[psysec] starting with a joke
KC
om3gathirt33n at gmail.com
Tue Apr 14 15:41:13 UTC 2009
Hi All,
I guess in my world it may be a little bit different, since it's online
marketing specific to compliance for integrated promotions [sweepstakes,
instant win games, & contests, online or with SMS, IVR, or unique code
integration]. For us, the intersection of security and psychology is the
delicate balance between creating something that is as attractive and
engaging as possible without being too attractive and engaging to the
segment of the audience that is prone to damage the system, whether by
mechanical means or good old fashioned diligence.
Keeping the data collected and the processes by which we designate game
states in our promotions secure is of the utmost importance to us, but it
can't come at the cost of becoming so cumbersome to our targeted audience
member that it isolates them. So it is very important that we keep the
work-reward balance in check at all times from the social perspective.
And yet, that work-reward balance between game play, or interaction, and
potential to win and short-term reward must be in balance from several other
socially engineered or psychologically based factors as well... who is our
target audience? Is it a narrow enough audience to create a truly relevant
game or message set, or prizing? Can we allow user generated content and
communications with the brand or the promotional module without violating
either a law or a brand tenant? If so, how can that data be monitored and
maintained while retaining authenticity [if authenticity is necessary to
that audience at all]?
How much can we ask of a group of people before they think that this is too
much to ask in return for the potential pay-off? And how many
technology-based road bumps can we put in the way to guarantee that their
Pii or transactional data remains secure before that burnout occurs?
You'd be shocked at just how much we can ask of certain audiences, and how
far we can push them in pursuit of a prize, or a coupon, or sample. We
continue to be shocked by it every day. Doesn't mean that I don't want want
it to become increasingly easier for the end user and more robust [& secure]
on the back-end with every new pass.
>From the hacker perspective, are most insidious ones are the most low tech,
often using dial-ups or running slow-paced or lower frequency accesses into
the system to purposely not trip our bandwidth or gameplay monitors. Kinda
like that guy in the basement of Real Genius...
/KC
On Thu, Apr 9, 2009 at 1:33 PM, Gadi Evron <ge at linuxbox.org> wrote:
> Now that everybody is receiving list email, I am re-posting this.
>
> I figured we could start with a joke:
>
> Camera 'Round Neck Makes You a Tourist:
>
> http://i.gizmodo.com/5174168/proof-that-a-camera-round-the-neck-makes-anyone-look-like-a-tourist
>
> The social engineers in the bunch are going to appreciate that.
>
> So, what is YOUR opinion on what's important, and/or requires cooperation
> between our two worlds of security and psychology?
>
> Gadi.
>
>
>
> _______________________________________________
> psysec mailing list
> psysec at whitestar.linuxbox.org
> http://whitestar.linuxbox.org/mailman/listinfo/psysec
>
--
/KC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://whitestar.linuxbox.org/pipermail/psysec/attachments/20090414/9d9e7fae/attachment.html>
More information about the psysec
mailing list