–submitted by Larry Larrabee; photo by Mike Engelberger
Our October 25, 2017, program presenter was Soren Stauss, one of the world’s leading experts on technical social engineering. He has written and lectured on the practice and the mitigation of social engineering-based cyber attacks. Mr. Stauss is the principal of Burtelson Security Labs, a company that tests private and corporate security measures as well as advising on how to correct the deficiencies he finds.
The presentation began with Mr. Stauss demonstrating the ease with which he could gain entry codes for buildings and offices from entry cards and ID badges that carry entry information using a $400 device disguised in a computer case and standing within inches of an employee. Once gaining access to an office, it is relatively easy to unlock computers and steal the information including user names and passcodes.
To show how easily information can be found on the web, he used a volunteer from the membership and was able to determine the Rotarian’s date of birth and Social Security number in 12 seconds by simply entering the name of the Rotarian in his laptop.
Mr. Stauss also explained how easily laptop cameras and microphones can be hijacked and used as listening and recording devices for the purposes of spying on unsuspecting users.
The presentation concluded with an invitation for questions, most of which related to how individuals and organizations could protect themselves from the likes of Soren Stauss, a good, white hat, hacker. In keeping with Halloween next Tuesday, his presentation was really very scary.
If you missed our meeting this week, you can watch the video here.
The questions were about how people could protect themselves from black hats — malicious hackers. Not white hats like Stauss. There was good natured kidding about him but the questions were about real everyday security concerns and it would be great if the summary offered his knowledgable advice.