Message

	dmitin Hodge Conjecture Offline Joined: 05 Feb 2005 Posts: 50 Location: Kyiv, Ukraine	International Scientific Olympiad on Mathematics, Iran 2007 olympiad.sanjesh.org The 12th International Scientific Olympiad on Mathematics for University Students 10–13 July 2007 Tehran, Iran I. Mathematical Analysis (Pure and Applied Mathematics) 1. (25 points) Suppose that $f: \mathbb{R}^{n}\to\mathbb{R}^{n}$ is a function satisfying the following two conditions: i) $f(K)$ is compact whenever $K$ is a compact subset of $\mathbb{R}^{n}$ ; ii) $f\left(\bigcap_{n=1}^{\infty}K_{n}\right)=\bigcap_{n=1}^{\infty}f(K_{n})$ whenever $\{K_{n}\}_{n=1}^{\infty}$ is a decreasing sequence of compact subsets of $\mathbb{R}^{n}$ . Prove that $f$ is continuous. 2. (25 points) Suppose $f$ is a real valued twice differentiable function defined on $[a,b]$ . Show that there are $\xi$ , $\eta$ in $[a,b]$ such that $f(\eta)-f(a)\frac{b-\eta}{b-a}-f(b)\frac{\eta-a}{b-a}-\frac{1}{2}(\eta-a)(\eta-b)f''(\xi)=0.$ 3. (25 points) Let $f_{n}: \mathbb{R}\to\mathbb{R}$ be a sequence of functions with the following properties: i) each $f_{n}$ ( $n=1,2,\ldots$ ) is a periodic function with period $T$ ; ii) each $f_{n}$ ( $n=1,2,\ldots$ ) is continuous on $\mathbb{R}$ ; iii) the sequence $\{f_{n}\}_{n=1}^{\infty}$ is uniformly bounded on $\mathbb{R}$ . Then $\{f_{n}\}_{n=1}^{\infty}$ is an equicontinuous sequence of functions on $[0,T]$ . Prove or disprove this statement. 4. (25 points) Suppose $f: [0,\infty)\to\mathbb{R}$ is continuous and $\lim_{x\to\infty}f(x)=L$ . Show that for each $a>0$ $\lim_{n\to+\infty}\int_{0}^{a}f(nx)\,\mathrm{d}x=aL.$ II. Numerical Analysis (Pure and Applied Mathematics) 1. (25 points) Let $g$ be a function defined on $[a,b]$ with properties: i) if $x\in[a,b]$ then $g(x)\in[a,b]$ ; ii) $g'$ is continuous on $[a,b]$ ; iii) for all $x\in[a,b]$ , $\lvert g'(x)\rvert<1$ . 1) Prove that the equation $x=g(x)$ has exactly one root in $[a,b]$ . 2) Show that if condition i) is not satisfied then the equation $x=g(x)$ may have no roots in $[a,b]$ . 2. (25 points) Let $f$ be continuous on $[a,b]$ , $h=\frac{b-a}{n+1}$ and $x_{i+1}-x_{i}=h$ , $i=0,1,\ldots,n$ , $a=x_{0}<x_{1}<\ldots<x_{n}<x_{n+1}=b$ . 1) Find weights of the open Newton-Cotes quadrature rule: $\int_{a}^{b}f(x)\,\mathrm{d}x\approx\sum_{i=1}^{n}w_{i}f(x_{i}).$ 2) Find 3 points open Newton-Cotes formula for $\int_{0}^{4h}f(x)\mathrm{d}x$ . 3) Why open Newton-Cotes quadrature rules are not commonly used? 3. (25 points) Let $\alpha$ be a fixed positive real number and define $x_{n+1}=\frac{x_{n}^{3}+3\alpha x_{n}}{3x_{n}^{2}+\alpha},\quad n=0,1,\ldots$ Assume $x_{0}$ is so that the sequence $\{x_{n}\}$ is convergent. 1) Find $\lim_{n\to\infty}x_{n}$ . 2) Determine the order of convergence of the sequence $\{x_{n}\}$ . 4. (25 points) Find coefficients $a$ , $b$ , $c$ , $d$ , $m$ , $n$ and $p$ in order that for differential equation $y'=f(x,y)$ the Runge-Kutta formulas given as $k_{1}=hf(x,y)$ , $k_{2}=hf(x+mh,y+mk_{1})$ , $k_{3}=hf(x+nh,y+nk_{2})$ , $k_{4}=hf(x+ph,y+pk_{3})$ , $y(x+h)-y(x)\approx ak_{1}+bk_{2}+ck_{3}+dk_{4}$ conform with the Taylor series method of order $h^{4}$ . III. Algebra (Pure Mathematics) 1. (25 points) Let $R$ be a ring with unity. Prove that: 1) If every invertible element is central then every nilpotent element is central. 