Social Engineering Blogs

The Humintell Blog June 6, 2015

Smile Game!

Can you tell the difference between an enjoyment and social smile?

Test your knowledge by taking our smile game by clicking HERE or on the image above!

The Humintell Blog June 3, 2015

Humans May Have Less Hair So Emotions Are Easier To Read

Researchers believe humans evolved to have less hair on their faces than their primate relatives so it’s easier to read their moods. Humans are often considered hairless apes, but scientists are still debating why we’re not covered in hair like our primate relatives. No one has pinpointed exactly why this is, but evolutionary reasons include moving from cooler to warmer climates, or to free ourselves from lice and other parasites.

A third reason, proposed by neurobiologist Mark Changizi, suggests we lost our hair so it’s easier for others to read our expressions. Particularly, how our skin color changes and what it means, such as blushing. Humans are trichromats, which means we have three cones allowing us to detect light in the medium wavelength including a red and green mix. Known as color signaling, even the slightest changes in skin color are picked up by another person. These changes happen with varying levels of oxygen in the blood. If our faces were covered in hair, we wouldn’t be able to see these changes.

The fact that humans walk upright means more of our bodies are exposed, which explains why we’re also almost entirely hairless. Most mammals on the other hand, such as dogs, horses and bears, are dichromats with only two cones, and are only able to see short and long light wavelengths from blue and yellow blends. According to Changizi’s research, which involved 97 different primate species, the dichromats were furrier, while the trichromats had much more skin visible.

It’s possible, color signaling wasn’t the original reason humans began shedding their hairy exterior, and instead became a byproduct of it.

Humans May Have Less Hair So Emotions Are… by GeoBeats

Security Metrics Blog June 3, 2015

How Do New Penetration Test Requirements Affect You?

A whitepaper containing important clarifications made in the PCI Council’s penetration test informational supplement. Gary Glover, Director Security Assessment, SecurityMetrics By: Gary GloverTo ensure minimal confusion with new PCI DSS penetration test requirements (Requirement 11.3), the PCI Council released a much-needed penetration test informational supplement in March 2015.Download the whitepaper for a detailed analysis, or read on for a quick overview of the newest changes and additional guidance to PCI DSS penetration test requirements.Use industry-accepted approachesNow, an industry-recognized methodology must be used when conducting a penetration test (e.g., NIST 800-115, OWASP Testing Guide, etc.).Include critical systems in the penetration testIn PCI 3.0, penetration testers are not supposed to neglect the critical systems in a merchant’s environment. Their scope for the pen test should exceed outside of the card data environment, and include any critical systems present in the merchant environment.Continue external and internal penetration testsThe definition of internal and external testing didn’t change in 3.0, but the merchants required to have an external or internal test did. penetration testing methodology Provide authentication in application-layer and network-layer penetration testingOne of the clarifications detailed in this section is that penetration testers need to conduct an authenticated pen test. This means the customer must provide the penetration tester with credentials to access the system, instead of requesting that he try to penetrate their system blindly.Start testing network segmentationSegmentation checks are new penetration tests that make sure merchants have segmented their network correctly. Review of past vulnerabilities and threatsThis brand new requirement explains that both merchants and penetration testers are responsible for reviewing a merchant’s past vulnerabilities.ConclusionFor more information and details on the newest requirements, I encourage you to familiarize yourself with the informational supplement recently released by the PCI Council and download our whitepaper.Gary Glover (CISSP, CISA, QSA, PA-QSA) is Director of Security Assessment at SecurityMetrics with over 10 years of PCI audit experience and 25 years of Star Wars quoting skills. May the Force be with you as you visit his other blog posts. Current Hacking Trends Ebook