Sep
29
How an Engineer folds a T-Shirt
Filed Under Entertainment | Comments Off
OGTalon asked:
I know what I’m doing this weekend UPDATE: To the sudden explosion of people who commented on this, allow me to clarify a few things. I’m not an engineer, I am a nerd and do like making odd stuff like this occasionally. I made one of these devices using this vid and posted it up here so a mate of mine in Canada could see it. To the people leaving rather idiotic comments about me needing a life, to each his own, but someone did this in plastic and is probably making millions. I didn’t make …
ROBERT
Sep
29
How would i become a Computer programmer or engineer. What is the difference between the two?
Filed Under Programming & Design | Comments Off
Clifford M asked:
Okay well im a junior in high school and I love computers and thought I would take up something that is involved with them career wise for when I graduate.What classes should I take in college.
Also what is the difference between a computer programmer and a engineer, and would it be hard to become a either of them if I am not all that good with math.?
WOULD APPRECIATE ALL FEED BACK.
OLLIE
___________________________________________________________________
Okay well im a junior in high school and I love computers and thought I would take up something that is involved with them career wise for when I graduate.What classes should I take in college.
Also what is the difference between a computer programmer and a engineer, and would it be hard to become a either of them if I am not all that good with math.?
WOULD APPRECIATE ALL FEED BACK.
OLLIE
Sep
29
Top 5 Causes of Car Engine Problems
Filed Under Cars | Comments Off
Carazoo.com asked:
ndian automobile industry is dominated with a wide variety of car models. These car models falls in various different categories based upon the size, body structure, price and even the type of car engines.
Old and new cars running on Indian roads have different engine specifications. Apart from differentiating between petrol, diesel and electric engines, Indian cars are also outfitted with engines that have their own authenticity and uniqueness. Some of the most common and popular unique engine types are Hyundai’s kappa engine and Maruti Suzuki’s K series engine.
Though the engines differ in their specifications, they face the common problems and troubles. Car engine problems need special observation and care to maintain the engine performance and effectiveness. There are ways that are helpful to sort out engine problems but only when the causes of car engine problems are known.
Here are top 5 causes of car engine problems:
Improper cooling system is the major cause of engine problems. This prevents the process of engine cooling and overheats the car engine. Heated engine hampers the performance of the car. Improper cooling system also includes worn out fan belts and poor performance of cooling fan. Any sort of leakage in the cooling system also overheats the car engine. Check the cooling system of the car thoroughly for leakage, worn out articles and proper working because it plays a vital role in maintaining the actual engine performance.
Damaged and worn out engine components like distributor cap, rotor, spark plugs and ignition wires also contribute to improper functioning of the car engine. Worn out components result in engine surging, engine heating and creates faulty engine sounds. Damaged seals and valves results in excess of oil consumption and damaged exhaust pipe causes a hissing sound. In order to prevent faulty engine sounds, ensure that the engine components are in good condition and if not replace them.
Changes in the engine oil level, oil type and oil grade directly influences the working of the car engine. If a different grade and type of oil is used in the car engine, it will immediately respond to the change signaling a fault in the engine. The oil type and grade should be as per the recommendations. Mixture of moisture or dirt with the engine oil also hampers the performance. Always check the user manual prior to changing the engine oil. Put the correct amount of oil of the right type and grade.
Dirty and worn out oil filters also causes a great pose to engine performance. If the filters are not well cleaned, it will distract the flow of engine oil and affect the performance and effectiveness. A simple way to get out of this engine problem is to take good care of the filters and keep them clean.
Some fault in the ignition system including the rotor ignition, ignition wires, and spark plugs directly affects the working of the car engine. This enables the car engine to respond slowly to the ignition process. The best way to deal with this problem is to maintain the ignition system and replace the damaged spark plugs and ignition wires. Also ensure that the ignition time is set correctly.
CHARLEY
ndian automobile industry is dominated with a wide variety of car models. These car models falls in various different categories based upon the size, body structure, price and even the type of car engines.
Old and new cars running on Indian roads have different engine specifications. Apart from differentiating between petrol, diesel and electric engines, Indian cars are also outfitted with engines that have their own authenticity and uniqueness. Some of the most common and popular unique engine types are Hyundai’s kappa engine and Maruti Suzuki’s K series engine.
Though the engines differ in their specifications, they face the common problems and troubles. Car engine problems need special observation and care to maintain the engine performance and effectiveness. There are ways that are helpful to sort out engine problems but only when the causes of car engine problems are known.
