965 resultados para Social engineering
Resumo:
El trabajo plantea un aporte al framework de ingeniería social (The Social Engineering Framework) para la evaluación del riesgo y mitigación de distintos vectores de ataque, por medio del análisis de árboles de ataque -- Adicionalmente se muestra una recopilación de estadísticas de ataques realizados a compañías de diferentes industrias relacionadas con la seguridad informática, enfocado en los ataques de ingeniería social y las consecuencias a las que se enfrentan las organizaciones -- Se acompañan las estadísticas con la descripción de ejemplos reales y sus consecuencias
Resumo:
Esta dissertação é um estudo teórico que pretende apontar para a relevância da psicologia social frente a humanidade, para tanto os temas da destrutividade e do poder foram escolhidos. Assim, após um diagnóstico da situação global, tendo como centro os armamentos, a anomia e a alienação social, discorre-se em favor de uma engenharia social. Para atingir tal meta são necessários alguns procedimentos: primeiro, a análise do papel da ciência, donde são colimados três aspectos: existencial, social e epistemológico; segundo, uma fundamentação axiológica, uma revisão do status científico da psicologia, e um estudo sobre polarização de atitudes em psicólogos, assunto considerado de vital importância para o amadurecimento e grau de confiabilidade desta disciplina; terceiro, indica-se algumas estratégias (contribuições) oriundas da psicologia social, capaz de auxiliar na formação desse planejamento social. Finalmente, são três as conclusões principais: a engenharia social é de máxima importância, devendo atuar de forma incisiva na educação intercultural; a psicologia da ciência tem um papel relevante diante do plurarismo teórico e, assim como é insustentável a vida no planeta caso persista o clima de destrutividade, também é insustentável um empreendimento social, da envergadura do que aqui se propõe, sem a assistência multidisciplinar.
Resumo:
This study examines information security as a process (information securing) in terms of what it does, especially beyond its obvious role of protector. It investigates concepts related to ‘ontology of becoming’, and examines what it is that information securing produces. The research is theory driven and draws upon three fields: sociology (especially actor-network theory), philosophy (especially Gilles Deleuze and Félix Guattari’s concept of ‘machine’, ‘territory’ and ‘becoming’, and Michel Serres’s concept of ‘parasite’), and information systems science (the subject of information security). Social engineering (used here in the sense of breaking into systems through non-technical means) and software cracker groups (groups which remove copy protection systems from software) are analysed as examples of breaches of information security. Firstly, the study finds that information securing is always interruptive: every entity (regardless of whether or not it is malicious) that becomes connected to information security is interrupted. Furthermore, every entity changes, becomes different, as it makes a connection with information security (ontology of becoming). Moreover, information security organizes entities into different territories. However, the territories – the insides and outsides of information systems – are ontologically similar; the only difference is in the order of the territories, not in the ontological status of entities that inhabit the territories. In other words, malicious software is ontologically similar to benign software; they both are users in terms of a system. The difference is based on the order of the system and users: who uses the system and what the system is used for. Secondly, the research shows that information security is always external (in the terms of this study it is a ‘parasite’) to the information system that it protects. Information securing creates and maintains order while simultaneously disrupting the existing order of the system that it protects. For example, in terms of software itself, the implementation of a copy protection system is an entirely external addition. In fact, this parasitic addition makes software different. Thus, information security disrupts that which it is supposed to defend from disruption. Finally, it is asserted that, in its interruption, information security is a connector that creates passages; it connects users to systems while also creating its own threats. For example, copy protection systems invite crackers and information security policies entice social engineers to use and exploit information security techniques in a novel manner.