2) If every nilpotent element is central then every idempotent element is central. 2. (25 points) Let $G$ be a non-cyclic group of order $p^{n}$ where $p$ is a prime number. Prove that $G$ has at least $p+3$ subgroups. 3. (25 points) Let $G$ be a finite group with exactly 50 Sylow 7-subgroups. Let $P\in Syl_{7}(G)$ and $N=N_{G}(P)$ . 1) Prove that $N$ is a maximal subgroup of $G$ . 2) If $N$ has a Sylow 5-subgroup $Q$ and $Q\lhd N$ then prove that $Q\lhd G$ . 4. (25 points) Let $R$ be a ring such that $x^{3}=0$ implies that $x=0$ . Let for each $a,b\in\mathbb{R}$ , $(ab)^{2}=a^{2}b^{2}$ . Prove that $R$ is commutative. Operations Research (Applied Mathematics) 1. (25 points) A matrix $A$ , $m\times n$ , $m\le n$ , with integer components is said to be totally unimodular if every submatrix $B$ composed of a set of $m$ distinct columns of $A$ is so that $\lvert\det(B)\rvert=1$ (every such $B$ is also said to be unimodular). 1) Prove that if an integer matrix $B$ , $m\times m$ , is unimodular then $B^{-1}$ is also an (integer) unimodular matrix. 2) Consider the (LP) problem below: $\min z=c^{T}x$ $\text{s.\,t.\ }Ax=b$ (LP) $x\ge0$ where $A$ is an integer $m\times n$ matrix, $m\le n$ and vector $b$ has integer components. Prove that if $A$ is totally unimodular and (LP) has an optimal solution then the simplex method for solving (LP) will find an optimal integer solution (assuning that (LP) is nondegenerate). 2. (25 points) Consider the linear programming problem below: $\min_{x\in\mathbb{R}^{n}}q^{T}x$ $\text{s.\,t.\ }Mx\ge-q$ (LP) $x\ge0$ where $M=-M^{T}$ and $q$ are given. Prove that: 1) $x\ge0$ is an optimal solution of (LP) if and only if we have $s(x)=Mx+q\ge0,\quad x^{T}s(x)=0.$ 2) Two feasible points $x$ and $y$ for (LP) are optimal points of (LP) if and only if we have $x_{i}s_{i}(y)=y_{i}s_{i}(x),\quad i=1,\ldots,n.$ 3) If $q\ge0$ then the problem (LP) has an optimal solution. 3. (25 points) Prove 1) and 2) using elementary definitions of convex sets and convex functions. 1) Show that the set $S=\{x\in\mathbb{R}^{n}\mid Ax=b,\ x\ge0\}$ is convex. 2) Show that if $x^{}$ is an optimal (local) solution for the problem $\min z=c^{T}x$ $\text{s.\,t.\ }Ax=b$ (LP) $x\ge0$ then $x^{}$ is a global solution. Prove or disprove 3) and 4). 3) Problem (LP) can be infeasible. 4) Problem (LP) can be unbounded. 4. (25 points) Assume that $S$ is a nonempty open convex set in $\mathbb{R}^{n}$ and $f: S\to\mathbb{R}$ is differentiable on $S$ . Prove that if $f$ is convex on $S$ then we have $\bigl(\nabla f(x_{2})-\nabla f(x_{1})\bigr)^{T}(x_{2}-x_{1})\ge0$ for all $x_{1},x_{2}\in S$ . IV. Linear Algebra (Pure and Applied Mathematics) 1. (33.3 points) Let $A\in M_{n}(\mathbb{C})$ and $\mathbb{C}[A]=\{f(A)\mid f(x)\in\mathbb{C}[x]\}$ . Prove that the ring $\mathbb{C}[A]$ has no non-zero nilpotent element if and only if $A$ is diagonalizable. 2. (33.3 points) Prove that if $n$ is a positive integer then there exists a $2\times2$ invertible matrix $A=(a_{ij})$ such that $a_{ij}\in\mathbb{R}$ , $A^{n}=I$ and $A^{k}\ne I$ for every $1\le k<n$ . 3. (33.3 points) Let $X$ be an invertible matrix with columns $X_{1},X_{2},\ldots,X_{n}$ . Let $Y$ be a matrix with columns $X_{2},X_{3},\ldots,X_{n},0$ . Show that the matrices $A=YX^{-1}$ and $B=X^{-1}Y$ have rank $n-1$ and have only 0's for eigenvalues.
		_________________ lib.mexmat.ru/forum Posted: Tue Jul 17, 2007 5:52 pm

