Max is a startup software engineer. He seeks to use what he has learnt as a startup founder and tech community leader to solves hard problems with innovate products or services.
Social engineering is actually quite technical in nature. It may not be in the area of technology in the literial sense.
But they are usually in the fronter in the adoption of innovative or ground breaking technology like Blue Box (Steve Jobs & Steve Wozniak were building this before they created Apple) , Dragonfly UAV by CIA & life like masks (Read the book "The Moscow Rules") that is used as disguise during the Cold War.
The best social engineers are people who works as negotiators, police, special forces operators, intelligence officers, actors, investigative reporters to criminals or terrorist.
What I think the most as developers, we must not have the hubris or blind confidence in relying on technology to solve these issues.
Instead we should always be aware of human nature, motivation & creativity could outwit, whatever latest or greatest security technology that money could buy.
Fully agree, though I must concede that your last two paragraphs bring it forward much better than I did.
While there are technical approaches (2FA, requiring the multiple people, etc.) to make some social engineering attacks harder, they will always have a hard time standing up against human nature as you say.
Luckily, most developers will never have to deal with a system where extensive targeted social engineering (on the nation-state actor level) will be an issue, though as with many aspects of cybersecurity all developers should at least be aware of the dangers and know the basics. The topic of social engineering is of course also large enough that it could have an entire blog series by itself.
Max is a startup software engineer. He seeks to use what he has learnt as a startup founder and tech community leader to solves hard problems with innovate products or services.
I think on a normal basis, we will have to deal with is more towards automated phone scams or choosing the correct non-malicious packages or automated system codes that won't result in vulnerability in software that anyone could exploit for financial gain.
Max is a startup software engineer. He seeks to use what he has learnt as a startup founder and tech community leader to solves hard problems with innovate products or services.
Social engineering is actually quite technical in nature. It may not be in the area of technology in the literial sense.
But they are usually in the fronter in the adoption of innovative or ground breaking technology like Blue Box (Steve Jobs & Steve Wozniak were building this before they created Apple) , Dragonfly UAV by CIA & life like masks (Read the book "The Moscow Rules") that is used as disguise during the Cold War.
The best social engineers are people who works as negotiators, police, special forces operators, intelligence officers, actors, investigative reporters to criminals or terrorist.
What I think the most as developers, we must not have the hubris or blind confidence in relying on technology to solve these issues.
Instead we should always be aware of human nature, motivation & creativity could outwit, whatever latest or greatest security technology that money could buy.
Fully agree, though I must concede that your last two paragraphs bring it forward much better than I did.
While there are technical approaches (2FA, requiring the multiple people, etc.) to make some social engineering attacks harder, they will always have a hard time standing up against human nature as you say.
Luckily, most developers will never have to deal with a system where extensive targeted social engineering (on the nation-state actor level) will be an issue, though as with many aspects of cybersecurity all developers should at least be aware of the dangers and know the basics. The topic of social engineering is of course also large enough that it could have an entire blog series by itself.
I think on a normal basis, we will have to deal with is more towards automated phone scams or choosing the correct non-malicious packages or automated system codes that won't result in vulnerability in software that anyone could exploit for financial gain.
Supply chain attacks (like malicious packages) is actually something I'm going to be covering in a future part of this series :)
Please do social engineering one as well it will be cool on how those are applied in the developer perspective.