Active Members akkiliON Posted April 11, 2013 Active Members Report Posted April 11, 2013 You can install the industry’s strongest and most expensive firewall. You can educate employees about basic security procedures and the importance of choosing strong passwords. You can even lock-down the server room, but how do you protect a company from the threat of social engineering attacks?For any of you that are involved in security awareness efforts, you know what I am talking about. It could happen tomorrow, it could happen today or it might already have happened.In a recent disclosure posted by renowned hacker and developer DarkCoderSc (Jean-Pierre LESUEUR) explained that how one can easily Socially Engineer Microsoft Skype Support team to get access to any skype account.From a social engineering perspective, employees are the weak link in the chain of security measures in place. He simply used the weakness of Skype password recovery system itself.One simply need to request a new password to Skype support and asking to change the password. After the initial step one needs to proof the real ownership of the account requested. You must give 5 contacts accounts to the support desk."That’s easy because you just have to add 5 fake temporary accounts to the target account and its done. Another option is to simply ask the target what people he know on Skype. That option wasn't that hard because I have over 1000 contacts." he suggests the trick.Within few seconds attacker can become owner of any victim account by proving very basic information to support team."Also Microsoft’s Support Team should make a serious effort to communicate better to their customers. At the moment they do not seem to care that much about their customers."Social engineering is the act of manipulating a person into gaining access or sensitive data by preying on basic human psychology. Still, There is no patch for human stupidity!Social Engineering Skype Support team to hack any account instantly - TheHackerNews Quote
Domnul.Do Posted April 11, 2013 Report Posted April 11, 2013 Blogul original,o alta perspectiva:How easy it is to Socially Engineer Microsoft Skype Support | PhrozenSoft Blog Quote
robertutzu Posted April 11, 2013 Report Posted April 11, 2013 nu prea inteleg poi ca sa adaugi 5 contacte si sa vezi pe cine are in lista trebuie deja sa ai acces la acel cont nu?sau nu am inteles bine... Quote
B3st Posted April 15, 2013 Report Posted April 15, 2013 nu prea inteleg poi ca sa adaugi 5 contacte si sa vezi pe cine are in lista trebuie deja sa ai acces la acel cont nu?sau nu am inteles bine...1. Faci 5 conturi, adaugi victima pe fiecare dintre ele.2. "Te duci" la skype support si le zici ca ti-ai uitat parola la cont si la mail ul atasat contului skype.3. Dansi o sa-ti ceara 5 conturi din lista ta pentru a le arata ca tu esti detinatorul contului (cica)4. Tot ei o sa-ti dea parola noua si o sa-ti seteze un nou mail.Greets to TrojanForge security experts and friends that help me to acknowledge how all of this was done.Sa moara fetilii Aceaiasi faza ca aci'. Quote