Monday, February 15, 2010

Shell’s Active Directory Contents Published

Some people say it is no big deal and some people are saying the opposite about the publication (leaking) of Shell’s entire Active Directory of 170,000 employees. As the author of the article on this states it is a big deal (“spelling” mistakes below are due to the use of proper English versus what us American’s use):
Because leaked staff directories are not as safe as handing out business cards. The reason is: social engineering. Not some kind of Orwellian concept; it’s a well-known method for computer hackers to get into an organization's network. Dumpster diving and dressing as a contract repairman are a couple of the more entertaining types of social engineering, but just knowing someone’s job title and phone number can create an easy guise for, say: impersonating a senior manager, calling the internal IT helpdesk, and demanding a password. Most companies have security proceeds to guard against it; but there are plenty of tales of hackers getting a crucial piece of information with just a name, job title, and a persuasive phone manner.
Forget about the security and hacker issues with this leak. Imagine the telemarketing bonanza this will set off!

No comments: