“There’s no patch for Human Stupidity.” Well said Hacker News!!!

An article in Hacker News inspired me to write this blog post.

Social engineering, in the context of security, is understood to mean the art of manipulating people into performing actions or divulging confidential information. This is a type of confidence trick for the purpose of information gathering, fraud, or computer system access. It differs from traditional cons in that often the attack is a mere step in a more complex fraud. (Wikipedia explains in this way but I never understood the meaning of it…) 🙂

Well I explain Social Engineering as “The simplest and most tactical way of making people to believe and making them to do things that they weren’t supposed to…”

There are lot of Social Engineering techniques right from getting a free pizza to getting a 100$ worth product for free from Amazon. (Yes!! There are incidents)

Even there are incidents that I myself tried to sniff others passwords while typing. Huh.. Then think what top social engineers can do!!!

There are events in the past where social engineers entered into highly secured data center rooms with just a few minutes conversation with people…!!! (Same old boring statement but again… “Human is the weakest link ever”)

Unfortunately(but i personally feel fortunately… :-)) these days there’s a ready made baked cake called Social Engineering Tool Kit (no explanation for Linux users) that’s making people to try various techniques for exploiting data and stealing credentials. And even some websites are training people this course for huge lot of bucks naming it as “Social Engineering Framework” (as if it is some .net framework… :-))

Social Engineering (SE) is both incredibly complex and amazingly simple. And once if you start that you’ll even quit your profession and start it as a full time hobby… 🙂

The main point to be stressed is companies like Microsoft are no less to be exceptional in this aspect. Recently a social engineering attack on Skype has almost affected its brand reputation.

http://thehackernews.com/2013/04/social-engineering-skype-support-team.html

Social Engineers are everywhere(like air… 🙂 ). That’s our responsibility to not believe people easily.

Gaming Sector… May be the least secured area these days!

Raise your hands if you have ever played games like Far Cry, Modern Warfare, Assassin’s Creed. (Oh! I can see many!!!) 🙂 🙂

Now my question is.. “Did you bought that or used a cracked version…?” And ofcourse I know your answer too… 😛

Well I am going to say a delicious news to XBOX, PS3 and all the so called Virtual Gaming World lovers!!

Recently a team of Russian Hackers figured out a vulnerability in UBI Soft’s uPlay launcher that made them to download free games from Ubisoft’s servers, exploiting an existing vulnerability in Ubisoft’s uPlay launcher.

According to reports, the copies of Far Cry 3 Blood Dragon that are available on torrent sites are the result of a hack of Ubisoft’s uPlay service. The hack has allowed users to download advance copies of Far Cry 3: Blood Dragon, a game which has yet to be officially released on 1st May, for Xbox 360, PS3 and PC.

As a proof of the exploit, hackers even posted an 1 hour 30 mins long footage of the game. (Well I don’t want to post the link and put myself into trouble..) 🙂

The hackers developed a piece of software which tricks the uPlay executable into believing that the user has ownership over games that they do not own.

It is possible to acquire the direct download link for the game and play it offline, thereby bypassing the uPlay DRM.

Furthermore, the exploits can be used to play the games offline, circumventing DRM.

Ubisoft in response to this incident said “We are aware of the issue and are working to resolve it quickly. No personal information was compromised. Uplay’s PC download service will be unavailable until the problem is fixed, however all other Uplay services remain available.”

Lastly.. My note to those Russian Hackers: Hey buddies!!! Please post me the review of the game… 🙂 🙂 I can’t wait till May 1st 🙂