Friday, June 20, 2008

Evil, unrelated thought of the day

My job is an account administrator, meaning my group creates and manages user accounts, email accounts, VPN accounts, etc. We also call users when our help desk has triaged tickets to us. When we call someone, they're as wary as anyone would be to have a stranger call them at work, until we tell them we're calling about their issue with their password, or whatever the ticket was for. At that point they're all smiles, and they'll tell us pretty much anything we want to know.

This will come as no surprise to anyone familiar with security procedures, but were we so inclined it would be childishly simple for us to defraud these people with a little social engineering. They would tell us their passwords, their social security numbers, pretty much anything we needed to know if we were evil.

It's because people are natually inclined to not believe "the other" means them any harm, and because they're also inclined to believe the false authority of the voice on the phone. That's a sood sign for our future as a race, but a sort of bad sign for our credit cards in the meantime. At least until every VISA comes equipped with a tiny biometric device.

So it's a good thing -- for you -- that we're not evil.

1 comment:

Superwife said...

I'm very glad you're not evil ;-)