Here are top 5 causes of car engine problems:
___________________________________________________________________
Improper cooling system is the major cause of engine problems. This prevents the process of engine cooling and overheats the car engine. Heated engine hampers the performance of the car. Improper cooling system also includes worn out fan belts and poor performance of cooling fan. Any sort of leakage in the cooling system also overheats the car engine. Check the cooling system of the car thoroughly for leakage, worn out articles and proper working because it plays a vital role in maintaining the actual engine performance.
Damaged and worn out engine components like distributor cap, rotor, spark plugs and ignition wires also contribute to improper functioning of the car engine. Worn out components result in engine surging, engine heating and creates faulty engine sounds. Damaged seals and valves results in excess of oil consumption and damaged exhaust pipe causes a hissing sound. In order to prevent faulty engine sounds, ensure that the engine components are in good condition and if not replace them.
Changes in the engine oil level, oil type and oil grade directly influences the working of the car engine. If a different grade and type of oil is used in the car engine, it will immediately respond to the change signaling a fault in the engine. The oil type and grade should be as per the recommendations. Mixture of moisture or dirt with the engine oil also hampers the performance. Always check the user manual prior to changing the engine oil. Put the correct amount of oil of the right type and grade.
Dirty and worn out oil filters also causes a great pose to engine performance. If the filters are not well cleaned, it will distract the flow of engine oil and affect the performance and effectiveness. A simple way to get out of this engine problem is to take good care of the filters and keep them clean.
Some fault in the ignition system including the rotor ignition, ignition wires, and spark plugs directly affects the working of the car engine. This enables the car engine to respond slowly to the ignition process. The best way to deal with this problem is to maintain the ignition system and replace the damaged spark plugs and ignition wires. Also ensure that the ignition time is set correctly.
CHARLEY
Sep
29
Being an Electronics engineer, how can I fulfill the reqirements of a software industry?
Filed Under Engineering | Comments Off
Niladri shekhar B asked:
I am an electronics engineer. I want to join software industry. But in most interview, I face the question “Being an electronics engineer how can you fulfill our requirements? Plz give me a strong and proper answer for this question.
RANDY
I am an electronics engineer. I want to join software industry. But in most interview, I face the question “Being an electronics engineer how can you fulfill our requirements? Plz give me a strong and proper answer for this question.
RANDY
Sep
28
Army MOS 21B Combat Engineer
Filed Under Newsletters | Comments Off
tentenmovieguy asked:
Army MOS 21B Combat Engineer
KRIS
Sep
26
An Engineer’s Guide to Cats
Filed Under Comedy | Comments Off
klusmanp asked:
Two professional engineers illustrate the proper care and practical benefits of cats. None of the cats, humans, or engineers were mistreated in the making of this film. They were however, slightly annoyed. T-shirts and other goodies available at: www.cafepress.com “Art Critic” music is Mozart “Requiem, Rex Tremendae” and song on ending credits is called “Sparky’s New Bike” both from Shockwave-sound.com royalty free music website.
MICKEY
Sep
26
How to Get Website Traffic? Search Engine Optimization (SEO) is Necessary or Optional?
Filed Under Seo | Comments Off
Remesh asked:
The Basics: How Search Engines Work?
First, let’s look at how crawler-based search engines work (both Google and Yahoo fall in this category). Each search engine has its own automated program called a “web spider” or “web crawler” that crawls the web. The main purpose of the spider is to crawl web pages, read and collect the content, and follow the links (both internal and external). The spider then deposits the information collected into the search engine’s database called the index. When searchers enter a query in the search box of a search engine, the search engine’s job is to find the most relevant results to the query by matching the search query to the information in its index.
What makes or breaks a search engine is how well it answers your question when you perform a search. That’s based on what’s called the search engine algorithm which is basically a bunch of factors that the search engine uses to say “hey is this page RELEVANT or NOT?”. The higher your page ranks for these factors (yes some factors are more important than others) than the higher your page will get displayed in the search engine result pages.
What is SEO :-
Search engine optimization (SEO) is the process of improving the volume and quality of traffic to a web site from search engines via “natural” (”organic” or “algorithmic”) search results. Typically, the earlier a site appears in the search results list, the more visitors it will receive from the search engine. SEO may target different kinds of search, including image search, local search, and industry-specific vertical search engines.
As an Internet marketing strategy, SEO considers how search engines work and what people search for. Optimizing a website primarily involves editing its content and HTML coding to both increase its relevance to specific keywords and to remove barriers to the indexing activities of search engines.
