SlideShare uma empresa Scribd logo

BSides Rhode Island 2013 - Bite the Wax Tadpole (with Katrina Rodzon)

Transferir como PPTX, PDF
Mike Murray
Mike Murray
TecnologiaNegócios
1 de 92
Bite The Wax Tadpole BSides Rhode Island Katrina Rodzon / Mike MAD Security / The Hacker Academy Murray mmurray@thehackeracademy.com © 2010 – MAD Security, LLC All rights reserved
Culture / Why it influences us
The Human Vulnerability The Grog Problem (or: Why Users Aren’t Stupid)
We Shouldn’t Be Here. But We Are.
There’s a pattern there somewhere…
The fundamental human advantage: Our ability to work together
Trust is a feature of our hardware
What influences us
Social Engineering: The practice of obtaining confidential information by manipulating users. Source: Wikipedia
Success in Social Engineering Create a context that ensures that the behavior we want is completely appropriate and ensure congruency with that context
http://lboeckl.net/model/figures/triune%20details.jpg
The Six Universal Expressions
Understanding Social Penetration: Email / Phishing
Wilson Baka’s Mistakes • • • • • The “A 4O6 Expressway” - The road is called “A406” (note that it’s a zero and not an “O”). The UK calls them highways or “roads”. (Q.C.) – British Barristers don’t usually enclose their credentials in parentheses (and often don’t use periods, writing their names as “Wilson Baka QC”) Nine Million Eight Hundred Thousand British Dollars – The British currency is the Pound, and 9,800,000 British Pounds is approximately $15,000,000 USD, not $2.6 million. The “abandoned property decree of 1996” – There is no such law in Britain “Barr” as a formal signature – British Barristers don’t sign their name as including “Barr” at the beginning to indicate their job title. This is the equivalent of an American lawyer named “John Smith” signing their name as “Lawy John Smith”.
Smart Attackers
Wilson’s Email Host Why is a British Lawyer using an Indian Free Email Service?
Domain Names $19.98 is a small investment
Understanding Tone
Salutation and Signature
Rewriting It Actually sounds like a lawyer
But it’s still not likely to work.
Example: The Evil Twin Attack
My Real Facebook Account
Set up A Fake Facebook Account
Steal the Picture Take the info directly from the original
Add the Right Info Stolen from the Public Facebook Profile
The Fake Profile
Questions? Get a free demo to learn more: http://www.hackeracademy.com Get in touch with Mike Email: mmurray@madsecinc.com Twitter: @mmurray © 2010 – MAD Security, LLC All rights reserved Get in touch with Kati Email: krodzon@madsecinc.com Twitter: @krodzon
Exploiting Language Me Speak Good © 2010 – MAD Security, LLC All rights reserved
Review: 3 Skills of a Social Engineer 1. Ability to Use Language Artfully 2. Awareness of the Target and their Responses 3. Awareness and Control of the Context
Language Processing A Hardware Perspective
Brain Hardware http://www.e-speec.com/functions.htm
Processing the Written Word http://www.e-speec.com/model.jpg
Language and Reality • Language is not reality – This seems obvious – Except that we treat it as somewhat real. – Language acts a model of reality. • Characteristics of models – Most models have the following characteristics • Incomplete • Distorted • Purposeful – Example: maps – Each of these characteristics applies to language.
Linguistic Incompleteness • All Linguistic Acts are Incomplete – We should be glad. – If we had to be complete about every linguistic act... – Imagine the description of: • Eating a strawberry. • Walking down the stairs. – But it causes issues. – We have all been in the situation of misunderstanding because we didn’t understand what someone meant. – Even the most simple situations have confusion built in: • “The cat walked across the room.” • “John gave Mary a ring.” • The key is to know HOW it is incomplete...
Deep vs. Surface Structure • Deep Structure – A full representation of the speaker’s model of the world – Contains full sensory representations – Too detailed for practical use • Surface Structure – What we hear/read in a sentence – The key in language is that surface structure somehow communicates deep structure • That correspondence is what makes language effective • It’s the failure of correspondence that is the incompletion of language
The Usual Suspects • There are a few common classes of incompleteness that arise when dealing with language: • Deletion • Distortion • Generalization • Why do we care? – Understanding what isn’t present allows you to understand what is being said (and what isn’t). – As in hacking, knowing the rules allows you to bend them.
Deletion • We leave out parts of any linguistic act – We filter out that which we believe is unimportant – This creates a partial representation • Acts of Deletion – Unspecified Verbs – Loss of reference • Lacking Referential Indices • Comparative Superlatives • The “Ly” Verbs
Distortion • We choose a distorted representation – Purposeful representation - we have “selective memory” – Language that relies on incomplete shared representations • Acts of Distortion – Nominalization – Mind Reading – Universal Quantifiers
Generalization • Abstraction for the purpose of extension – A form of deletion - we leave out or “roll up” information – Language that relies on incomplete shared representations • Acts of Generalization – Modal Operators – Symmetrical/Asymmetrical Predicates • Symmetrical - “I slept next to him.” • Asymmetrical “I talked to him.” – Complex Equivalence • “He was excited, so he’s going to give me the information.”
Language and Its Impact • Language impacts each of the brains – Creates vivid representations to be processed by the brain’s systems • Two main purposes of language – Information Transfer • Representations that are (mostly) relevant to the NeoCortex – Influence • Representations processed across all three “brains”. • The focus of the rest of this section.