	Profile PM WWW ICQ Blog



	didilica Yang-Mills Theory Offline Joined: 06 Mar 2006 Posts: 586	Here is my solution to the Mathematical Analysis problem 4): Using the substitution $nx=y$ we get that $l=\int_{0}^{a}f(nx)dx=\frac{1}{n}\int_{0}^{na}f(y)dy$ and an application of Cesaro Stoltz lemma shows that $=\int_{na}^{(n+1)a}f(y)dy=af(c_{n}))\rightarrow aL$ , where $c_{n}\in (na, (n+1)a)$ . Note that $\lim f(c_{n})=L$ since $\lim f(x)=L$ .
		_________________ Didi

+ نوشته شده در 86/11/04ساعت 12:55 توسط علي قنبرزاده |

آكيو موريتا (AKIO MORITA) در سال 1921 در شهرناگوياي ژاپن از خانواده اي مقتدر و متمول زاده شد. با آنكه پدرش انتظار داشت او به عنوان فرزند بزرگ خانواده پاي در راه او گذارد و تجارتخانه او را در حرفه صنايع نوشيدني اداره كند اما «آكيو» از همان كودكي به وسايل الكتريكي و صوتي علاقه مند بــــود و مي خواست بداند اشياء چگونه كار مي كنند. روياي او ساخت يك گرامافون الكتريكي بود. به همين دليل رشته فيزيك را در دانشگاه اوزاكا برگزيد. پس از فراغت از تحصيل و در بحبوحه جنگ جهاني دوم كه ژاپن درگير جنگ بود به عنوان افسر نيروي دريايي در دفتر فناوري، كار بـــرروي تكميل دستگاهها و سلاحهاي حرارت ياب و ادوات هدف گير شبانه را آغاز كرد. در همان جا بود كه با مهندس تيزهوشي به نام ماسارو ايبوكا (MASARU IBUKA) آشنا شد. ايبوكا نابغه اختراع بود و در همان زمان شركتي را به نــام «ابزار دقيق ژاپن» تاسيس كرده و آمپلي فاير نيرومندي ساخته بود كه مي توانست آشفتگي جريان مغناطيسي در عماق آب را براي زيردريائيها اندازه گيري كند.

