My backlog of books is getting out of control again, with two titles sitting on my desk, covers staring balefully at me while I ignore then, even with their “advance reader copy’ lure. Eventually, I’ll get to them.
Here’s a taste of what he’s writing about, his description of the fascinating and scary “social engineering” that we’re all susceptible to from the hacker community:
A so-called social hacker has one major goal: to get you to leak your computer system�s network user name and password. They target workers at companies, especially nonmanagement employees, who might not be too suspicious while trying to be nice to a telephone caller. A social hacker may identify himself or herself as another new-hire employee of the same company
working in the IT or some other department�someplace the real employee wouldn�t have a chance to know the staff.
Knowing that a lot of employees use children�s or pets� names for passwords, a social hacker will not only try to gain the trust of the hapless employee through casual conversation, but will ask questions about whether the employee has any kids or pets. Then, sharing bogus information about non-existent children and pets, the hacker asks what the employees� children�s names are. Within a few minutes, the hacker has enough information to log in to the company�s system and run amok.
If you follow the to-do list instructions [earlier in the book] about selecting and managing your passwords, and your dog�s name isn�t fR7o2D1o, the likelihood of an inadvertent slip drops to near zero.”
I spend far more time each week dealing with spam than I’d like, and I have to say that if everyone just read through Danny’s SpamWars book and followed his common sense guidelines for securing your computer and minimizing your spam, we’d all be much better off.
If you’re an IT person, CIO, or someone else responsible for keeping the corporate mailboxes spam-free, then Spam Wars is a must-read.