Please support our Tech Talk advertiser:
Featured Entry 
Apr 16th, 2008, 6:36 am
If you believe the results of a survey conducted by InfoSecurity Europe then women are four times as likely to give away their passwords for chocolate than men. This reveals two things: women prefer chocolate to IT and men rather predictably do not.
It also reveals that we, as a whole, are getting much more security savvy. The same survey carried out last year as part of a social engineering exercise, discovered that 64 percent of folk would give their passwords up for a chocolate bar whereas this year that figure had dropped to just 21 percent.
Carried out in the street outside a busy London railway station, by a bunch of pretty researchers who also asked people for their date of birth to validate that they had taken part, it proved that the security message isn't fully understood just yet. 61 percent happily gave their DoB when asked, without giving it a second thought or considering the identity theft potential of such an action when coupled to the password data also revealed. Most people used only one (31 percent), two (31 percent) or three (16 percent) passwords at work, but some had to use as many as 32. Unfortunately, 43 percent of those asked rarely or never changed their password, just to add to the security risk woes.
"Our researchers also asked for workers names and telephone numbers so that they could be entered into a draw to go to Paris, with this incentive 60% of men and 62% of women gave us their contact information", said Claire Sellick, Event Director, Infosecurity Europe who continued "that promise of a trip could cost you dear, as once a criminal has your date of birth, name and phone number they are well on the way to carrying out more sophisticated social engineering attacks on you, such as pretending to be from your bank or phone company and extracting more valuable information that can be used in ID theft or fraud. This research shows that it's pretty simple for a perpetrator to gain access to information that is restricted by having a chat around the coffee machine, getting a temporary job as a PA or pretending to be from the IT department. This type of social engineering technique is often used by hackers targeting a specific organisation with valuable data or assets such as a government department or a bank."
It also reveals that we, as a whole, are getting much more security savvy. The same survey carried out last year as part of a social engineering exercise, discovered that 64 percent of folk would give their passwords up for a chocolate bar whereas this year that figure had dropped to just 21 percent.
Carried out in the street outside a busy London railway station, by a bunch of pretty researchers who also asked people for their date of birth to validate that they had taken part, it proved that the security message isn't fully understood just yet. 61 percent happily gave their DoB when asked, without giving it a second thought or considering the identity theft potential of such an action when coupled to the password data also revealed. Most people used only one (31 percent), two (31 percent) or three (16 percent) passwords at work, but some had to use as many as 32. Unfortunately, 43 percent of those asked rarely or never changed their password, just to add to the security risk woes.
"Our researchers also asked for workers names and telephone numbers so that they could be entered into a draw to go to Paris, with this incentive 60% of men and 62% of women gave us their contact information", said Claire Sellick, Event Director, Infosecurity Europe who continued "that promise of a trip could cost you dear, as once a criminal has your date of birth, name and phone number they are well on the way to carrying out more sophisticated social engineering attacks on you, such as pretending to be from your bank or phone company and extracting more valuable information that can be used in ID theft or fraud. This research shows that it's pretty simple for a perpetrator to gain access to information that is restricted by having a chat around the coffee machine, getting a temporary job as a PA or pretending to be from the IT department. This type of social engineering technique is often used by hackers targeting a specific organisation with valuable data or assets such as a government department or a bank."
This blog entry was written by Bill Andad, staff writer aka newsguy. It has received 730 views, 2 comments, and 15 linkbacks. 1 voter has rated this entry 5 out of 5 stars. It was promoted to featured status Apr 16th, 2008.
•
•
•
•
advertising apple botnet browser business crime data development email environment europe facebook firefox forensic gaming google hacking hardware help ibm internet iphone ipod law legal linux malware microsoft mobile mozilla news phishing privacy research search security social networking software spam survey technology trojan uk video virus vista web windows yahoo youtube
All Recent Tags Comments (Newest First)
happygeek | He's The Daddy | Apr 17th, 2008
•
•
•
•
But you are not a woman <runs and ducks> 
jwenting | duckman | Apr 16th, 2008
•
•
•
•
such "studies" are rather pointless.
I'd give them something in exchange for the chocolate, but that something wouldn't be my credentials. It would be something completely useless.
I'd give them something in exchange for the chocolate, but that something wouldn't be my credentials. It would be something completely useless.
Post Comment
•
•
•
•
Only community members can start a blog or comment on blog entries. You must register or log in to contribute.
•
•
•
•
•
•
•
•
DaniWeb Tech Talk Marketplace
Related Blog Entries
- Intel To Focus on Devices, Again (9 Hours Ago)
- New Xbox 360 Dashboard next month (13 Hours Ago)
- 5-4-3-2-1 your website in infected (1 Day Ago)
- Apple ships 2.5 million Macs, sells 11 million iPods and 717,000 iPhones in just 3 months (2 Days Ago)
- Limbo 2 Trojan comes complete with guarantee of invisibility (3 Days Ago)
- More Dark Spots on Apple's MobileMe Migration (3 Days Ago)
- Power-Sipping PC Runs Linux (3 Days Ago)
- British business not getting the IM message (4 Days Ago)
- Fake UPS invoices deliver Pushdo botnet package (4 Days Ago)
- Crystal Ball Sunday #8: Virtual Appliances (4 Days Ago)