پس از بمباران اتمي ژاپن در سال 1945 و پايان يافتن جنگ، موريتا به شهر خود ناگويا برگشت. ايبوكا نيز با هفت كارمند خود كه از شركت قبلي به همراه آورده بود در ساختماني كهنه و خالي و نيمه ويرانه در توكيو شركت جديدي را تاسيس كرد. موريتا پس از مدت كوتاهي براي تدريس به توكيو آمد واطلاع يافت كه دوست و همكار او ايبوكا سلسله مقالاتي را در زمينه دستگاههاي الكتريكي در روزنامه معروف ژاپني «آساهي» مي نويسد و شركتي را تاسيس كرده است. او به ملاقات دوستش شتافت و تصميم گرفت به صورت نيمه وقت و پس از مدت كوتاهي تمام وقت به او بپيوندد و با همفكري يكديگر شركت جديد خود را تاسيس كند. ايبوكا 38 ساله و موريتا 25 ساله در سال 1946 شركت را با نام «شركت مهندسي مخابرات توكيو» (TOTSUKO) با 500 دلار سرمايه (190.000 ين) و 20 نفر تاسيس كردند. محل فعاليت شركت طبقه سوم يك ساختمان نيمه مخروبه در منطقه منهدم شده اي قرار داشت كه تمامي ديوارهاي بتوني آن شكافهاي عميق برداشته بود. بدين ترتيب سنگ بناي شركت عظيم سوني به همت دو انسان سخت كوش با فعاليت تعمير راديو گذاشته شد. 12 سال بعد و پس از دستيابي به موفقيتهاي پي درپي در كار برروي محصولات الكتريكي و عرضه فرآورده هاي صوتي و تصويري نظير پلوپز برقي، ولت متر، بالش برقي، ضبط صوت، راديو، تلويزيون و ويدئو، شركت به نام «سوني» تغيير نام داد. موريتا در سال 1953 اولين سفر خود را به آمريكا و اروپا انجام داد و كمي بعد با فكر گسترش صادرات و كسب و كار سوني به ماوراء مرزهاي ژاپن و بويژه آمريكا، به همراه خانواده خود به نيويورك رفت و در سال 1960 شركت سوني آمريكا را تاسيس كرد. اولين راديوي ترانزيستوري جهان (TR-55) در سال1956 توسط شركت ساخته شد و سال بعد كوچكترين راديوي ترانزيستوري جيبي(TR-63) با ابعاد32 ×71×112 ميليمتر و قيمت 13800 ين عرضه گرديد. البته اين راديو كمي بزرگتر از جيب معمولي پيراهن بود و لذا موريتا پيراهني با جيب بزرگتر براي خود تهيه كرده بود كه بتواند عنوان جيبي را براي آن اثبات كند قيمت صادراتي اين راديو39/95 دلار بود. اولين تلويزيون ترانزيستوري مدل 8 اينچي(TV8-301) در سال 1959 و كوچكترين و سبك ترين تلويزيون (TV5-303) در سال 1962 و بالاخره تلويزيونهاي رنگي كروماترون در سال 1964 و ترنيترون در سال 1968 ساخته و عرضه گرديد.

شمارش تعداد محصولاتي كه اين شركت از آغاز تاسيس تاكنون ابداع و به بشريت عرضه داشته مشكل است و علاوه بر مواردي كه برشمرده شد، ويدئو، ديسك فشرده، فلاپي ديسك، نوارهاي ويدئوئي بتاماكس، واكمن، تلويزيون دستي كوچك، پخش استريو، دوربينهاي فيلمبرداري 8 ميليمتري، دوربينهاي عكاسي و دهها اختراع ديگر را شامل مي شود.

در مدت همكاري اين دو يار باوفا، ايبوكا انرژي خود را بر روي انجام تحقيقات فناوري و توسعه محصول متمركز كرد و موريتا دست به گسترش سوني در مناطق مختلف دنيا، جهاني سازي شركت و توجه به مسائل مالي، توسعه منابع انساني و ورود به دنياي نرم افزار زد. موريتا پيشتاز طرح ايده جهاني شدن شركتها بود و براي گسترش شركت خود به بسياري نقاط دنيا رفت وآمد مي كرد. او شناخته شده ترين ژاپني در آمريكاست كه جوايز متعددي را دريافت كرده است. توانايي او در مطالعه و شناخت دو فرهنگ شرقي و غربي و تركيب جنبه هاي خوب آن با يكديگر شگفت انگيز بود.

