path, resulting in huge loss in specific cases. For example, the result of a sdiv instruction may decide whether to tra...
CVE-2022-28463
PUBLISHED: 2022-05-08
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
CVE-2022-28470
PUBLISHED: 2022-05-08
marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.
CVE-2022-1620
PUBLISHED: 2022-05-08
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.