SLAC Computer Security
Search SLAC

Computer Security's Weakest Link

The natural human instinct to help people and accept them at their word—even over e-mail—leaves us vulnerable to attack. The "bad guys" are out to exploit our helpfulness by using various techniques.

One technique employed is mailing "official" looking CDs and DVDs that contain viruses, trojans or rootkits (aka malware) to individuals hoping they put them in their computers. Another trick is to leave a memory stick lying in a hallway or parking lot. The hope is for you to insert it into your computer. As soon as you do, your computer becomes infected.

This sort of social engineering involves deceiving people into revealing confidential information by taking advantage of people who want to be helpful or asking people to respond to phone calls or e-mails from someone who appears to be in authority. Typical examples include requests for your user ID, password or personal information—never reveal your password to anyone. For more information, read Social Engineering Fundamentals, Part I: Hacker Tactics.

Remember, SLAC is an open lab and we want it that way. However, with that openness, a person walking into the laboratory may not always have your best interests at heart. Not only has equipment been stolen in the past, but we have also seen an unattended computer (with a screen that is not password protected) being used to send e-mail appearing to be from the person logged into the computer. Always protect your session by locking your computer or your door when leaving your computer unattended.

The laboratory staff is constantly being tested by both friendly Department of Energy audits (which exist to help us) and unfriendly hackers.

Be prepared and aware. Sec_rity is not complete without "u"!

Above article appeared in Feb. 5, 2008 SLAC Today.

Owner: SLAC Computer Security
Last Updated: 07/22/2010
Feedback: Please send to
Computer Security Feedback