Resumo:
Internetin yhteisöpalveluiden käyttäjien avoimuus ja sosiaalisuus altistavat heidät monenlaisille riskeille. “Social engineering” eli käyttäjien manipulointi on uhka, joka liittyy informaation hankkimiseen perinteisen kanssakäymisen kautta, mutta yhä enenevissä määrin myös internetissä. Kun kanssakäyminen tapahtuu internetin välityksellä, käyttäjien manipuloijat hyödyntävät yhteisöpalveluita yhteydenpitoon uhrien kanssa sekä paljon käyttäjäinformaatiota sisältävänä alustana. Tämän tutkielman tarkoitus on löytää internetin yhteisöpalveluiden ja käyttäjien manipuloinnin välinen yhteys. Tämä päämäärä saavutettiin etsimällä vastauksia kysymyksiin kuten: Mitkä ovat tyypilliset hyökkäystyypit? Miksi informaatiolla on niin suuri rooli? Mitä seurauksia ilmiöllä on ja miten hyökkäyksiltä on mahdollista suojautua? Vastaukset kysymyksiin löydettiin toteuttamalla systemaattinen kirjallisuuskatsaus. Katsaus muodostui yhdistämällä tärkeimmät löydökset 60 tarkoin valitusta ilmiötä käsittelevästä artikkelista. Käyttäjien manipuloinnin huomattiin olevan hyvin laaja ja monimutkainen ilmiö internetin yhteisöpalveluissa. Huomattiin, että manipulointia ilmenee sivustoilla useissa erilaisissa muodoissa, joita ovat muun muassa tietojen kalastelu, profiilien yhdistäminen, sosiaaliset sovellukset, roskaposti, haitalliset linkit, identiteettivarkaudet, tietovuodot ja erilaiset huijaukset, jotka hyödyntävät sekä ihmisluonnon että sivustojen perusominaisuuksia. Haavoittuvuus ja luottamus havaittiin myös tärkeiksi aspekteiksi, sillä ne yhdistävät informaation merkityksen ja ihmisluonnon, jotka molemmat ovat avaintekijöitä sekä manipuloinnissa että yhteisöpalvelusivustoilla. Vaikka ilmiön seurausten huomattiin olevan negatiivisia niin käyttäjien olemukselle internetissä kuin todellisessakin elämässä, havaittiin myös, että ilmiön ymmärtäminen ja tunnistaminen helpottaa siltä suojautumista
Resumo:
Il Cryptolocker è un malware diffuso su scala globale appartenente alla categoria ransomware. La mia analisi consiste nel ripercorrere le origini dei software maligni alla ricerca di rappresentanti del genere con caratteristiche simili al virus che senza tregua persevera a partire dal 2013: il Cryptolocker. Per imparare di più sul comportamento di questa minaccia vengono esposte delle analisi del malware, quella statica e quella dinamica, eseguite sul Cryptolocker (2013), CryptoWall (2014) e TeslaCrypt (2015). In breve viene descritta la parte operativa per la concezione e la configurazione di un laboratorio virtuale per la successiva raccolta di tracce lasciate dal malware sul sistema e in rete. In seguito all’analisi pratica e alla concentrazione sui punti deboli di queste minacce, oltre che sugli aspetti tecnici alla base del funzionamento dei crypto, vengono presi in considerazione gli aspetti sociali e psicologici che caratterizzano un complesso background da cui il virus prolifica. Vengono confrontate fonti autorevoli e testimonianze per chiarire i dubbi rimasti dopo i test. Saranno questi ultimi a confermare la veridicità dei dati emersi dai miei esperimenti, ma anche a formare un quadro più completo sottolineando quanto la morfologia del malware sia in simbiosi con la tipologia di utente che va a colpire. Capito il funzionamento generale del crypto sono proprio le sue funzionalità e le sue particolarità a permettermi di stilare, anche con l’aiuto di fonti esterne al mio operato, una lista esauriente di mezzi e comportamenti difensivi per contrastarlo ed attenuare il rischio d’infezione. Vengono citati anche le possibili procedure di recupero per i dati compromessi, per i casi “fortunati”, in quanto il recupero non è sempre materialmente possibile. La mia relazione si conclude con una considerazione da parte mia inaspettata: il potenziale dei crypto, in tutte le loro forme, risiede per la maggior parte nel social engineering, senza il quale (se non per certe categorie del ransomware) l’infezione avrebbe percentuali di fallimento decisamente più elevate.
