Monday, August 31, 2009

Social Engineering at the Age of 4

I guess maybe I was born to be a security-minded person, if "fate" or "nurture" deemed thus. I just was recollecting this morning about how, at the age of 4, I successfully pulled off my first social engineering experiment.

I noticed on Day 1 of pre-school an example of what I often refer to as "opt-in" security. Parents completed a form with a checkbox that indicated whether or not the pre-schoolers were required to take a nap. Then, at nap time, the teachers asked for children whose parents don't require them to take a nap to raise their hand. Those children were then separated from the rest, who had to lay on mats with the lights out. By Day 2, I realized I could simply raise my hand--albeit it was a lie-- and I could skip nap time and play the whole day. From Day 2 on, I always raised my hand.

We, as curious humans, learn about security policies from some of the most common sources-- so common we may even be oblivious to them.

No comments: