From ge at linuxbox.org Sun Feb 14 16:46:58 2010 From: ge at linuxbox.org (Gadi Evron) Date: Sun, 14 Feb 2010 18:46:58 +0200 Subject: [psysec] Personal Story, Tactical Communication and Conversation Manipulation Message-ID: <4B782902.7090600@linuxbox.org> Going back home from meeting friends for a beer, I was excited. It's not often that I encounter something cool to do, which appeals to my youth's old tactical nature. When it does, I jump it! This is a story of how someone tried to manipulate me, and how I countered. The two friends with me discussed a fascinating topic I didn't even know existed, and simply because I saw that I could do so, I decided to bring this topic to a larger audience, creating a mini-conference on the subject. First on my list was to find a location, so I contacted a local academic who could be a good partner for this, and called a couple of other friends to get them on board, arranged for speakers, PR and other necessities. The next day I received an answer with a phone number, and within a few hours had the academic in question on the phone. Our conversation was very easy-going and friendly in tone. Smiles splattered on our faced. I told him I am excited to speak with him, as he obviously has more experience on this particular subject. I was differential as academic ego demands, showing him the respect he deserves, but in tone -- I remained an equal. I made my case, and he cut in, asking "Can you explain what you have in mind? We ran a conference on this four years ago. Do you have something new to warrant an event?" "No," I answered in an /interrupt/ of my own. He apparently didn't expect that, so I asked to continue my pitch, and then did. A lot changed in the last four years, and even if not, in a university environment, four years ia an eternity -- with many new students who would appreciate this event. I had better arguments than these, and as my purpose was cooperation rather than confrontation, I preferred to move on. I explained how this topic is exciting, how it has direct impact on both higher education as well as real implications for daily life, governance, and the economy. I used two anecdotal examples to illustrate this, and my excitement probably dripped all over him, even over the phone. "Well," he responded, "let me tell you about an idea I had." /DING DING DING DING DING/ Warning bells sounded in my head. "Happily, what's your idea? He told me about an event idea, which sounded interesting. As he spoke I got about three ideas running in my head on the subject, but I listened quietly. "I would like to work with you, and if you can take some time to think of ideas for what we can do at this event, I'd appreciate us talking about them." /Stay on message/ "Of course," I said, "I'd be more than happy to." And I was. "However", I continued with the same breath, "this conversation is about the first idea, so while I'd definitely like to discuss this with you further later, let's stick to the first one for now." "Alright." he said, and we discussed a bit further, at which point he said "well, last year we ran a small event on this topic, and there was real innovation there which we could showcase. What will be new here?" I explained a bit more on why I am excited, and why the topic is relevant, and how such an event can be beneficial. Then I decided to change tactics to show my resolve. /Stay on message, clarify position/ "As you know, I am a security professional." "Yes, that is where I know you from. Security, Internet, Cyber Warfare... Why does this subject interest you?" "Truth be told," I happily jumped in, "I am excited. I learned to be a strategic person, but at heart, I am a tactical person, energized by excitement. I am excited about this topic, and I am willing to put the time into making this event happen. I will make it happen, but as I know of your vast expertise, I decided I must approach you first." After more deliberation he asked me "What do you think of my event idea? I'd appreciate your opinion on ideas for it, and we can get back together on this after you think about it." /DING DING DING DING DING/ Alarm bells rang again. "I already thought about it, and have three ideas so far." "Oh, great! What are your ideas?" I shared two, as my short-term memory had already erased the third. I told him as much, and I think he believed me, but it could be seen as a lure or a trick. We were extremely friendly. He asked me to email him the third one if I remember it. I promised to do so. /Stay on message/ "I'd like however, to finish our discussion of my idea for now, as there is a time constraint." When he heard I want to get it done within a month rather than a year, he was shocked. I told him how excited I am about the specific speakers I want to bring, and how one of them is leaving the country to join his new wife, and he is a major source of my energy for this. I mentioned how I understand if his events schedule is already