The wine webshop http://www.weingut-martin.de/ is this weeks winner of my brand new Best Security Ever award.

1. Visit their site, http://www.weingut-martin.de/
2. Find something you want to order.
3. Look at the link to Kaufen (buy): (link cut here to avoid very long line):
   http://www.weingut-martin.de/warenkorb.php?cmd=new \
   &bestell=2612 \
   &name=Homburger%20Kallmuth%20Silvaner%20Kabinett%20halbtrocken \
   &preis=4.80&tip=boxbeutel
4. Notice how preis (price) is part of this link. Don’t just click Kaufen to buy, copy the url and change the &preis variable to something like 0.50 and paste that link into your browser…
5. Cheap wine!

Now, I’m not saying you should actually go ahead and do this and finalize the order (which actually works). I’m just saying that that is a great security design right there. really thought-through.

Social engineering is a very nice tool. It bullet summary it simply means interacting with one or more people in order to archive an objective. If you, for example, are in the same room as your adversary and you need to replace his pen with a identical pen which contains a microphone then all you have to do is to ask this person to go get something, anything at all, and replace the pen.

The concept is frequently mentioned both in shadowy secret meetings with corporate leadership and members from the intelligence community. It is also sometimes mentioned on IRC in relation to “xiando”.

04:40 -!- Irssi: Join to #tor was synced in 8 secs
04:44 < arma> good point. do feel free to fix it
05:15 < Armedblowfish> Is xiando an operator on this channel?
05:15 < arma> not that i know of
05:15 < Armedblowfish> Then how would he/she fix it?
05:16 < coderman> social engineering
05:16 < croup> rubber hoses
05:16 < coderman> weasel can be presuaded… with a little effort or hard cash…