Resumo:
Als eines der erstaunlichsten Merkmale des algerisch-französischen Unabhängigkeitskriegs 1954-1962 darf die Kombination von militärischer Aufstandsbekämpfung und zivilen Reformprojekten gelten. Diese Verschränkung lässt sich an keinem Aspekt dieses Krieges so deutlich beobachten wie an der französischen Umsiedlungspolitik. Bis zu drei Millionen Menschen wurden während des Krieges von der französischen Armee gewaltsam aus ihren Dörfern vertreiben und in eigens angelegte Sammellager, die «camps de regroupement», umgesiedelt. Was als rein militärische Maßnahme begann, entwickelte sich schnell zu einem gewaltigen ländlichen Entwicklungsprogramm. Durch das Versprechen einer umfassenden Modernisierung aller Lebensbereiche im Schnellverfahren sollten die Insassen der Lager zu loyalen Anhängern des Projekts eines französischen Algeriens gemacht werden. Die «camps de regroupement» lassen sich als Modernisierungslaboratorien beschreiben, in denen sich scheinbar widersprüchliche Elemente wie Entwicklungshilfe mit äußerst rigider Bevölkerungskontrolle und totalitär anmutenden Maßnahmen des social engineering zu einem einzigartigen Ensemble verbanden. [ABSTRACT FROM AUTHOR]
Resumo:
The UK's liberal-cum-democratic welfare regime has led to a more developed state-sponsored youth work than in the majority of continental Europe, where a corporatist welfare regime has held sway (Esping Andersen 1990). To this extent British Youth Work has been more susceptible to governmental intervention. Nevertheless the ascendancy of neo-liberalism across the last three decades has disturbed significantly all models of the Welfare State, expressed in the impact of 'New Managerialism'. Thus we are seeing a convergence towards an imposed, instrumental, output-driven approach to the delivery of both education and welfare. In both the UK and continental Europe youth workers and social workers are confronted with intrusive interventions and demands from governments, which are utterly at odds with their shared desire to start from 'where young people are at'. In this paper we sketch the emergence of a campaign within Youth Work, which seeks to oppose and resist its transformation into an agency of social engineering. In contrast we stand for an emancipatory Youth Work committed to social change. In telling our story thus far we hope to reach out to and make alliances with workers across Europe sympathetic to our cause.
Resumo:
Texto en que se propone en forma sintética un esquema de trabajo para la investigación de las prácticas deportivas, desde la perspectiva de la Comunicología, como ciencia, y de la Comunicometodología, como Ingeniería social. El texto está construido en dos partes. En la primera se presentan algunos elementos de trabajo sobre el deporte desde la perspectiva de la Comunicología. En la segunda se presentan algunos elementos de trabajo sobre el deporte desde la perspectiva de la Comunicometodología.
Resumo:
Texto en que se propone en forma sintética un esquema de trabajo para la investigación de las prácticas deportivas, desde la perspectiva de la Comunicología, como ciencia, y de la Comunicometodología, como Ingeniería social. El texto está construido en dos partes. En la primera se presentan algunos elementos de trabajo sobre el deporte desde la perspectiva de la Comunicología. En la segunda se presentan algunos elementos de trabajo sobre el deporte desde la perspectiva de la Comunicometodología.
Resumo:
Texto en que se propone en forma sintética un esquema de trabajo para la investigación de las prácticas deportivas, desde la perspectiva de la Comunicología, como ciencia, y de la Comunicometodología, como Ingeniería social. El texto está construido en dos partes. En la primera se presentan algunos elementos de trabajo sobre el deporte desde la perspectiva de la Comunicología. En la segunda se presentan algunos elementos de trabajo sobre el deporte desde la perspectiva de la Comunicometodología.