موريتا در سال 1959 عنوان نايب رئيس سوني را داشت و در سال 1971 به رياست سوني رسيد و تا سال 1994 كه به عنوان رياست افتخاري سوني بازنشسته شد در سمتهاي مختلف رياست، مديريت عامل و رياست هيئت مديره فعاليت كرد. ايبوكا دوست و همكار او در بنيانگذاري شركت در سال 1997 درگذشت. چهارسال قبل از آن، موريتا به هنگام بازي تنيس دچار حمله قبلي شد و تا سال 1999 كه در 78 سالگي جهان را وداع گفت صندلي چرخدار سوار مي شد. موريتا مسير زندگاني و نظرات و افكار خود را در زمينه كسب و كار صنعت الكترونيك و فناوري برتر در كتابي به نام «ساخت ژاپن» در معرض استفاده همگان قرار داده است. همت والاي او و دوست و همكار و همراهش ايبوكا، از خاكسترهاي ويرانه هاي جنگ جهاني دوم، شركتي جهاني را پديد آورد كه رهبري بلامنازع اختراعات پي درپي و عرضه محصولات و وسايل الكترونيكي صوتي و تصويري و فناوري اطلاعات را در اختيار خود گرفت و در سال 2003 با 161100 نفر كارمند، فروش 62 ميليارد دلاري را به دست آورد.

اين مطلب يكي از مطالبي است كه توسط اعضاي سايت درج شده است.

انتشار زندگينامه

زندگينامه‌هاي دانشمندان مرتبط با مباحث سايت را ارسال كنيد و موجودي خود را افزايش دهيد

آگهي‌هاي سايت

انتقاد پيشنهاد پيام

لينك به راهكار مديريت

+ نوشته شده در 85/11/11ساعت 19:0 توسط علي قنبرزاده |

Updated on Saturday, November 18, 2006

پنجشنبه، 6 مهر 1385؛ September 28, 2006

Link To Here

برنامه ريزي استراتژيك براي مديريت پروژه

با استفاده از يك مدل تكاملي مديريت پروژه

Strategic Planning For Project Management

Using A Project Management Maturity Model

قسمت 1 در وبلاگ

بخش اول

نيازمندي مديريت پروژه به برنامه ريزي استراتژيك

مقدمه

بيش از 40 سال است كه شركتها و مؤسسات آمريكايي جهت انجام و تكميل كارهاي خود در حال استفاده از اصول مديريت پروژه مي باشند. قبل از دهه 90 ميلادي، تلاشهاي اندكي جهت شناساندن و تعريف مديريت پروژه به عنوان يك هسته شايسته و صلاحيت دار مركزي براي شركت ها انجام شده و به سه دليل عمده ذيل، مقاومت هاي زيادي در برابر مديريت پروژه وجود داشته است...

قسمت 2 در وبلاگ

نتيجه گيري:

برنامه ريزي استراتژيك براي مديريت پروژه (در صورتي كه با يك متدلوژي خوب مديريت پروژه تركيب شده باشد)، مي تواند گپ هاي زمان، هزينه و كيفيت را فشرده تر كند. هرچند، تصميمات حياتي هنوز هم بايد اتخاذ شوند. بازاريابي بايد تصميم بگيرد كه چه محصولاتي بايد عرضه شوند و چه بازارهايي بايد تحت پوشش قرار گيرند. متصديان سيستمهاي اطلاعاتي بايد در طراحي، توسعه، و / يا انتخاب سيستمهاي پشتيباني، مشاوره و همياري دهند و مديريت ارشد بايد منابع كافي و واجد شرايط لازم را آماده كند...

ادامه مطلب >>>

ادامه دارد

--- « نظر دهيد » ---

Comments (7)

+ نوشته شده در 85/10/06ساعت 14:40 توسط علي قنبرزاده |

Psychology of Social Engineering

People Hacking:

The Psychology of Social Engineering

Text of Harl's Talk at Access All Areas III

What is Social Engineering ?

Basically, social engineering is the art and science of getting people to comply to your

wishes. It is not a way of mind control, it will not allow you to get people to perform

tasks wildly outside of their normal behaviour and it is far from foolproof.

It also involves far more than simply quick thinking and a variety of amusing accents.

Social engineering can involve a lot of 'groundwork', information gathering and idle chit

chat before an attempt at gaining information is ever made. Like hacking, most of the

work is in the preparation, rather than the attempt itself.

You may think this talk may seem to be a weak excuse to demonstrate how these

techniques can be used for hacking. OK, fair enough. However, the only way to defend

against this sort of security attack is to know what methods may be used. With this

knowledge it is possible to pick-up on these techniques being used against either you or

your company and prevent security breaches before anyone gets near your data. A CERT

style security alert with few details is pointless in this case. It would simply boil down to

"Some people may try to get access to your system by pretending some things are true.

