Comments on: Let’s Stop Cutesy Names for Attacks

By: Elphaba

Elphaba — Wed, 07 Mar 2007 00:42:44 +0000

I’ve been thinking about this post for some time now (obviously), and apparently so have other people I know because more than once I’ve heard ’social engineering = fraud’ tossed around with disdain and disgust, like only an uneducated plebe would use the term social engineering anymore.
But social engineering != fraud all of the time. Sometimes fraud is just fraud, like counterfeiting. And sometimes social engineering is just social engineering, like dressing nicely, smiling sincerely, and treating the ticketing agent like a human being so you stand out from the masses of annoying and frustrated travelers as a Nice Person That Should Be Upgraded To A Premium Seat Without Having To Ask. That isn’t fraud, that is understanding something about psychology and sociology that you apply in human interactions to help yourself come out ahead. Social engineering is a concept, a practice if you will, that can be used for malicious purposes, but in and of itself does not require lying, misleading, deception or fraud!
I would suggest that saying ’social engineering is a con job’ is an oversimplification that contributes to shallow thought by the masses. Like calling all of these populations:
- people who find security vulnerabilities and report them
- people who write POC code
- people who reverse engineer security patches
- people who write/release worms
- people who steal your credit card number and passwords via keystroke loggers and a botnet
a ‘hacker’. Too much jargon and exclusionary language is bad, but so is oversimplification. Should people be afraid of botherders? yes. Do they need to fear and revile security researchers? no. Well, not all of them anyway. (ha ha, it’s a joke people)
BTW, welcome to the E.C., Mordaxus. I’ve already told Adam that I like having you around, hope you understand this is just healthy debate, not a personal attack.
~Elphie

By: Frederick Wamsley

Frederick Wamsley — Fri, 16 Feb 2007 17:12:16 +0000

Here’s another reason you’re right. Imprecise can turn into actively misleading, even among people familiar with the subject.
Over on Slashdot, hundreds of technologists and hobbyists saw the phrase “drive-by pharming” and assumed that since it said “drive-by” it must have something to do with wireless networking. Most of the discussion was off the rails (more than usual) as a result.
Good communication is hard enough without deliberate sabotage by people trying to establish an in crowd by inventing obscure slang.

By: Nik

Nik — Fri, 16 Feb 2007 09:24:27 +0000

Agreed in spades… “Ph” should be banned :-)

By: Justin Mason

Justin Mason — Fri, 16 Feb 2007 08:00:14 +0000

The neologism "pharming" is a particular pet hate of mine; it reeks of companies ruled by their marketing departments, rather than adequate technical knowledge. As I noted in http://taint.org/2005/08/06/002104a.html , it has no less than four separate meanings: 1. genetically modified (transgenic) animals used to make human proteins that have medicinal value; 2. 'a malicious Web redirect, in which a person trying to reach a legitimate commercial site is sent to the phony site without his knowledge' using DNS cache poisoning, according to Scott Chasin of MX Logic; 3. social-engineered domain transfers from their registrars, according to 'Green Armor Solutions'; 4. a pop-up window that attempts to emulate a legit site’s input, used in a CSO Online article. What's the point of creating new terms if we can't even agree what they _mean_?!

By: Mordaxus

Mordaxus — Thu, 15 Feb 2007 22:36:40 +0000

Chris, I was tempted to say that cutesiness is 1336, but it’s a relatively subtle remark.
Thank you, Culprit, I couldn’t agree more.
And thank you as well, Mark. I smiled broadly.

By: Mark Curphey

Mark Curphey — Thu, 15 Feb 2007 17:59:33 +0000

A cartoon in your honor sir!

By: Culprit

Culprit — Thu, 15 Feb 2007 17:35:03 +0000

Language is an inadequate kludge for communicating ideas we have trapped in our individual minds.
But it is all we have until we evolve selective telepathy or some such.
Learning to use words to communicate without confusion should be every citizen’s duty.
Newspeak-style word-play just allows ideas that are incongruent in everyone’s minds to coalesce together into some sort of mob-rage emotion-driven thoughtlessness.
It is a way of stripping individual thought from people. Words lose their power, and the only power an individual has in a representativity society comes from words.
Please use language well. Don’t dilute thought exchanges.

By: Chris

Chris — Thu, 15 Feb 2007 16:55:53 +0000

So, neologisms aren’t 7337? :^)