Discussion in 'Gaming' started by Gingerbread Demon, Jun 20, 2021.
OMG hilarious just ask tech support for a phone access. I can't believe how easy it was for them.
Sounds like Tech Support is partly to blame and seriously need to beef up their security on that end. It's almost like a phishing attack via the support end. Certain phrases should trigger a red flag. "Lost a Phone at a Party" sounds like something you see in a movie or some such and should require more research within the company before giving anything to anybody.
As always humans are the weak link in what could otherwise be a secure system - i believe it's called social hacking ( misleading humans into disregarding existing security protocols to get access to a system).
Social engineering. And, yeah, this was a critical breach of infosec and I'm sure anyone who touched this matter is looking for new employment right now.
I mean, it sounds unrealistic, but it does happen. For example, the design of the iPhone 4 was leaked in its entirety because an Apple engineer forgot it at a bar he'd been drinking at.
Oh yeah, I'd forgotten that one. I guess in a roundabout way, humans have a short memory span and are liable to get tricked. Still, internally that's something I would keep track of and check with employees to see if they've claimed to lose their phone. If not, the claim doesn't get processed.
Does seem kind of iffy that they let them in based on that excuse, there should have been another level on top of that such as something they had to send online that was secure on top of any verbal excuse, two factor code or something.
This is what happens when companies outsource their infosec and IT in general overseas in a short-minded fashion, thinking that saving a few pennies now is better than having to spend a shit-ton of cash later to do penetration testing and find the vulnerabilities in their infosec and opsec environments.
Typical behavior from a massive American corporation.
That's a good point. I hadn't even considered they had it outsourced, but that makes a good case for having internal security close to the beating heart.
Someone in IT would then simply have to talk to the person in question, "Hey, have you lost your phone recently? No? Ok."
Yes but it shouldn't be that simple. There should have been an extra layer on top of that or maybe two layers
Oh of course. I was oversimplifying it
Nice people who feel bad for the person they are talking to will do anything to help them.
The cynical side of me says nice people can be idiots
Separate names with a comma.