Saturday, March 12, 2005
Non-technical threats, or How to Take Over a Casino
Casinos handle buckets of money. They have cameras everywhere. You'd expect their computer security to be good, wouldn't you?
Here's a story about a security consultant who did a "penetration test" on a Las Vegas casino. He did some of the con-man tricks of walking in and acting like he belonged there. According to his account he could have done immense damage if he'd been a criminal.
Of course we've only heard one side of this, and he's not somebody I know so I can't estimate how reliable the story is. But it is completely plausible.
Humans aren't computers. We make snap judgments. We assume someone wearing a suit is an executive and that someone with a belt full of phone equipment is there to fix the phones.
You're still at risk even if you're a small enough company that everyone knows everyone else. Will your staff do the right thing if someone calls and pretends to be a new paralegal at your lawyer's office?
|
Here's a story about a security consultant who did a "penetration test" on a Las Vegas casino. He did some of the con-man tricks of walking in and acting like he belonged there. According to his account he could have done immense damage if he'd been a criminal.
Of course we've only heard one side of this, and he's not somebody I know so I can't estimate how reliable the story is. But it is completely plausible.
Humans aren't computers. We make snap judgments. We assume someone wearing a suit is an executive and that someone with a belt full of phone equipment is there to fix the phones.
You're still at risk even if you're a small enough company that everyone knows everyone else. Will your staff do the right thing if someone calls and pretends to be a new paralegal at your lawyer's office?
# posted by Frederick @ 8:44 PM Email to a friend:
Haloscan: they provide trackback