信息来源：http://www.cc.gatech.edu

Social engineering is one of the most dangerous and easiest to exploit threats to information security today. The "human element" introduces an unpredictable variation into security that cannot be prevented with a simple technical control. Pfleeger puts forth the Principle of Easiest Penetration, which states that the methods that require the least amount of work on the part of the intruder will be the first to be exploited (Pfleeger, 5). By exploiting aspects of human nature such as the desire to help a fellow employee in need or to impress a superior by saving the day, the accomplished social engineer can gain access to confidential data and systems, insert backdoors for later use, or exploit virtually any other tangible risk to an information system.

在这里再放一个米特尼克写的《欺骗的艺术》，就更好了！

《欺骗的艺术》中文版...一部分翻译:blog.csdn.net/raiden56

社会工程学是一个最危险和最容易今天利用威胁对信息安全。 "人的元素" 介绍变化莫测的变异入无法被防止以一个简单的技术控制的安全。 Pfleeger 投入最容易的渗透的原则, 哪阐明, 要求的方法最少相当数量工作在入侵者部分将是一被剥削(Pfleeger, 5) 由利用人类本性的方面譬如欲望帮助一名雇员在需要或打动优胜者由保存天, 成功的社会工程师能对机要数据和系统能够存取, 插入backdoors 至于最新使用, 或盘剥实际上其他有形的风险对于信息系统。