The acronym “SEO” can also refer to “search engine optimizers,” a term adopted by an industry of consultants who carry out optimization projects on behalf of clients, and by employees who perform SEO services in-house. Search engine optimizers may offer SEO service as a stand-alone service or as a part of a broader marketing campaign. Because effective SEO may require changes to the HTML source code of a site, SEO tactics may be incorporated into web site development and design. So it needs Search engine professionals.
Why SEO is necessary :-
Building a website without search engine optimization is just like that a car without engine.
It may look beautiful, have all the bells and whistles, and make you proud to know it is yours. But without the engine, without the guts, it will never get you where you want to go. Website optimization is essential to gaining traffic. Without traffic your website is just like that car without a motor. Pretty, maybe. But, chances are you wanted it to function as well.
Search engines are used daily by four out of five internet users. Of adults aged 30-49, 82% are internet users. Of those aged 50-64 70% are internet users. Internet use rises proportionately with education and household income. Your website must be found within the search engine results pages, to be an effective advertising medium for your company. Being found in the search results is absolutely necessary to drive traffic to your website.
80% of all internet users say they stop looking for a site after 30 results. That is typically 3 pages of search engine results pages with 10 results on each page. Eye tracking studies have shown, your best bet is to be ‘above the fold’ or on the top portion of the page, on the left.
It stands to reason that the higher your site is positioned within a search engine or directory, the more you will increase your website traffic. Optimizing your website for higher search engine ranking and strategically planning keyword inclusion is a measurable/traceable method of attracting self-qualified customers. Its importance is critical.
http://www.snvinfotech.com/seo.php
EFREN
The Basics: How Search Engines Work?
First, let’s look at how crawler-based search engines work (both Google and Yahoo fall in this category). Each search engine has its own automated program called a “web spider” or “web crawler” that crawls the web. The main purpose of the spider is to crawl web pages, read and collect the content, and follow the links (both internal and external). The spider then deposits the information collected into the search engine’s database called the index. When searchers enter a query in the search box of a search engine, the search engine’s job is to find the most relevant results to the query by matching the search query to the information in its index.
What makes or breaks a search engine is how well it answers your question when you perform a search. That’s based on what’s called the search engine algorithm which is basically a bunch of factors that the search engine uses to say “hey is this page RELEVANT or NOT?”. The higher your page ranks for these factors (yes some factors are more important than others) than the higher your page will get displayed in the search engine result pages.
What is SEO :-
Search engine optimization (SEO) is the process of improving the volume and quality of traffic to a web site from search engines via “natural” (”organic” or “algorithmic”) search results. Typically, the earlier a site appears in the search results list, the more visitors it will receive from the search engine. SEO may target different kinds of search, including image search, local search, and industry-specific vertical search engines.
As an Internet marketing strategy, SEO considers how search engines work and what people search for. Optimizing a website primarily involves editing its content and HTML coding to both increase its relevance to specific keywords and to remove barriers to the indexing activities of search engines.
The acronym “SEO” can also refer to “search engine optimizers,” a term adopted by an industry of consultants who carry out optimization projects on behalf of clients, and by employees who perform SEO services in-house. Search engine optimizers may offer SEO service as a stand-alone service or as a part of a broader marketing campaign. Because effective SEO may require changes to the HTML source code of a site, SEO tactics may be incorporated into web site development and design. So it needs Search engine professionals.
Why SEO is necessary :-
Building a website without search engine optimization is just like that a car without engine.
It may look beautiful, have all the bells and whistles, and make you proud to know it is yours. But without the engine, without the guts, it will never get you where you want to go. Website optimization is essential to gaining traffic. Without traffic your website is just like that car without a motor. Pretty, maybe. But, chances are you wanted it to function as well.
Search engines are used daily by four out of five internet users. Of adults aged 30-49, 82% are internet users. Of those aged 50-64 70% are internet users. Internet use rises proportionately with education and household income. Your website must be found within the search engine results pages, to be an effective advertising medium for your company. Being found in the search results is absolutely necessary to drive traffic to your website.
80% of all internet users say they stop looking for a site after 30 results. That is typically 3 pages of search engine results pages with 10 results on each page. Eye tracking studies have shown, your best bet is to be ‘above the fold’ or on the top portion of the page, on the left.