closed for the coming year, but wanted to make sure and contact him first. It wasn't my intention to go cold on him or play "girl negotiation" by appearing not interested. But whether it was my excitement or the "girl tactic", or even the ego massage, it seemed to work. He got excited about this speaker as well, and asked about getting him on video before he leaves. Then.... /BANG BANG BANG BANG BANG/ A trick I've never seen before, which unlike the ones used up to now, is purely manipulative from whatever perspective you may look at it. "How about we both take a couple of days to think of our two ideas, then get back together and pick one?" This is wrong on so many levels. To begin with, his idea is not on the agenda. Second, he assumes I am willing to give up on my idea. Third, he assumes it's one or the other, this is a false choice logical fallacy. More importantly, with this trick he can potentially achieve four immediately obvious things. First, wipe the slate clean to run his arguments by me again. Second, put distance between the chats so that I have time to move from my strong position, and consider his, perhaps feeling uncomfortable turning him down again. Third, it puts the subject on the agenda. And fourth, potentially try to wear me down, as most people won't call again in two days, or in two months. I didn't miss a beat. "I would be happy to discuss your idea separately, it sounds very interesting and I'd be happy to work with you on it. However, my resources are limited and at this time I am only interested in working on this one." I added my winning argument: "I believe that I can get very good PR coverage for this mini-event, and get cooperation with Famous-Non-Profit which will also be happy to cover a part of the costs." He lighted up at the mention of PR. We spoke for a bit and he asked me for a few days to speak with his boss. A few days when I have only a month to get things going are critical, so I wasn't happy about it. But the request was reasonable. He threw the ball into my court though, so when I got off the phone, I sent him an email. I detailed five good ideas for his event, mentioned I was happy to talk with him, and was looking forward to hear from him soon. I also attached my phone number. As I said when I started this post, he really is a good guy, and very friendly. But he is also a politician. He is an expert communicator who interviewed people live for a decade on national radio. So while I dislike manipulative behavior I recognize that for some, such behavior is more than acceptable. In fact, it is regular m.o. and needs to be expected as part of the game. Thing is, even just a few years ago I would have gotten stuck after his first /interrupt/, and either ended up working on his event without realizing it -- or because I am too friendly. Worse still, I could have mishandled the communication in a potentially offensive fashion. Some years ago more, and I wouldn't have been able to play the game, and would have taken offense. Being able to switch gears into "I'm being manipulated", think fast on my feat with my responses, and keep the conversation on track for my purposes (also the stated agenda of the call) -- all while keeping the rapport going without losing one heart beat, got me very excited. The content of the call was suddenly secondary. While I am extremely straight-forward and honest in my communication style, I am a work in progress and am always learning. And I must admit, when two professionals meet, the conversation is happening on a completely different level. I am just surprised he didn't read through me that I was on to every single trick, when I was able to deflect them all. Or maybe he did and kept throwing them at me anyway to try and outwit me? _There are a few issues to consider about this encounter_: 1. What was his motive? Perhaps he confused me for a hungry young hot shot, and wanted to use my excitement for his own ends. Perhaps a clear-cut switch-a-roo and get me to work on his event, "stealing" me from mine. Thus, bringing the conversation to where he wants it. Then again, maybe he was just trying to end the conversation non-confrontationally. 2. His main tricks, in order were: change subject, switch-a-roo, get back together in 2 days. 3. What can you do to counter such tricks? After all, you may not always have a quick wit about you, or know the specific tricks. The answer is similar to holding your own in politics: Stay on message. Know what your message is and stick to it. Others may try to confuse you, throw you off, and introduce a red-herring such as sending it for discussion in committee. Stay on message. 