I sat through the Social engineering webcast from the Digital Blackbelt website which had some interesting ideas about how successful social engineering hacks can be. I had actually read/heard about most of them from various sites but it did have some good ideas. (Google Hacking for penetration testers is a great source for things like this and a very interesting read. Written by Johnny-I-Hack-Stuff)
The weird thing is that it was aimed at developers, but none of the things discussed were really aimed at developer accounts, more at physical security, passwords etc. I was really expecting things on how to code to avoid possible social engineering attempts – such as when providing “forgotten password” functions on the page, don’t insist that users have to use your secret questions as often mothers maiden names are not actually that secret. (I’m the Andy that gets quoted at the end of the talk (twice))