It stands to reason that the higher your site is positioned within a search engine or directory, the more you will increase your website traffic. Optimizing your website for higher search engine ranking and strategically planning keyword inclusion is a measurable/traceable method of attracting self-qualified customers. Its importance is critical.
http://www.snvinfotech.com/seo.php
EFREN
Sep
25
What is Engine Knocking
Filed Under Automotive | Comments Off
zee001 asked:
When engine knocking is detected the knock sensor sends electrical signal to the ECU. Directionally as the compression ratio of the engine increases so does the required octane number of the gasoline if engine knocking is to be avoided. Engine knocking is in fact a pulse detonation and we all known what that can do an engine. Thus, the likelihood to engine knocking is reduced and the engine runs more smoothly. Engine knocking is the premature fuel combustion that can result in power loss of the engine. Engine knocking is compression detonation or pre-ignition of fuel in the power stroke of the engine. Engine knocking is normal for 4-stroke bike.
If you have an older car or a high performance car, you may need a higher octane gasoline to help prevent engine knocking and improve engine performance. In order to prevent engine knocking at high rpm’s, NGK’s high-spark #7 platinums are used. Before leaded gasolines were removed from the market, bromine was used in an additive to help prevent engine “knocking”. Motor mount also help prevent or at least minimize engine knocking. There was a need for improvement in the refining process for fuels that would prevent engine knocking and increase engine efficiency. This prevent engine knocking which is very common at the time of a transmission kick down. MMT is a fuel additive, which is mixed with petrol in order to prevent engine knocking. Has been used in gasoline to prevent engine knocking. Lead was originally added to prevent engine knocking. The lead compound TETRAETHEL LEAD was added to gasoline to prevent engine “knocking”.
If anything, high octane gas will help reduce engine knocking in most cars (assuming your car’s manual says it’s okay to use such a gas). Replace Air Filter - Dirty filter can reduce fuel economy by 10% or more. Ethanol in unleaded gasoline helps reduce carbon monoxide emissions by as much as 30 percent. It is oxygen-bearing additive used to reduce engine knocking and assist gasoline burn more cleanly. An antiknock agent is a gasoline additive used to reduce engine knocking and increase the fuel’s octane rating. Thereafter, the engine performance will peak and emission will reduce. Lead has also been added to gasoline to reduce engine knocking. Standard Oil began adding ethanol to gasoline to increase octane and reduce engine knocking. Lead, in the form of tetra-methyl lead or tetra-ethyl lead, is added to petrol to increase its octane rating to reduce engine knocking. Some manganese compounds have been added to gasoline to boost octane rating and reduce engine knocking.
When engine knocking is detected the knock sensor sends electrical signal to the ECU. Engine knocking is in fact a pulse detonation and we all known what that can do an engine. Thus, the likelihood to engine knocking is reduced and the engine runs more smoothly. Directionally as the compression ratio of the engine increases so does the required octane number of the gasoline if engine knocking is to be avoided.
CONRAD
When engine knocking is detected the knock sensor sends electrical signal to the ECU. Directionally as the compression ratio of the engine increases so does the required octane number of the gasoline if engine knocking is to be avoided. Engine knocking is in fact a pulse detonation and we all known what that can do an engine. Thus, the likelihood to engine knocking is reduced and the engine runs more smoothly. Engine knocking is the premature fuel combustion that can result in power loss of the engine. Engine knocking is compression detonation or pre-ignition of fuel in the power stroke of the engine. Engine knocking is normal for 4-stroke bike.
If you have an older car or a high performance car, you may need a higher octane gasoline to help prevent engine knocking and improve engine performance. In order to prevent engine knocking at high rpm’s, NGK’s high-spark #7 platinums are used. Before leaded gasolines were removed from the market, bromine was used in an additive to help prevent engine “knocking”. Motor mount also help prevent or at least minimize engine knocking. There was a need for improvement in the refining process for fuels that would prevent engine knocking and increase engine efficiency. This prevent engine knocking which is very common at the time of a transmission kick down. MMT is a fuel additive, which is mixed with petrol in order to prevent engine knocking. Has been used in gasoline to prevent engine knocking. Lead was originally added to prevent engine knocking. The lead compound TETRAETHEL LEAD was added to gasoline to prevent engine “knocking”.
If anything, high octane gas will help reduce engine knocking in most cars (assuming your car’s manual says it’s okay to use such a gas). Replace Air Filter - Dirty filter can reduce fuel economy by 10% or more. Ethanol in unleaded gasoline helps reduce carbon monoxide emissions by as much as 30 percent. It is oxygen-bearing additive used to reduce engine knocking and assist gasoline burn more cleanly. An antiknock agent is a gasoline additive used to reduce engine knocking and increase the fuel’s octane rating. Thereafter, the engine performance will peak and emission will reduce. Lead has also been added to gasoline to reduce engine knocking. Standard Oil began adding ethanol to gasoline to increase octane and reduce engine knocking. Lead, in the form of tetra-methyl lead or tetra-ethyl lead, is added to petrol to increase its octane rating to reduce engine knocking. Some manganese compounds have been added to gasoline to boost octane rating and reduce engine knocking.
