Wednesday, May 9, 2012

the importance of being anonymous...?

I haven't posted here in a while. I've never been more than kind of intermittent, but currently I have a good reason; I'm writing weekly articles for Crain's Cleveland Business. They're a little non-technical (basic security for businesspeople), so the content is probably not what I'd choose to share here anyway, but with 500-1000 words per week going there, I'm not as motivated to post here.

That said...last night, I went to our local chapter ISSA meeting last night. They weren't charging admission to the meeting, so it was basically free CPEs (and free pizza). I was a little late for the meeting due to mixing it up with another meeting I have next week, so I was a bit flustered as I entered the venue.

As I approached the room where the meeting was being held, I saw a sign on the wall about the meeting saying to text to a certain phone number for a door prize. I had my phone in my hand anyway, so I paused and sent the SMS, then proceeded into the meeting.

Realizing I was late, I quickly sat down. The lecturer, Branson Matheson, was talking about social engineering, which is a subject that's very interesting to me. During the lecture he mentioned the "hack" he'd perpetrated and wondered aloud how many phone numbers he'd captured that way.

Yup, okay, he got me. Turned out, too, that I was the only person in the room who fell for it, although that fact is mitigated to some extent by the fact that not everybody in the room actually saw the sign. But really...did he in fact "get me"? What exactly happened here?

It's no secret, I'm looking for a job. Because of this, I give people my contact details several times a day. I WANT people to have my phone number. In fact, had I arrived at the meeting early, as I'd intended to do, I would have been passing out my virtual business card (via Cardcloud) to anybody who would take it. People very often do, in fact, exchange business cards at such meetings, which will usually include a mobile number among others. So, practically speaking, Mr. Matheson didn't actually gain any knowledge that I wasn't willing for him to have, and in fact, he didn't have a name attached to that number. 

Mr. Matheson's point was that there's nothing stopping a hacker from putting up signs randomly saying "text to [phone number] for free offers" and actually collecting phone numbers that way, and it's a very good point. I was fairly sure, when I sent my text, that I was sending it to an officer of the local board (and he is, in fact, the VP of the local chapter), so while I "fell for" his trick, I'm actually just as happy that he has my phone number. Maybe he'll refer me to a new job. ;)

No comments:

Post a Comment