Submission + - Social engineering: Are your ID badges showing? (csoonline.com)
SarahS writes: "Johnny Long (of Google Hacking fame, interviewed here) claims that the easiest way to "hack" into a company isn't with a computer — it's by putting on a fake ID badge and walking in the door like you mean it. If no one at your company is actually verifying badges, then too bad for you, the social engineer just got inside. In this excerpt on CSOonline.com from Long's book, No Tech Hacking, the author explains — with photo proof — why it's so easy for social engineers to create fake ID cards.
"Traveling in tech circles, I've seen my share of lanyard clutter, but this nice lady took the prize for most neck-flair toted by a female. As I drew closer, I realized that her badge was decidedly governmental in appearance. ... As she continued chatting into the phone, I swung around to the other side of her and stepped in as close as I could without triggering her (admittedly impaired) stalker detection system. Less than a foot away from her, I snapped the photo below. This particular badge is issued to government employees stationed at the Pentagon. The Post-It note reminds her to "bring a copy of yesterday's all hands to DSS H.Q.'""