When engine knocking is detected the knock sensor sends electrical signal to the ECU. Engine knocking is in fact a pulse detonation and we all known what that can do an engine. Thus, the likelihood to engine knocking is reduced and the engine runs more smoothly. Directionally as the compression ratio of the engine increases so does the required octane number of the gasoline if engine knocking is to be avoided.
CONRAD
Sep
25
What do you need to become a petroleum engineer?
Filed Under Engineering | Comments Off
Some1 asked:
Hi,
Hi,
I wanna know what exactly do you need to become a petroleum engineer. By that, I mean what skills should you have in order to become a good petroleum engineer. For example, what subjects should be good at. Also, is it “fun” to work as a petroleum engineer or not??
Any help would be highly appreciated.
Thanks!
EDUARDO
Sep
24
Social Engineering
Filed Under Information Technology | Comments Off
James Banicar asked:
The goal of my paper will be to explore the topic of Social Engineering in all its facets. But what really is social engineering? Is it a term that can be applied in any field other than Information Technology? Your Dictionary references Webster’s Dictionary, which defines social engineering as thus (Your Dictionary, 2006):
A deceptive process in which crackers “engineer” or design a social situation to trick others into allowing them access to an otherwise closed network, or into believing a reality that does not exist.
However, in a much broader sense, social engineering can indeed take place outside of a technical field or applied to describe a non-I.T. related situation, because in reality, the act essentially involves deceiving another individual into divulging information that should be kept secret. The following definition better describes social engineering in this light (Social engineering (security), 2009):
Social engineering is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud or computer system access; in most cases the attacker never comes face-to-face with the victim.
The goal of this paper aims to explore these many situations that others might not classify as an social engineering act to steal information, and in addition to that goal, explore similar objectives throughout: to create a conversation about social engineering by generating awareness, discuss the many different kinds of social engineering methods, cite examples of real world social engineering events & the people responsible, and finally, cover a list of best practices to avoid social engineering attacks.
So now that we have established a “working definition” by which to base the foundation of this discussion on social engineering, the next logical step would be to mention a few of the well-known techniques employed in social engineering acts (Granger, 2001).
A very widely recognized form of social engineering occurs over the phone, which gives all the anonymity in the world a person with malicious intent could ask for. Those that are particularly vulnerable to this type of threat are help desks, customer service reps, and of course, the common victim: the innocent individual minding their own business at home, on the comfort of their couch. But just because most of these attacks are known to occur over the phone, does not mean that you are safe when actually using the phone yourself. What do I mean by this? IT’s known as shoulder surfing (Dwyer, 2008), or when someone else gleans your PIN number or ATM number by simply standing over your shoulder at either a large airport or phone booth.
Another great example of why social engineering isn’t just something to worry about at the workplace is how often thieves thrive on another technique known as Dumpster Diving, which involves hackers or anyone with malicious intent attaining information such as: calendars showing when employees might be out of town, policy manuals detailing how internal systems are protected, or even hard drives that can be restored & vital information discovered (Berg, 1995).
But my favorite form of social engineering has to be the form described as Quid Pro Quo. (Wikipedia, 2009) Imagine, if you will, that the “attacker” attempts to randomly ring up someone claiming to be returning their technical support call; eventually, said attacker will find someone who is grateful to have been called back, who will have no problem following whatever instructions the attack doles out… which will most likely be either a series of malicious commands or the giving up of valuable information (such as a credit card number or name and password).
While there are certainly many more techniques that could be discussed, I would like to focus the next section on elaborating on the techniques described above with specific, real world scenarios of social engineering taking place. A very fascinating example of an attacker making the victim believe that he is of a higher authority is described by McAfee Avert Labs and SANS analyst Lennny Zeltser (Kumar, 2009):
Apparently, yellow fliers were placed on vehicles in a parking lot, and the fliers claimed that the vehicles were in violation of parking regulations. The fliers further stated that the owner could visit a certain website to get more information and pictures about the offense.
Now you can imagine the result of this very clever form of social engineering: said victim sees the fliers and once they reach home, attempt to visit the designated website – only to be told to download a toolbar or some other form of disguised malware, which in turn infects their PC with even more malware.
