Dumpster diving is a way to obtain information that is has been improperly disposed. What kinds of security leaks that can be found "in the trash"?
Dumpster diving, also known as trashing, is another popular method of social engineering. A huge amount of information can be collected through company dumpsters (trash can).
- The following items turn to be potential security leaks in our trash:
- company phone books which can give the hackers names and numbers of people to target and impersonate
- organizational charts contain information about people who are in positions of authority within the organization
- memos provide small tidbits of useful information for creating authenticity
- company policy manuals show hackers how secure (or insecure) the company really is
- calendars of meetings may tell attackers which employees are out of town at a particular time
- system manuals, printouts of sensitive data or login names and passwords may give hackers the exact keys they need to unlock the network
- disks and tapes can be restored to provide all sorts of useful information
- company letterhead and memo forms
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.