Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

7/27/2016
01:00 PM
Terry Sweeney
Terry Sweeney
Slideshows
Connect Directly
Facebook
Twitter
RSS
E-Mail

7 Ways To Charm Users Out of Their Passwords

While the incentives have changed over time, it still takes remarkably little to get users to give up their passwords.
3 of 8

3 of 8
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
dieselnerd
100%
0%
dieselnerd,
User Rank: Strategist
8/2/2016 | 2:01:43 PM
Printing
When are you guys going to fix the print option so that it prints entire articles?
sgordonson***
50%
50%
sgordonson***,
User Rank: Apprentice
8/1/2016 | 11:40:42 AM
Any more recent data on these surveys?
I noticed most of these surveys are 10 years old , do you have any more recent data , to see if attitudes have changed?  In general I agree most non technical users are lax about their security and PI , they have no idea how bad it really is ......
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
7/31/2016 | 9:40:09 PM
Re: Your data is my data
As nice as it would be if your optimism turned out true, unfortunately I've seen more of the latter to be true. I've seen first hand people who could care less about Information Security only take an interest after they've had an event that affected them. I wish more people would make use of the old addage, a smart person learns from their mistakes but a brilliant person learns from others.
JulietteRizkallah
100%
0%
JulietteRizkallah,
User Rank: Ninja
7/29/2016 | 2:31:45 PM
Re: Your data is my data
Well you can eitehr call me an optimistic, thinking people will come to their senses and consider that the data they compromised could be theris, or a pessimistic, thinking everyone of us at the pace we are goign with databreach will suffer an identity theft and then will chnage our behavior toward password and data.
Chessie1934
100%
0%
Chessie1934,
User Rank: Apprentice
7/29/2016 | 1:59:16 PM
Re: Your data is my data
Nobody has really been put on the hook for actions that result in a breach so no one cares about truly protecting data.  Once there is a real consquence to the insider who contributes to a data breach--CFO who won't pay for updated software, dumb-ass end user who clicks a supsicious link--in some significant manner, people will start caring about the data that is under their protection.  Until then, the attitude will be they'll just provide credit monitoring to those affected by a breach.  They'd rather pay (more) later than pay (a litlle) up-front to prevent a breach.
rstoney
100%
0%
rstoney,
User Rank: Strategist
7/29/2016 | 9:03:34 AM
Re: Your data is my data
Very true;

 

  But come on - the fresh-baked cookie offering to a group of typically male IT shops is just downright rude and unfair.   Especially around morning coffee time.

 

   My preference is the soft sugar cookies with the hershey kiss in the middle.  Gawd I am hungry now for cookies.  *&&$%## !!!!
phoenix522
100%
0%
phoenix522,
User Rank: Strategist
7/28/2016 | 4:31:03 PM
Re: Wow...
I overheard a person in a non-IT training class a while back as she was stating that the Target breach was blown way out of proportion and there's no need for change when it comes to credit card fraud. Her logic was, "How many people do YOU know who were impacted by that?"

Some people just don't get the need for security, they simply want to bury their head in the sand and let others worry about it. If you add those people who work for a company but they aren't happy there, they are even less worried about what happens to the company data.
T Sweeney
50%
50%
T Sweeney,
User Rank: Moderator
7/28/2016 | 1:01:05 PM
Re: Wow...
Most, if not all, of the examples cited in the slideshow were in-person interactions. Most social engineers -- the malicious ones -- don't have the nerve to pull this off and don't want to risk being ID'd later.

But, yes... there is an incredible amount of unthinking behavior out there on the part of end-users. This just skims the surface.
TerryB
100%
0%
TerryB,
User Rank: Ninja
7/28/2016 | 12:51:33 PM
Re: Wow...
What I couldn't tell from article was who these people thought they were giving their password to? Was the social engineering hook (true in these cases) that this was only a test/survey? 

Surely it wasn't a cold call who told person "My name is Demitri. Would you please provide me your password and I will send you a cookie."

But even replying to what you thought was test/survey shows a real level of either stupidity or lack of caring about corp data. How would they know if real study or not?

Whoopty has good point. Many probably changed passwords after getting gift. Most, like at our our place, are probably forced to change every 90 days, enforced by system tracking last 31 changes to make sure you don't use password again. Chances are they had password like "Cutekitty8". Three guesses what their next password was? 
JulietteRizkallah
100%
0%
JulietteRizkallah,
User Rank: Ninja
7/28/2016 | 11:48:15 AM
Your data is my data
Unfortunately until users consider corporate data - that includes corporate financials but also customers/consumers data like yours and my data- as their own, this behavior will continue.  Individuals who suffered an identity theft through the IRS breach or a healthcare fraud done under their name are less likely to sell passwords or give them away in exchange for cheap bribe.
Page 1 / 2   >   >>
Cloud Security Threats for 2021
Or Azarzar, CTO & Co-Founder of Lightspin,  12/3/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Assessing Cybersecurity Risk in Todays Enterprises
Assessing Cybersecurity Risk in Todays Enterprises
COVID-19 has created a new IT paradigm in the enterprise and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27772
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could po...
CVE-2020-27773
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to appli...
CVE-2020-28950
PUBLISHED: 2020-12-04
The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process.
CVE-2020-27774
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but co...
CVE-2020-27775
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but c...