Kevin Mitnick, who was once one of the most wanted hackers in the U.S. in the late twentieth century, wrote a book entitled The Art of Deception (Mitnick, Amazon, 2009). In his book, he describes several examples of social engineering, and in one he describes how someone could wait for a snow storm to occur, and then calling the network center posing as a… you guessed it, snowed-in employee. In other similar examples, Mitnick gives a smaller example of how someone could get a police officer to divulge when he might be out of town, and by scheduling a court date at that specific time; get out of the speeding ticket (Mitnick, Social Engineering Books, 2006).
A few of these examples of social engineering are really quite startling. How can one hope to avoid falling into these tricks when many of them are so clever? There are a few “best practices” that can be taught which will help falling into the social engineering traps. Some may be ideal for teaching fellow employees and others might just be applicable to the individual, helping him or her to live a more secure life in regards to their important information’s safety.
Some of the best techniques to teach employees, as identified by US-CERT (United States Computer Emergency Readiness Team), are as follows (McDowell, 2004):
Be suspicious of any phone calls, visits, or email messages from individuals asking about employee or internal information. Always ask any individual claiming to be of a legitimate organization to verify their claims; this is especially true if they could use your position as a gateway to attain privileged information (for example, you work at a help desk). Almost never reveal sensitive information over the internet. Never. Before doing anything with any amount of sensitive information, consult a higher authority or person with full knowledge of your company’s security policy. Always shred any company documents before discarding them. Even the slightest bit of information can give an attacker inside knowledge as to who works at the company, their operating hours, or phone numbers.
Richard Steinnon of the website CIO Update decries what is often touted as the “best defense against social engineering:” training. He stipulates that if you determine a mandatory training in order to sharpen peoples’ awareness is needed in order to avoid social engineering attacks… then you already have a hole in your defenses. Ultimately, the very best defense against a good social engineering attack is: enforce policy (Stiennon, 2009).
In conclusion, I have covered a wide ranging of topics all of which involve a discussion centered on Social Engineering. What began as an initial exploration into the definition of Social Engineering, the discussion then progressed into examples of the varying types of social techniques that attackers employ to trick others into divulging sensitive information.
Many common examples of real world attacks were also covered and how devastating their implications can be to the victims; corporations or individuals are not safe against any sort of Social Engineering attack. Chief among those who used to be considered the most dangerous of all, Kevin Mitnick, wrote a book describing in detail how wide-ranging Social Engineering attacks can be.
And finally, I briefly covered some “best practices” to avoid such social attacks from occurring to you or future employees. While it may seem obviously to a technically inclined individual, everyone can be a victim of these kinds of attacks when not following the most basic of policies. Being intelligence with information essentially keeping it to yourself. But rest assured that there are those out there who are constantly inventing new and dangerous ways in which to trick innocent people into giving away important information. And it’s only with constant diligence and a re-affirmation to confidentiality can we hope to avoid the trap known as Social Engineering.
Works Cited
Berg, A. (1995, November 11). Social Engineering. Retrieved April 19, 2009, from Packet Storm Security : http://www.packetstormsecurity.org/docs/social-engineering/soc_eng2.html
Dwyer, J. (2008, January 12). Picking Pockets? Nah, Surfing Shoulders. Retrieved April 19, 2009, from New York Times: http://www.nytimes.com/2008/01/12/nyregion/12about.html
*Granger, S. (2001, December 18). A True Story. Retrieved April 19, 2009, from Security Focus: http://www.securityfocus.com/infocus/1527*
Kumar, L. (2009, February 4). Real World Social Engineering. Retrieved April 19, 2009, from McAfee Avert Labs Blog: http://www.avertlabs.com/research/blog/index.php/2009/02/04/real-world-social-engineering-to-spread-malware-online/
*Major, S. D. (2009). Social Engineering: Hacking the Wetware! Information Security Journal: A Global Perspective , 40-46. *
McDowell, M. (2004). Tips. Retrieved April 19, 2009, from US-CERT.GOV: http://www.us-cert.gov/cas/tips/ST04-014.html
Mitnick, K. (2009). Amazon. Retrieved April 19, 2009, from Amazon: http://www.amazon.com/Art-Deception-Controlling-Element-Security/dp/0471237124
Mitnick, K. (2006). Social Engineering Books. Retrieved April 19, 2009, from Social Engineering: http://www.social-engineering.eu/books/artofdeception/
Social engineering (security). (2009, April 16). Retrieved April 19, 2009, from Wikipedia: http://en.wikipedia.org/wiki/Social_engineering_(security)
Stiennon, R. (2009, October 19). The Best Defense Against Social Engineering. Retrieved April 19, 2009, from CIO Update: http://www.cioupdate.com/trends/article.php/3638951/The-Best-Defense-Against-Social-Engineering
Wikipedia. (2009, April 16). Retrieved April 19, 2009, from http://en.wikipedia.org/wiki/Social_engineering_(security)
Your Dictionary. (2006). Retrieved April 19, 2009, from http://www.yourdictionary.com/hacker/social-engineering
CHARLIE
The goal of my paper will be to explore the topic of Social Engineering in all its facets. But what really is social engineering? Is it a term that can be applied in any field other than Information Technology? Your Dictionary references Webster’s Dictionary, which defines social engineering as thus (Your Dictionary, 2006):
A deceptive process in which crackers “engineer” or design a social situation to trick others into allowing them access to an otherwise closed network, or into believing a reality that does not exist.
