Social Engineering Blogs

An Aggregator for Blogs About Social Engineering and Related Fields

Successful Introductions … Getting Results

Happy New Year Everybody. Sorry I have been slack with blog posts this year, family and work are keeping me busy at the moment.

So less about the excuses and more about the doing :) When I speak to people about Social Engineering there are many common themes, most common being how to handle failure and how to go about being the person / group you are impersonating. The other one is how you make that initial introduction, and start getting your manipulation fu on. Its a good question, and one I used to struggle with when I first got started.

I would say its pretty common to be nervous when approaching someone, especially when you have some form of manipulation planned. I don’t want to offend anyone, but this is what dating is initially right? You want that person of interest to be spell bound by you, so how do you make that first step without totally destroying any chance of success? Well my clue is in the aspect of dating.

When I was researching Hypnosis, NLP and the wonderful world of Mentalism I came across the work of PUA (Pick Up Artist) Ross Jeffries. Now I am no huge fan, and I think some of this stuff from the PUA community is border line on the ethical and moral front for me, but I am sure it works and gets the results if thats your thing. Anyway, one of the things they talk about is how to introduce yourself to that person of interest. This technique applies for the dating game, if your looking to try out some magic and mentalism, as well as engaging in some social engineering. Obviously its important to have context, and timing and the place is crucial, but the approach is to Compliment, Introduce, Question (CIQ).

A simple example could be as follows: You look like a helpful set of guys, my name is Dale and I started here today. I left my badge inside, would you help me get back in please?

Its simple, concise and does the job. It is also useful to use language that implies compliance. Phrases that include, could you, would you, can you etc have a form that implies of course we all know you can meet our request, but its not very often you get a smart Alec that doesn’t want to comply.

Short but sweet post, but something for you to try out in any situation where you need to introduce yourself, remember never miss an opportunity to use the power of persuasion.

Constraints and The Bandwidth Problem

I got in a conversation last week about the upcoming bandwidth crisis in the core. I’ve managed to forget about those issues more and more over the past few months. I’ve spent a lot of time thinking about vulnerability research and social engineering lately at the expense of a lot of other security thinking. But that conversation and this article brought my thinking back to the infrastructure side of security. From the article:

“The super-high-speed cable is now hidden under six feet of Cornish beach-which is just as well, because if it were discovered and damaged, the entire web in Britain could turn to treacle. Warren Pole reports on the fragile network of ocean cabling that keeps the modern world turning, the madcap economics of internet supply-and why it will run out of space by 2014 unless scientists think of something… fast.”

While we’re pushing bandwidth at the final mile (I’m able to get 25Mbps down, and that’s not even on FIOS), we’re going to run in to significant snags at the key chokepoints – the core internet infrastructure and the transoceanic cables.

According to the article, there are nine cables joining the US and England that have a capacity over 39Tbps.

When I started in security in the 90s, we spent a lot of time talking about infrastructure and the core. Then, we “solved” a lot of the bandwidth problems in the late 90s and got ahead of the game.

And now we’re deploying video across the net. I watched UFC 100 the other night through Yahoo. All of my TV is via iTunes/AppleTV.

We’re not prepared for users like me. And that doesn’t even consider the idea of wholesale IPTV. No question – the idea of trying to lay cable to solve this problem is going to be difficult to keep up with. These cable links, which can be seen simultaneously as being tenuous and formidable, retro and high tech and innovative and shortsighted, are a model for the often unpredicted but possibly anticipated challenges that keep us in business.

Technorati Tags: Fiber Optics, Internet security, Security, security awareness