4. More importantly, the conversation made it clear it is quite possible he has no political power on this front, and thus can't give me what I want anyway. Which brings us to... 5. What is your goal? When I saw he was doing this twice, as can be excused as part of natutal discussion, why keep going? My purpose is to achieve my goal, and if I am not going to, why stay on a call that is probably uncomfortable for at least one of the sides, and as sure as the sky is blue, wastes my time? If my purpose is not adversarial, why treat the situation as a battle? Cooperative discussion is a much better approach. As no cooperation was likely to happen, keeping the discussion going is a waste of time. By the second trick, it is usually clear to both sides what's going on. Keeping it going has no purpose, and indeed is a waste of time. In summary, it didn't work out. But you should not get me wrong, I have a lot of respect for the guy. But it was one of the more fascinating five minutes in my life these past few months. _Here are some articles I wrote on similar experiences I had_: I'm interested, but in you: http://gevron.livejournal.com/11841.html Snap! Jazz music and mass hypnosis: http://gevron.livejournal.com/32719.html WTF! Or, wow, this never happened to me before! http://gevron.livejournal.com/29557.html This story can be found here: http://gevron.livejournal.com/40376.html Gadi. -- Gadi Evron, ge at linuxbox.org. Blog: http://gevron.livejournal.com/ From RL_Vaughn at baylor.edu Mon Feb 15 22:04:27 2010 From: RL_Vaughn at baylor.edu (Vaughn, Randal L.) Date: Mon, 15 Feb 2010 16:04:27 -0600 Subject: [psysec] Personal Story, Tactical Communication and Conversation Manipulation In-Reply-To: <4B782902.7090600@linuxbox.org> References: <4B782902.7090600@linuxbox.org> Message-ID: <7B0D3B02-257D-42FB-BB4E-6787FC755080@baylor.edu> On Feb 14, 2010, at 10:46 AM, Gadi Evron wrote: > Going back home from meeting friends for a beer, I was excited. It's not > often that I encounter something cool to do, which appeals to my youth's > old tactical nature. When it does, I jump it! This is a story of how > someone tried to manipulate me, and how I countered. > > The two friends with me discussed a fascinating topic I didn't even know > existed, and simply because I saw that I could do so, I decided to bring > this topic to a larger audience, creating a mini-conference on the subject. > > First on my list was to find a location, so I contacted a local academic http://courses.georgetown.edu/index.cfm?Action=View&CourseID=PHIL-180&AcademicYear=2007 perhaps? From ge at linuxbox.org Mon Feb 15 22:19:29 2010 From: ge at linuxbox.org (Gadi Evron) Date: Tue, 16 Feb 2010 00:19:29 +0200 Subject: [psysec] Personal Story, Tactical Communication and Conversation Manipulation In-Reply-To: <7B0D3B02-257D-42FB-BB4E-6787FC755080@baylor.edu> References: <4B782902.7090600@linuxbox.org> <7B0D3B02-257D-42FB-BB4E-6787FC755080@baylor.edu> Message-ID: <4B79C871.2060508@linuxbox.org> On 2/16/10 12:04 AM, Vaughn, Randal L. wrote: > > On Feb 14, 2010, at 10:46 AM, Gadi Evron wrote: > >> Going back home from meeting friends for a beer, I was excited. It's not >> often that I encounter something cool to do, which appeals to my youth's >> old tactical nature. When it does, I jump it! This is a story of how >> someone tried to manipulate me, and how I countered. >> >> The two friends with me discussed a fascinating topic I didn't even know >> existed, and simply because I saw that I could do so, I decided to bring >> this topic to a larger audience, creating a mini-conference on the subject. >> >> First on my list was to find a location, so I contacted a local academic > > http://courses.georgetown.edu/index.cfm?Action=View&CourseID=PHIL-180&AcademicYear=2007 Now, that is cool. > > perhaps? > -- Gadi Evron, ge at linuxbox.org. Blog: http://gevron.livejournal.com/ From raoul.chiesa at mediaservice.net Tue Feb 16 12:37:00 2010 From: raoul.chiesa at mediaservice.net (Raoul Chiesa) Date: Tue, 16 Feb 2010 13:37:00 +0100 Subject: [psysec] Personal Story, Tactical Communication and Conversation Manipulation In-Reply-To: <4B79C871.2060508@linuxbox.org> References: <4B782902.7090600@linuxbox.org> <7B0D3B02-257D-42FB-BB4E-6787FC755080@baylor.edu> <4B79C871.2060508@linuxbox.org> Message-ID: <4B7A916C.4020302@mediaservice.net> Gadi, just to tell you I've totlaly enjoyed the way you "resumed" the facts: thanks, helpful ! Raoul Gadi Evron ha scritto: > On 2/16/10 12:04 AM, Vaughn, Randal L. wrote: >> >> On Feb 14, 2010, at 10:46 AM, Gadi Evron wrote: >> >>> Going back home from meeting friends for a beer, I was excited. It's >>> not >>> often that I encounter something cool to do, which appeals to my >>> youth's >>> old tactical nature. When it does, I jump it! This is a story of how >>> someone tried to manipulate me, and how I countered. >>> >>> The two friends with me discussed a fascinating topic I didn't even >>> know >>> existed, and simply because I saw that I could do so, I decided to >>> bring >>> this topic to a larger audience, creating a mini-conference on the >>> subject. >>> >>> First on my list was to find a location, so I contacted a local >>> academic >> >> http://courses.georgetown.edu/index.cfm?Action=View&CourseID=PHIL-180&AcademicYear=2007 >> > > Now, that is cool. > > >> >> perhaps? >> > > -- -------------------------------------------------------------------------- Raoul Chiesa, Founder OPSA, OPST, ISECOM International Trainer CLUSIT, ISECOM, TSTF, OWASP Italian Chapter: Board of Directors Member Osservatorio Privacy & Sicurezza - OPSI-AIP, Comitato Esecutivo United Nations consultant on cybercrime @ UNICRI (http://www.unicri.it) @ Mediaservice.net Srl Tel: +39-011-32.72.100 Via San Bernardino, 17 Fax: +39-011-32.46.497 10141 Torino - ITALY http://mediaservice.net/disclaimer -------------------------------------------------------------------------- PGP Key - https://keys.mediaservice.net/r_chiesa.asc From ge at linuxbox.org Tue Feb 16 13:17:45 2010 From: ge at linuxbox.org (Gadi Evron) Date: Tue, 16 Feb 2010 15:17:45 +0200 Subject: [psysec] Personal Story, Tactical Communication and Conversation Manipulation In-Reply-To: <4B7A916C.4020302@mediaservice.net> References: <4B782902.7090600@linuxbox.org> <7B0D3B02-257D-42FB-BB4E-6787FC755080@baylor.edu> <4B79C871.2060508@linuxbox.org> <4B7A916C.4020302@mediaservice.net> Message-ID: <4B7A9AF9.8090206@linuxbox.org> On 2/16/10 2:37 PM, Raoul Chiesa wrote: > Gadi, > just to tell you I've totlaly enjoyed the way you "resumed" the facts: Thanks for the compliments! Far from my best writing, but the content is solid. > thanks, helpful ! > Raoul > -- Gadi Evron, ge at linuxbox.org. Blog: http://gevron.livejournal.com/ From marcin at kajtek.org Tue Feb 16 22:17:17 2010 From: marcin at kajtek.org (Marcin Antkiewicz) Date: Tue, 16 Feb 2010 16:17:17 -0600 Subject: [psysec] Israelification of airport security Message-ID: <7ed5f2121002161417g3515365av7d6e2a610bffb423@mail.gmail.com> Greetings, I've found something immensely interesting, related to the reason I hate to fly - the airport security. It's a theater and, as _most_ theaters in the US it's very expensive, and not very good. Source: http://www.thestar.com/news/world/article/744426--what-israel-can-teach-us-about-security quote 1: "[..]The first layer of actual security that greets travellers at Ben Gurion is a roadside check. All drivers are stopped and asked two questions: How are you? Where are you coming from?[..]" Quote 2: "[..]First, it's fast ? there's almost no line. That's because they're not looking for liquids, they're not looking at your shoes. They're not looking for everything they look for in North America. They just look at you,[..]" What they say, essentially, is that we should stop worrying about a catalog of vulnerabilities, and start addressing the threats. The same is true for IT Security, which is fixated on piling on $50k solutions, and calling it defense in depth, while adhering to a 1990's threat model. In the long run, the result is little actual security and a huge bill for all of the point solutions. -- Marcin Antkiewicz From rMslade at shaw.ca Thu Feb 18 08:14:00 2010 From: rMslade at shaw.ca (Rob, grandpa of Ryan, Trevor, Devon & Hannah) Date: Thu, 18 Feb 2010 00:14:00 -0800 Subject: [psysec] Social engineering for the 133t only Message-ID: <4B7C8648.22243.307CB35@localhost> Since the readers of this list are above average in intelligence and knowledge of social aspects of security, I knew you'd be interested in this study: http://www.scientificamerican.com/article.cfm?id=flattery-will-get-you- far&sc=MND_20100216 ====================== (quote inserted randomly by Pegasus Mailer) rslade at vcn.bc.ca slade at victoria.tc.ca rslade at computercrime.org Capitalism is the astounding belief that the most wickedest of men will do the most wickedest of things for the greatest good of everyone. - John Maynard Keynes victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/NoticeBored http://twitter.com/rslade From stephan.humer at web.de Wed Feb 24 19:41:18 2010 From: stephan.humer at web.de (Stephan Humer) Date: Wed, 24 Feb 2010 20:41:18 +0100 Subject: [psysec] Call for Articles: Social Engineering book Message-ID: <4B8580DE.1010805@web.de> Dear list members, Social Engineering is not only a fascinating field of activity, but also clearly underrepresented in academic discussions. So I would like to invite you to an edited book, covering the latest trends, discussions and developments in Social Engineering, preferably with a digital context, but not limited to it. This mailing list shows me that there is a basis for such a project, so feel free to discuss this topic right here and contribute to it. Interested authors should submit an extended abstract of no more than 500 words (in English) by April 1st, 2010. The articles should be completed within the upcoming summer. The book will be peer reviewed and published as a part of the Berlin University of the Arts Digital Class serial in 2010. The serial is an effort to raise people?s awareness of contemporary digital theory aspects in our society. Best Stephan -- Dr. Stephan G. Humer For detailed contact information see www.humer.tel