However, in a much broader sense, social engineering can indeed take place outside of a technical field or applied to describe a non-I.T. related situation, because in reality, the act essentially involves deceiving another individual into divulging information that should be kept secret. The following definition better describes social engineering in this light (Social engineering (security), 2009):
Social engineering is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud or computer system access; in most cases the attacker never comes face-to-face with the victim.
The goal of this paper aims to explore these many situations that others might not classify as an social engineering act to steal information, and in addition to that goal, explore similar objectives throughout: to create a conversation about social engineering by generating awareness, discuss the many different kinds of social engineering methods, cite examples of real world social engineering events & the people responsible, and finally, cover a list of best practices to avoid social engineering attacks.
So now that we have established a “working definition” by which to base the foundation of this discussion on social engineering, the next logical step would be to mention a few of the well-known techniques employed in social engineering acts (Granger, 2001).
A very widely recognized form of social engineering occurs over the phone, which gives all the anonymity in the world a person with malicious intent could ask for. Those that are particularly vulnerable to this type of threat are help desks, customer service reps, and of course, the common victim: the innocent individual minding their own business at home, on the comfort of their couch. But just because most of these attacks are known to occur over the phone, does not mean that you are safe when actually using the phone yourself. What do I mean by this? IT’s known as shoulder surfing (Dwyer, 2008), or when someone else gleans your PIN number or ATM number by simply standing over your shoulder at either a large airport or phone booth.
Another great example of why social engineering isn’t just something to worry about at the workplace is how often thieves thrive on another technique known as Dumpster Diving, which involves hackers or anyone with malicious intent attaining information such as: calendars showing when employees might be out of town, policy manuals detailing how internal systems are protected, or even hard drives that can be restored & vital information discovered (Berg, 1995).
But my favorite form of social engineering has to be the form described as Quid Pro Quo. (Wikipedia, 2009) Imagine, if you will, that the “attacker” attempts to randomly ring up someone claiming to be returning their technical support call; eventually, said attacker will find someone who is grateful to have been called back, who will have no problem following whatever instructions the attack doles out… which will most likely be either a series of malicious commands or the giving up of valuable information (such as a credit card number or name and password).
While there are certainly many more techniques that could be discussed, I would like to focus the next section on elaborating on the techniques described above with specific, real world scenarios of social engineering taking place. A very fascinating example of an attacker making the victim believe that he is of a higher authority is described by McAfee Avert Labs and SANS analyst Lennny Zeltser (Kumar, 2009):
Apparently, yellow fliers were placed on vehicles in a parking lot, and the fliers claimed that the vehicles were in violation of parking regulations. The fliers further stated that the owner could visit a certain website to get more information and pictures about the offense.
Now you can imagine the result of this very clever form of social engineering: said victim sees the fliers and once they reach home, attempt to visit the designated website – only to be told to download a toolbar or some other form of disguised malware, which in turn infects their PC with even more malware.
Kevin Mitnick, who was once one of the most wanted hackers in the U.S. in the late twentieth century, wrote a book entitled The Art of Deception (Mitnick, Amazon, 2009). In his book, he describes several examples of social engineering, and in one he describes how someone could wait for a snow storm to occur, and then calling the network center posing as a… you guessed it, snowed-in employee. In other similar examples, Mitnick gives a smaller example of how someone could get a police officer to divulge when he might be out of town, and by scheduling a court date at that specific time; get out of the speeding ticket (Mitnick, Social Engineering Books, 2006).
