The fault of the computer system is that it can only follow instructions. The fault of the human is that it can only make judgement calls. When we think about this in relation to information security, it presents an interesting opportunity to destructively combine the two and use it for evil.
We often assume that out of all the elements within our organizations and systems, people are most likely to expose us to risk. People create technical systems and people man these systems. The problem? We almost always focus on human and technical threats as separate risks and don’t consider the harm that can be done when combined.
Together, we will explore how social engineering can be used in conjunction with technical attacks to create sophisticated and destructive attack chains, share some real world scenarios and talk about what we’re doing wrong to protect against these threats. We will show you how a seemingly innocent phone call can lead to complete internal network compromise, how a purposely bad phishing email can be utilized to your benefit, and how people are generally bad at trust and computers.
Security Analyst Christina Camilleri will be included in The Hacking Club at SFSU's Ethical Hacker Career Day - The Nihilist's Guide to Wrecking Humans