Don't let them." As usual, no help what-so-ever.

So What ?

Social engineering concentrates on the weakest link of the computer security chain. It is

often said that the only secure computer is an unplugged one. The fact that you could

persuade someone to plug it in and switch it on means that even powered down

computers are vulnerable.

Also, the human part of the a security set-up is the most essential. There is not a computer

system on earth that doesn't rely on humans. This means that this security weakness is

universal, independent of platform, software, network or age of equipment.

Anyone with access to any part of the system, physically or electronically is a potential

security risk. Any information that can be gained may be used for social engineering

further information. This means even people not considered as part of a security policy

can be used to cause a security breach.

A big problem ?

Security professionals are constantly being told that security through obscurity is very

weak security. In the case of social engineering it is no security at all. It is impossible to

obscure the fact that humans use the system or that they can influence it, because as I

stated before, there isn't a computer system on earth that does not have humans as a part

of it.

Almost every human being has the tools to attempt a social engineering 'attack', the only

difference is the amount of skill used when making use of these tools.

Methods

Attempting to steer an individual towards completing your task can use several methods.

The first and most obvious is simply a direct request, where an individual is asked to

complete your task directly. Although least likely to succeed, this is the easiest method

and the most straightforward. The individual knows exactly what you want them to do.

The second is by creating a contrived situation which the individual is simply a part of.

With more factors than just your request to consider the individual concerned is far more

likely to be persuaded, because you can create reasons for compliance other than simply

personal ones. This involves far more work for the person making the attempt at

persuasion, and almost certainly involves gaining extensive knowledge of the 'target'.

This does not mean that situations do not have to be based in fact. The less untruths the

better.

One of the essential tools used for social engineering is a good memory for gathered facts.

This is something that hackers and sysadmins tend to excel in, especially when it comes

to facts relating to their field. To illustrate this I am going to perform a small

demonstration....

[Demonstration here. This basically showed that with social pressure an individual will

conform to a group decision, even if it is obviously the wrong choice.]

Conformity

Even in cases where a person is sure they are right it is possible to cause them to act in a

different manner. If I had simply asked the last person on their own what the middle word

was they would have given me the correct answer and no matter how much I tried to

persuade them they probably wouldn't have changed their mind.

However, this group setting was a vastly different situation. This situation had what

psychologists called 'demand characteristics', that is this situation had strong social

constraints on how the participants should act. Not wishing to offend the other people, not

wanting to look dozy in front of a large audience and not undermining the views of the

other well respected participants all lead to a decision to 'go with the flow'. Using

situations with these characteristics is an effective way of guiding people's behaviour.

Situations

However, most social engineering is conducted by lone individuals and so the social

pressure and other influencing factors have to be constructed by creating a believable

situation which the target feels emmersed in.

If the situation, real or imaginary has certain characteristics then the target individual is

more likely to comply with your requests. These characteristics include:

• Diffusion of responsibility away from the target individual. This is when the individual

believes that they are not solely responsible for their actions.

• A chance for ingratiation. Compliance is more likely if the individual believes that by

complying they are ingratiating themselves with someone who may give them future

benefits. This is basically getting in with the boss.

• Moral duty. This is where an individual complies because they feel it is their moral duty

to. Part of this is guilt. People prefer to avoid guilt feelings and so if there is a chance that

they will feel guilty they will if possible avoid this outcome.

Personal persuasion

On a personal level there are methods that are used to make a person more likely to cooperate

with you. The aim of personal persuasion is not to force people to complete your

tasks, but enhance their voluntary compliance with your request.

There is a subtle difference. Basically, the target is simply being guided down the

intended path. The target believes that they have control of the situation, and that they are

exercising their power to help you out.

The fact that the benefits that the person will gain from helping you out have been

invented is irrelevant. They target believes they are making a reasoned decision to

exchange these benefits for a small loss of their time and energy.

Co-operation

There are several factors, which if present will increase the chances of a target cooperating

with a social engineer.