A few of these examples of social engineering are really quite startling. How can one hope to avoid falling into these tricks when many of them are so clever? There are a few “best practices” that can be taught which will help falling into the social engineering traps. Some may be ideal for teaching fellow employees and others might just be applicable to the individual, helping him or her to live a more secure life in regards to their important information’s safety.
Some of the best techniques to teach employees, as identified by US-CERT (United States Computer Emergency Readiness Team), are as follows (McDowell, 2004):
Be suspicious of any phone calls, visits, or email messages from individuals asking about employee or internal information. Always ask any individual claiming to be of a legitimate organization to verify their claims; this is especially true if they could use your position as a gateway to attain privileged information (for example, you work at a help desk). Almost never reveal sensitive information over the internet. Never. Before doing anything with any amount of sensitive information, consult a higher authority or person with full knowledge of your company’s security policy. Always shred any company documents before discarding them. Even the slightest bit of information can give an attacker inside knowledge as to who works at the company, their operating hours, or phone numbers.
Richard Steinnon of the website CIO Update decries what is often touted as the “best defense against social engineering:” training. He stipulates that if you determine a mandatory training in order to sharpen peoples’ awareness is needed in order to avoid social engineering attacks… then you already have a hole in your defenses. Ultimately, the very best defense against a good social engineering attack is: enforce policy (Stiennon, 2009).
In conclusion, I have covered a wide ranging of topics all of which involve a discussion centered on Social Engineering. What began as an initial exploration into the definition of Social Engineering, the discussion then progressed into examples of the varying types of social techniques that attackers employ to trick others into divulging sensitive information.
Many common examples of real world attacks were also covered and how devastating their implications can be to the victims; corporations or individuals are not safe against any sort of Social Engineering attack. Chief among those who used to be considered the most dangerous of all, Kevin Mitnick, wrote a book describing in detail how wide-ranging Social Engineering attacks can be.
And finally, I briefly covered some “best practices” to avoid such social attacks from occurring to you or future employees. While it may seem obviously to a technically inclined individual, everyone can be a victim of these kinds of attacks when not following the most basic of policies. Being intelligence with information essentially keeping it to yourself. But rest assured that there are those out there who are constantly inventing new and dangerous ways in which to trick innocent people into giving away important information. And it’s only with constant diligence and a re-affirmation to confidentiality can we hope to avoid the trap known as Social Engineering.
Works Cited
Berg, A. (1995, November 11). Social Engineering. Retrieved April 19, 2009, from Packet Storm Security : http://www.packetstormsecurity.org/docs/social-engineering/soc_eng2.html
Dwyer, J. (2008, January 12). Picking Pockets? Nah, Surfing Shoulders. Retrieved April 19, 2009, from New York Times: http://www.nytimes.com/2008/01/12/nyregion/12about.html
*Granger, S. (2001, December 18). A True Story. Retrieved April 19, 2009, from Security Focus: http://www.securityfocus.com/infocus/1527*
Kumar, L. (2009, February 4). Real World Social Engineering. Retrieved April 19, 2009, from McAfee Avert Labs Blog: http://www.avertlabs.com/research/blog/index.php/2009/02/04/real-world-social-engineering-to-spread-malware-online/
*Major, S. D. (2009). Social Engineering: Hacking the Wetware! Information Security Journal: A Global Perspective , 40-46. *
McDowell, M. (2004). Tips. Retrieved April 19, 2009, from US-CERT.GOV: http://www.us-cert.gov/cas/tips/ST04-014.html
Mitnick, K. (2009). Amazon. Retrieved April 19, 2009, from Amazon: http://www.amazon.com/Art-Deception-Controlling-Element-Security/dp/0471237124
Mitnick, K. (2006). Social Engineering Books. Retrieved April 19, 2009, from Social Engineering: http://www.social-engineering.eu/books/artofdeception/
Social engineering (security). (2009, April 16). Retrieved April 19, 2009, from Wikipedia: http://en.wikipedia.org/wiki/Social_engineering_(security)
Stiennon, R. (2009, October 19). The Best Defense Against Social Engineering. Retrieved April 19, 2009, from CIO Update: http://www.cioupdate.com/trends/article.php/3638951/The-Best-Defense-Against-Social-Engineering
Wikipedia. (2009, April 16). Retrieved April 19, 2009, from http://en.wikipedia.org/wiki/Social_engineering_(security)
Your Dictionary. (2006). Retrieved April 19, 2009, from http://www.yourdictionary.com/hacker/social-engineering
CHARLIE