Tuesday, June 23, 2015

Social-engineering.


Attackers look to the emotional aspects of human decision making to execute their attacks. They use psychological manipulation tactics, as people tend to pay attention to personally relevant messages, especially if there is an urgent call to action.
Social Engineering is a non-technical method that attackers use to try to get people to divulge sensitive information or install malware onto their computer. Clearly, these types of attacks use tools that are technical, however, successful execution of these attacks rely heavily on human-to-human interaction and using the emotions of the human being as the exploitable vulnerability.

Social Engineering Attack Vectors

Since social engineering involves the hacking of human emotions, there are multitudes of ways an attacker can attempt to extract data from their targets.

Baiting

This type of attack plays on the curiosity of the human psyche. An attacker will leave a malware-laden device, such as a USB stick, in an obvious area where someone will find it. The victim will probably plug it into their computer to see what is on it, and then malware is injected into their system.

Phishing

The oldest and still one of the most successful tricks in the book, attackers will try to use a variety of influencing levers in spam emails.  Fear tactics tend to be one of the most effective levers, as it depends on users making quick, impetuous decisions based on their emotions.  Another successful influencing lever is when the request appears to be coming from an attacker posing as an authority figure, which is a version of pretexting. People will tend to unquestionably comply when a directive comes from a member of management or a higher-up in the organization.  Sense of urgency is also another lever that relies on emotional decision-making. If a target is presented with a scenario that is urgent- such as a warning that if they don’t take action within a certain time frame, their account will be suspended, the victim feels that they need to act urgently, which will lead to poor impulsive decision making such as clicking on a malicious link and unintentionally divulging their user credentials.

Email Hacking and Contact Spamming

People tend to comply with requests that come from someone they know, especially if it is coworkers, friends or family members. Therefore attackers will try to use various social engineering tactics to obtain the target’s email credentials. Once the attacker gains control of the account, they will then spam everyone in their address book, thusly perpetuating the attack with the objective of spreading malware or tricking victims out of sensitive information and more user credentials.

Pretexting

Pretexting is a social engineering tactic where an invented scenario is created to trick a target into divulging personal and sensitive information. It involves researching a target and using what is found out about the individual, then tailoring the attack based on that information. Being able to perfectly mimic the head of marketing is useless if your target is the head of marketing.

Quid Pro Quo

Something for something. The attacker promises free promotional items, a prize or even financial compensation for the exchange of sensitive information.

Spear Phishing

In the family of phishing, spear phishing its more complex cousin. Usually targeted at specific individuals in a specific company, it is more of a campaign than one-off phishing emails. The attacker will do research on the target and then send emails that are personally relevant to the victim, in the attempt to get the victim to complete the call to action, which is clicking on links, downloading malware or divulging sensitive information. Sometimes the attackers will use pretexting in order for the con to look more authentic.

Vishing

Probably the least technical of all of the attack vectors, vishing is when the attacker will call the target, posing as a trusted individual, such as a member of the IT department requesting user credentials in order to fix a technical issue. This tactic relies heavily on pretexting.

Social Engineering attacks can be executed with a single attack vector with the intent to collect specific information from a specific target, or it can be used in a more complex operation, generally used in corporate attacks. These two attack campaigns are called Hunting and Farming.

Hunting

The objective of hunting is to extract as much data as possible with minimal contact with the target. The most common attack vectors used in this scenario are phishing, baiting and email hacking.

Farming

A much more complex campaign, farming requires a little more legwork on the attackers part. Akin to a “long con,” the attacker performs some reconnaissance on the target, seeking to form a relationship with them. Another tactic that relies heavily on the pretexting lever, the objective is to string them along as long as possible in order to extract as much data as possible.

Social Engineering is everywhere on the Internet landscape- social media, email, compromised websites, and even spills over into real life interactions. It’s so highly effective due to the one element that is impossible to patch or install security software on: the human being. The best defense against social engineering is education. It’s a good idea to have some form of internet security compliance training within an organization in order to help your employees not only help safeguard the company’s data, but their own as well.
 source: http://www.symantec.com/connect/blogs/what-social-engineering

Friday, January 23, 2015

NYUMBA INAUZWA MBEZI-MAKABE MSUMI

Nyumba inauzwa ipo Mbezi Makabe Msumi "A" kutoka Mbezi Mwisho Stand mpaka Site ni kilomita 8   sehemu ni nzuri ina eneo kubwa (ukubwa ni 30 kwa 25

- Ina vyumba vinne kimoja master
- Jiko kubwa
- Public toilet
- Dinning Room
 - Iko katika eneo zuri sana,yaani tulivu na nyumba za hapa zimejengwa kwa nafasi kama ambavyo unaweza kuona kwenye picha .

  
Wasiliana nasi kwa number  0718169877.










Thursday, October 30, 2014

MAHAFALI SHULE YA SEKONDARI MCHANGANYIKO

   Mahafali  ya   shule  ya  sekondari  mchanganyanyiko, UCC   tulikuwepo    kutangaza  huduma  zetu.
 Pokea  na hii  binti, afisa   toka  UCC  kama  vile  anasema  maneno  hayo  kwa  mhitimu .
 Mgeni  rasmi    mwakilishi  wa  Meneja  wa  Tawi  la  Access  Bank   Kariakoo .
   Maskauti     wakionyesha   umahiri  wao.

   Skauti  hao.....





Saturday, August 16, 2014

WARSHA YA MAFUNZO YA TEHAMA (ICT) KWA WALIMU WA SEKONDARI DSM YAFANYIKA UCC- HQ

 Mkurugenzi   mtendaji  wa Ucc    Dr  Ulingeta  O.  Mbamba (aliyesimama)   akifunga  warsha  hiyo  iliyofanyika  kwa mafanikio makubwa  na  kuhudhuriwa na  washiriki   zaidi  ya  50   kutoka  katika  shule  za  sekondari  mkoani   Dar es  Salaam, pichani  pembeni  ni  mkuu  wa   mafunzo  Dr  Geofrey  Karokola.
   Sehemu   ya  washiki  wa  warsha  hiyo  wakiwa na   uongozi  na  baaadhi  ya  wafanyakazi  wa  UCC.
Sehemu   ya  washiki  wa  warsha  hiyo  wakiwa na   uongozi  na  baaadhi  ya  wafanyakazi  wa  UCC.