Quote:
Originally Posted by HarryT
No, you have misinterpreted what I said. I was saying that, in cases where banks, e-commerce sites, etc, are "hacked", it's generally done by social engineering rather than technical means. ie the sites' security systems are not broken; logon credential are obtained by other means - phishing, fake phone calls, or whatever.
|
I'll add to that - it pretty much has the status of a truism in the security business that the weakness is the people. Weak passwords, unchanged passwords, passwords written down in acessible locations, readiness to rpovide login information to anyone who sounds authoritative - these are the overwhelming majority of causes of breaches to system security. If nayone wants evidence for this, start reading some of the work done by people like Bruce Schneier.
A fundamental weakness of many supposedly secure setups is that they are predicated o the idea that login is controlled and, if you can engineer your way into the system, the door's pretty much wide open.
The second commonest cause of breaches is the copying of data from a secure system to somewhere insecure. Classic examples are the unencrypted USB stick and people copying files to work on on their home, insecure computer.
There are hack into systems, and some of them have massive ramifications - but there aren't that many.