Re: Social Engineering - resources

I am reading Douglas Rushkoff's Coercion. Yes, believe it or not, its about coercion! It might be the direction you are leaning towards a bit. I would also check out his other books as well. Its marketing based, well written, and talks a ton about different kinds of persuasion. Amazon and any other book websites should have some info about it to see if its the way you want to head.

Re: Social Engineering - resources

On the topic of NLP, you might as well start at the beginning with The Structure of Magic by Bandler and Grinder, however I'm not sure that's the direction you want to go. I've studied NLP pretty thoroughly and though one could make a link between a variety of NLP techniques and SE, it's a bit of a reach and probably not "on topic" enough for your paper to be useful. It is a wonderfully fascinating study, and I use NLP in my professional life quite frequently.

Cheers,

db

Re: Social Engineering - resources

If you had time on your side, I'd recommend cornering me at the next confernce, in a bar with Guinness on tap, and I'd run a mini-seminar on practical social engineering.

However, you're looking for instant information, and really the best stuff is learned in person, I would recommend that you hit the Craigslist for your part of the world and sign up for whatever crappy outside sales job there is and give it the real college try.

Sure, telemarketing is easy, but outside sales slowly grows basketball sized balls on you, and it makes you nearly bulletproof!

I worked for a very cheap company that expected their sales staff to forage for whatever sales leads they could land, I pounded the pavement cold calling the mornings and telemarketing in the afternoon, it was for a product that would only be bought once or twice a year, and the competition for selling this was ten pages long in the Yellow Pages.

Very same skills in sales, apply in social engineering!

A good easy and cheap read would be most of Jeffrey Gitomer's books, I have his "Little Red Book of Sales Answers: 99.5 Real World Answers That Make Sense, Make Sales, and Make Money" on my nightstand, but Robert Young Pelton's "Licensed to Kill" is ahead of it.

I'll jump in later in this thread with some more resources, something that might help in "your paper" is the practical applications of social engineering outside of information security, If you're a good enough SE, its only a matter of time before you get the recruiting call from the Lincoln Group or Strategic Communication Laboratories, or any of a number of other private social engineering firms.

Re: Social Engineering - resources

I should mention this paper is not term paper, it's a bit more extensive. I'm also looking forward continuing with the subject and do my thesis on this. So I'm really looking for everything relevant to the subject, and to let you know your efforts of replying are not pointless. I'm not completely new to the subject, but finding out resources has proven to be very difficult.

My goal is to graduate with work on SE, hopefully continue with the theme later on as well. I'm just fascinated by the subject. So basically this is not a hit and run, I'll continue with this topic even after this paper is done with.

Looking forward to go to some conventions, that is when I can afford other means of transportation than walking :) Hopefully soon though.

I'm a bit busy now, so I'll return to your replies later tonight. Thanks!

ps. sorry for the grammar, I'm not a native speaker.

Re: Social Engineering - resources

Thanks, I'll check this one out.

Well, to be perfectly honest, I'm not very familiar with NLP. I've heard many people mentioning it, so I'm thinking there must be something in it, at least worth studying some. I was wondering if that book was good, unfortunately I went with Introducing NLP Neuro-Linguistic Programming by Joseph O'Connor and John Seymour. Are you familiar with this one?

My goal is to understand the very basics of NLP in order to see if I should further study the subject within the context of SE. But I prefer little more information than wikipedia presents, for example.

I'm trying to get more perspective, since there really is nothing much out there that is SE spesific, except Art of Deception by Mitnick, but there is lots of other kinds of related material and I'm wondering if NLP is one of those things. Mitnick also drops the name of Cialdini, then related to that (social psychology) is definitely Stanley Milgram's experiment, http://en.wikipedia.org/wiki/Millgram_experiment ..

Social psychology is one perspective and fortunately better documented one. So... anyway these kinds of things can give some validity for what I'd like to write and study, in the eyes of those who read it that is.

Re: Social Engineering - resources

erehwon,
I'll check these out too ;).

Even though I'm studying SE "academically", I do come from programming background and my dream is not in academics but becoming a professional in security field, with SE mostly in mind.

Re: Social Engineering - resources

My brother has been a big fan on researching SE stuff...He gave me a couple of books to look at a while ago... One by H. Tsoukas - New Thinking in Organizational Behaviour: From Social Engineering to Reflective Action Which is pretty good to look in the aspect of 'logical thinking...' (More business Orientated..pretty good read so far)

I also just purchased The Art of Deception and can't wait to get some notes from it...I wonder how popular this book is.