The less conflict with the target the better. Co-operation will be more readily gained when

the softly-softly approach is used. Pulling rank (or invented rank), annoyance or orders

rarely work for effective coercion.

The 'foot in the door' factor is where the focus of a persuasion attempt already knows a

you or has had experience of dealing with you. This is a particularly effective and was

known by con men as the 'confidence trick'. Psychological research showed that people

are more likely to comply with a large request if they have had previously complied to a

far smaller one. If this 'foot in the door' includes a positive history of co-operation, where

things have gone well in the past, then the chances of co-operation are greatly increased.

The more sensory information a target can gain from a social engineer the better. This is

especially true of sight and sound, you are more likely to be believed if the target can see

and hear you than if they can just hear your voice over the fone. Unsurprisingly ASCII

text communications are do not lend themselves to persuasion. It is very easy to refuse

someone via a IRC style chat.

Involvement

However, success does depend a lot on how involved a person is in the request you are

making. We can say system administrators, computer security officers, technicians and

people who rely on the system for essential work tools or communication are highly

involved in most social engineering attacks by hackers.

Highly involved people are persuaded better by strong arguments. In fact the more strong

arguments you give them the better. Suprisingly its not the same for weak arguments.

Someone highly involved in the attempt at persuasion is less likely to be persuaded if you

give them weak arguments. When someone is likely to be directly affected by a social

engineering attempt, weak arguments tend to generate counter arguments in the targets

head. So for highly involved people, the rule is more strong arguments, less weak

arguments.

People are classed as low involvement if they have very little interest in what you are

asking them to do. Relevant examples might be security guards, cleaners, or receptionists

at a computer system site. Because low involvement people are not likely to be directly

affected by a request, they tend not to bother analysing the pros and cons of persuasive

banter. Instead it is common for a decision to agree with your request or not to be made

based on other information. Such information could be the sheer number of reasons the

social engineer gives, the apparent urgency of the request or the status of the person

trying to do the persuading. The rule of thumb here is simply the more arguments or

reasons the better. Basically, people who aren't involved in what a social engineer is

trying to achieve will be more persuaded by the number of arguments or requests rather

than how relevant they are.

One important point to note is that less competent people are more likely to follow more

competent models. In the case of computer systems this is likely to be low involvement

people. The moral of these points is, don’t try and social engineer the sysadmin, unless of

course the sysadmin is less competent than you are, which as we all know is very

unlikely.

Securing against human attacks

With all this information how would someone go about making their computer system

more secure ? A good first step would be to make computer security part of everyone's

job whether they use computer or not. This will not only boost their self perceived status

with no extra cost to you but will make staff more vigilant. If you make someone

involved in keeping your computer system secure they are more likely to pay closer

attention to unauthorised individuals trying to gain access to a system.

However, the best defence against this, as with most things, is education. Explaining to

employees the importance of computer security and that there are people who are

prepared to try and manipulate them to gain access is an effective and wise first step.

Simply forewarning people of possible attacks is often enough to make them alert enough

to spot them. Remember, to give both sides of the story when educating people about

computer security. This isn't just my personal bias. When individuals know both sides of

an argument they are less likely to be disuaded from their chosen position. And if they are

involved in computer security, their chosen position is likely to be on the side of securing

your data.

There are attributes which people less likely to comply with persuasion tend to have. Less

compliant people tend to be pretty bright, highly original, able to cope with stress and

reasonably self confident. Stress management and self confidence can be taught or at least

enhanced. Self assertion courses are often used for management employees, this training

is excellent in reducing the chances of an individual being socially engineered, as well as

having many other employment benefits.

What this comes down to is making people aware and involved in your security policy.

This takes little effort and gives great rewards in terms of the amount of risk reduction.

Conclusion

Contrary to popular belief, it is often easier to hack people than sendmail. But it takes far

less effort to have employees who can prevent and detect attempts at social engineering

than it is to secure any unix system.

Sysadmins, don't let the human link in your security chain let your hard work go to waste.

And hackers, don't let sysadmins get away with weak links, when it is their chains that are

holding your data.

# # #

+ نوشته شده در 85/10/06ساعت 14:36 توسط علي قنبرزاده |

مهندسي صنايع(برنامه ريزي وتحليل سيستم)