Social engineering: You have probably already heard about it, but what is it really about?

Let’s have a look at the definition of Social Engineering from Wikipedia: “Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques.”

“Act of manipulating people”: are you aware of the psychological influence techniques: reciprocity, commitment and consistency, social proof, authority, liking and scarcity? Are you able to detect if someone uses such a technique against you (per phone, per email or in a face to face conversation)?

Are you a target as a company or as a private person? The answer is YES.

Do you have an account on social network websites, on professional network websites? Do you have a blog or write comments on blogs? Are you a member of an online community? Do you answer quizzes?

Do you have friends acting actively on the web? Do they speak about you? By the way, are all your social network contacts your friends? Do you really know them all?

Anyone can know everything about you and use it to deceive you. Let’s get protected.

We can help your company in making your employees aware of deceptions and in creating a culture of security. Why not do it in 2011? Let’s make your company more secure! Train your employees!

Feel free to contact us for more information.

A few monthes ago, we were wondering how Basel II impacts information technology and especially security. Here is a presentation Mathias has produced in order to enlight his colleagues

If you’d like more information, just contact us. Comments are open as well, in order to discuss the presentation online.

An error in your firewall configuration and your intranet website becomes widely available to anybody on the Internet. After having corrected the bad firewall rulebase some files from the intranet are still stored in Google’s cache. How to remove them ?

First, you have to make Googlebot get 404 error messages (Page not Found) for all URLs that have been exposed when the site was available on the Internet. To do this, just create a virtual web site and don’t put any page on it. Quite easy.
Then, you have to visit this Google website in order to tell Googlebot which URLs have to be removed from the cache. The operation could take 3 to 5 days, once you will have tagged the pages for removal.

That’s it. Now, maybe you should think to some change management software for your firewall

There is a good article by Bruce Moulton from Symantec about operational risk management in the Basel II context and how IT security can help to reduce this risk. You will find the whole article here.

Last friday, we attended Primesphere’s After Software Universe seminar. It was the occasion to officially announce our partnership with Primesphere regarding security management. We have developped a common offer that integrates security management into Primesphere’s IT service management solution, based on the ITIL framework for the methodology, and HP Openview from a technological point of vue.

In fact, we are able to feed the Openview platform with security-oriented data coming from the security infrastructure, and thus benefit from a robust and well defined automated processing of the information.

The goal of the solution is to give our customers the capability to monitor, analyze, react and report on security events in the context of their global IT infrastructure, to finally be able to pilot and adapt their security infrastructure in a business oriented way.

The technical solutions that we are currently proposing are the following :

• Real time security incident management
• Security service design tree
• Solutions to respect and implement legal security standards
• Integrated security incident, problem and change management solution

You may download the whole presentation here.