Recently I actually searched through amazon for books on SE'ing' and found a book called "Stealing the Network - How to own the box." Written by a group of folks...If anyone has this book or has read it, please give me some personal opinion on it. It seems like its a fictional/sci-fi -esque book on SE in the IT world...as well as Weapons Defense companies and some other stuff, I don't know if it holds up to mitnicks' book, but if it is any good...I'll probably give it a read sometime...

StolenIdentity: Are you looking to work as some sort of Consulting? Or try for some sort of Security position in the (near) future?...Seems pretty interesting to focus directly on SE...A cool aspect in its own...I never thought about focusing directly on it, but yeah, Cool.

-Enven

Re: Social Engineering - resources

David Liebermans Books are all very good. Verbal Judo by George Thompson is excellent.

Re: Social Engineering - resources

enven,
I wonder how I've missed this one completely. This seems like a good read.

I guess Art of Deception is pretty popular, it's how I got into studying SE and fascinated by it. It was the book for me. Most books that mentions SE only does so in few sentences. So you really don't get a good idea of it, no examples, nothing. But Art of Deception gives you a whole book of knowledge, it is very captivating.

I'm not 100% sure what exactly it is that I want to do, but it definitely has to do with SE. I've realized this kind of late, first I was going for software engineering and then came across Mitnick's book, so that got me into the security field (in my studies) and ever since I've been on this track and I have no regrets. So I'm not really sure what I could do in the field with SE yet. Consulting seems all nice and lucrative, but I'd be into a job that gives me an opportunity to focus on this issue 100%, study more, participate in seminars/conventions and better myself.

I believe it's still very much an untapped source. I also still believe, that in order to understand SE, I have to understand much broader issues like the hacker culture and even when we are dealing with a non-technical issue, it seems to me it would be benefitial to still understand the technical issues. So to think like a social engineer and also to be able to do some of the stuff they do is my goal.

So we'll see.. I think I'm not going to proceed into PhD though. I want to get out there. My location is a limiting factor, I am from Finland so.. I think I'm the only one interested in SE, as far as academics go. I've never come across to another person with the same spesific interest. That's why I also have to do it all by myself, there's no support for this particular field for me in here. In fact, most people I've talked to, the discussion pretty much stops when I say the word 'hacker'. It's like a taboo and after that you really can't get a good conversation, there seems to be the stereotype that dominates what people think. And it's usually the stereotype of people starting nuclear wars with their calculators. In academic world it's not that 'naive', but it is still like entering to a criminal domain and your own image suffers from just mentioning an interest. This of course is ridiculous as I'm sure everyone in here agrees.

Re: Social Engineering - resources

Wesson357, can you give me some insights on David Lieberman? Quickly browsing through Amazon.com, all I get is self help books, so how is this author?

Is it David A. Lieberman or David J. Lieberman?

Re: Social Engineering - resources

David J.

The get anyone to do anything, and Never be lied to again are very good, but may not fully live up to their titles.

The first chapter of both books wastes a lot of time telling you how good the book is, but after those few pages its all quality content. There are many "power points" scattered about that reference psychological studies and provided scenarios for influencing people.

Re: Social Engineering - resources

Wesson357, Ok.. I'll check this one out too. I'm trying to avoid self help types of material as references, so you understand why I was wondering. Reference to psychological studies sounds good, so this might be very helpful, thank you.

Anyway, please feel free to discuss SE, there's never enough good conversations going on.

Also, any kind of resources are also very welcome, not just books or articles. I'll need those for my paper, thesis and studies, but I'm also interested in other formats and resources as well; videos, good forums/websites, formal training (are there any certificates for this? Kevin Mitnick has his Certified Social Engineering Prevention Specialist (CSEPS), is this any good?), convention papers/videos.. everything that has to do with SE basically.

I bet there are others in here as well with the same interest.

Re: Social Engineering - resources

Another interesting subject is the Facial Action Coding System, which breaks down and catagorizes fleeting microexpressions. The system itself doesnt really codify what the expresions may mean, but there are other works based on the system that do. Its not really directly related to SE but is kind of a fringe topic if you are interested in how the person is internally reacting to what you are saying (assuming you are talking face to face)

Re: Social Engineering - resources

I have never heard of "FACS". Not directly related, but it still would be within the area of general interest for me. As I said, my topics of interest also include RFID, identity theft, physical area control, surveillance.. I see these things rather inseparable. Thanks for the heads up, I'll definitely get back to this later on.