Security, Usability, Psychology Flashcards
What are humans weak at?
- Repeating prescribed actions
- Compartmentalization of tasks
- Working without context
- Monitoring of seldom changing events
What are humans strong at?
- Inventing new tools and practices
- Mixing and matching
- Helping and learning with others
- Adapting to new situations
Name five authentication factors
- ownership factors
- knowledge factors
- inherence factors
- time-based authentication
- location-based authentication
Name the 6 key principles of social engineering by Cialdini
Reciprocity, Commitment and consistency, Social proof, Authority, Liking, Scarcity
Explain the principle of “Reciprocity”
People tend to return the favor. Example: Nigerian prince scam
Explain the principle of “Commitment and consistency”
If people commit to an ideal or goal they are likely to honor that commitment
Explain the principle of “Social proof”
People will do things that they see other people doing
Explain the principle of “Authority”
People will tend to obey authoritative figures, even if asked to perform objectionable tasks
Explain the principle of “Liking”
People are easily persuaded by people the like or know
Explain the principle of “Scarcity”
Perceived scarcity will generate demand
What are the categories of Krombholz’ taxonomy of social engineering?
type, operator, channel
What different social engineering types are there?
Physical, Social, Technical, Socio-Technical
What different social engineering channels are there?
Email, Instant messaging, Telephone / VoIP, social networks, cloud, website
What different social engineering operators are there?
human, software
Name 7 different social engineering attack vectors
Phishing, Dumpster diving, Shoulder surfing, Reverse social engineering, waterholing
