I don't agree with his post. However it was clearly a reasonable position and not "unsubstantive comments and rants" as you are claiming. That is not a reasonable claim at all. Your post is unwarranted and is highly abusive. Just stop. Bullying valid minority viewpoints is not cool and does not contribute to the quality of polite rational debate and discussion.
No, you totally, utterly fail to understand the interaction here and it is you that should stop. If you want to second guess the moderation here you're on very thin ice, this is a pretty clear cut case of someone purposefully ignoring the meat of an article to stir the pot.
Note that the victims here are not party to the exchange, contrary to what is claimed in that comment, it is the call center employees of the phone company that are being social engineered into making an unauthorized change to a subscribers record.
If you want to limit the use of the words 'social engineering' to the cases where the victims are the ones being social engineered you're ignoring about 3 decades worth of use of the term to apply to any situation where through clever exchanges an elevated level of access was achieved to some resource or other, and those exchanges do not have to be directly with the victim.
Typical example: call the secretary from the 'IT department' to gain access to the system of the boss.
The comment in question was in poor taste by mocking victims of hacks for being stupid, and the premise of it was wrong anyway (not understanding that it's the telco customer service at fault more than the people who got hacked).
That's about as unsubstantive/low quality as comments go, and really doesn't qualify as "polite rational debate and discussion". It makes sense for a mod to step in and say something.
I must disagree with this. Monsieur Lerie clearly and specifically objects to the use of the term "social engineering". This does in fact deal with situations where naïve persons can be fooled by con artists. This is a problem in the field. A problem we are all aware of.
Denying that it is a problem is counterproductive. Denial does not address the core issues, of exploits that utilize and depend upon the naïvity of the mark.
I do not agree with him that a solution is to prevent the technologically naïve from having access to phones. Nonetheless, this is still an issue that must be addressed. Security schemes intended to protect the general market of customers must not rely upon the customer's sophistication in defense against social engineering scams. Many customers, quite reasonably, are technically naïve in some aspect or another. In is completely improper as a security protocol for mass market products to rely upon customers having enlightened opsec.
The part you are missing is that the mark is not the one being socially engineered. The attacker is getting a completely random telco to hijack the mark's phone number by socially engineering the telco. There is nothing 'the mark' can do to prevent this.