Resumo:
In 1933 public letter to Wilhelm Furtwängler, Joseph Goebbels synthesized the official understanding of the link between politics, art and society in the early steps of the Third Reich. By assuming the ethos of art, politics acquired a plastic agency to mold its objects —population and the state— as a unified entity in the form of a ‘national-popular community’ (Volksgemeinschaft); in turn, by infusing art with a political valence, it became part of a wider governmental apparatus that reshaped aesthetic discourses and practices. Similar remarks could be made about the ordering of cities and territories in this period. Dictatorial imaginations mobilized urbanism —including urban theory, urban design and planning— as a fundamental tool for social organization. Under their aegis the production of space became a moment in a wider production of society. Many authors suggest that this political-spatial nexus is intrinsic to modernity itself, beyond dictatorial regimes. In this light, I propose to use dictatorial urbanisms as an analytical opportunity to delve into some concealed features of modern urban design and planning. This chapter explores some of these aspects from a theoretical standpoint, focusing on the development of dictatorial planning mentalities and spatial rationalities and drawing links to other historical episodes in order to inscribe the former in a broader genealogy of urbanism. Needless to say, I don’t suggest that we use dictatorships as mere templates to understand modern productions of space. Instead, these cases provide a crude version of some fundamental drives in the operationalization of urbanism as an instrument of social regulation, showing how far the modern imagination of sociospatial orderings can go. Dictatorial urbanisms constituted a set of experiences where many dreams and aspirations of modern planning went to die. But not, as the conventional account would have it, because the former were the antithesis of the latter, but rather because they worked as the excess of a particular orientation of modern spatial governmentalities — namely, their focus on calculation, social engineering and disciplinary spatialities, and their attempt to subsume a wide range of everyday practices under institutional structuration by means of spatial mediations. In my opinion the interest of dictatorial urbanisms lies in their role as key regulatory episodes in a longer history of our urban present. They stand as a threshold between the advent of planning in the late 19th and early 20th century, and its final consolidation as a crucial state instrument after World War II. We need, therefore, to pay attention to these experiences vis-à-vis the alleged ‘normal’ development of the field in contemporary democratic countries in order to develop a full comprehension thereof.
Resumo:
In today's internet world, web browsers are an integral part of our day-to-day activities. Therefore, web browser security is a serious concern for all of us. Browsers can be breached in different ways. Because of the over privileged access, extensions are responsible for many security issues. Browser vendors try to keep safe extensions in their official extension galleries. However, their security control measures are not always effective and adequate. The distribution of unsafe extensions through different social engineering techniques is also a very common practice. Therefore, before installation, users should thoroughly analyze the security of browser extensions. Extensions are not only available for desktop browsers, but many mobile browsers, for example, Firefox for Android and UC browser for Android, are also furnished with extension features. Mobile devices have various resource constraints in terms of computational capabilities, power, network bandwidth, etc. Hence, conventional extension security analysis techniques cannot be efficiently used by end users to examine mobile browser extension security issues. To overcome the inadequacies of the existing approaches, we propose CLOUBEX, a CLOUd-based security analysis framework for both desktop and mobile Browser EXtensions. This framework uses a client-server architecture model. In this framework, compute-intensive security analysis tasks are generally executed in a high-speed computing server hosted in a cloud environment. CLOUBEX is also enriched with a number of essential features, such as client-side analysis, requirements-driven analysis, high performance, and dynamic decision making. At present, the Firefox extension ecosystem is most susceptible to different security attacks. Hence, the framework is implemented for the security analysis of the Firefox desktop and Firefox for Android mobile browser extensions. A static taint analysis is used to identify malicious information flows in the Firefox extensions. In CLOUBEX, there are three analysis modes. A dynamic decision making algorithm assists us to select the best option based on some important parameters, such as the processing speed of a client device and network connection speed. Using the best analysis mode, performance and power consumption are improved significantly. In the future, this framework can be leveraged for the security analysis of other desktop and mobile browser extensions, too.