Information Transfer
Outline • Information Transfer – While social eng. is primarily about influence, we need to talk about transferring information.... – The first purpose of language – The key is precision – Gathering information • Similar to meta-model exercises • Asking questions • Eliciting information without being invasive - Reflecting Back. – Providing information to others • Ensuring your own completeness • Creating Feedback loops
Why does this matter? • Imagine an engagement – I call you up and get you to give me your password. That’s all just influence, right? – Not really - first, I have to set a contextual frame – There will always be some form of information transfer in setting the frame. – There will often be information transfer elsewhere, as well. – Additionally (and this will make more sense later) - information transfer and influence are largely inverse operations. Learning one will allow you to invert more easily to the others.
Precision • Example of imprecise language: – When we’re talking, we need to do things that ensure that make our language understandable to other people and that convey some ability to arrive at meaning. – WTF?!?!?! What information did I just convey? • In language, precision is the art of overcoming incompleteness • Remember the earlier descriptions of how language is incomplete • We say that a description was precise when a listener arrives at the same mental representations as the speaker (with whatever precision is required to use the information appropriately) • That was precisely vague. (Explain why appropriateness constraint) • Uhh... problem. How do we know? (We’ll get there...) • Put simply, in information transfer, the goal is to synchronize representations between two minds.
This is Bi-Directional • There are two types of information transfer • The first is conveying information. • What is the second? • Conveying information – Being precise • Requesting information – Learning to convince others to be precise. • We’ll start with requesting information first – as it’s easier to learn
Asking Questions • The primary skill - asking questions – The ability to form a good question is of paramount importance – Most people are never taught what constitutes a “good question” • A Good Question: – One dimensional (only requests one piece of information) • BAD - “Do you like music, fine wine, and the color blue?” – Mutually exclusive choices • (hint: the answer to “or” should never be “yes”) • BAD - “Did you have fun today or stay home from work?” – Does not violate the “7+/-2” principle - Offers limited choice • BAD - “When you grew up, were you in school at a small school while growing up in a big town, a big town when in a small school, a small town with a small school or a big town while in a big school, or were you home-schooled and how many students were at your school?”
Overcoming Incompleteness • People are going to leave information out. – Remember the incompleteness exercises from chapter 2 – Your goal is to recover the information – We’re going to go through each of the types of incompleteness and look at how to recover what’s not present. • Remember the usual suspects – – – – Deletion Distortion Generalization Presupposition
Deletion • We leave out parts of any linguistic act – – • We filter out that which we believe is unimportant This creates a partial representation Acts of Deletion – Unspecified Verbs - Recover the referrant of the verb: “about what/whom?” • • • – “I’m happy.” - Happy about what? “I stole from him.” - Stole what? “He talked to me for an hour.” - About what? Loss of reference - Recover the reference point. • Lacking Referential Indices • Comparative Superlatives – – – • “People are gullible” - Which people specifically? “He’s the best.” - Compared to what/whom? “More aggressive social engineers always get what they want.” - More aggressive than what? The “Ly” Verbs – – – “Obviously, he believes that I’m the best for the job.” - How is it obvious? “Clearly, we were ready to start the engagement.” - What makes it clear? “Unfortunately, you forgot to write the password down.” - Why is it unfortunate?
Distortion • We choose a distorted representation – Purposeful representation - we have “selective memory” – Language that relies on incomplete shared representations • Acts of Distortion – Nominalization -> Turn nominalization back in to verb, recover information. • “We made a great decision.” - What did you decide? • “Our fear keeps us from making change”. - What are you afraid of? What would you change? – Mind Reading -> Recover actual data that allowed realization • “I knew he wanted to give me his password, but he didn’t.” - How did you know? – Universal Quantifiers - Challenge the relationship • “All balls dropped from a height will fall.” - All of them?
Generalization • Abstraction for the purpose of extension – A form of deletion - we leave out or “roll up” information – Language that relies on incomplete shared representations • Acts of Generalization – Modal Operators - Challenge the moral. • What would happen if you did/didn’t? – Symmetrical/Asymmetrical Predicates • “I slept next to him.” - Requires that he slept next to you. • “I talked to him.” - Does not require him talking. Did he talk to you? – Complex Equivalence • “He was excited, so he’s going to give me the information.” - How does his excitement == his giving you the information?
Challenging Presupposition • Presuppositions are the things that must be true in order for the sentence to be true. – Example: “Bob went to the store down the street.” – Presuppositions: • Bob exists and is able to travel. • Bob is on a street. A store is on the street. • We elicit presupposations with the concept of “does that mean...” – “Does that mean there’s a store on the street?
Confirming Model Equivalence • So, this could get annoying really quickly. • Remember, the goal is model equivalence (to the level of specificity required) • We don’t have to question for every piece of incompleteness • Because of this, we need to confirm that what is in our head is in the speaker’s head, as well. • Reflecting back – Old skill from what was known as “active listening”. – Simple restatement of the speaker’s statements: • “What I hear you saying is...” • Or, more simply (and less obviously), just a restatement of their statement with a questioning tone? • Secondary benefit of establishing rapport (more on that later).
Providing Information • Unless someone else is trained in this, you’re going to have to do it yourself. • Feedback loops in your own head. • Using the same questions that you were asking • This is the editing process for writing. – – – – Write a sentence Read it and determine what it is missing. Fill in information with next sentence(s). Repeat. • In this case, the editor is your audience.
Checking Your Work • Requesting feedback on information you have given – The goal of model equivalence is only achieved in the head of the listener – You need to check in with the listener to determine your success • We can do this without being annoying – Simple checkins request a request for clarification – My use of “Make sense?” – We’ll talk more about audience awareness in section 2, but we can check in specifically. – Also: “say that back to me”
Learning to Do it In Real Time • Unfortunately, you can’t learn this by reading or listening to me talk. You have to do it. • Next time you talk – Allowing yourself to become aware, now, of the next time you tell someone something what information you have deleted. – Notice the questions that those around you ask - what information are the people talking to you asking for? • Intentional vagueness – Intentionally start a conversation or two with a completely vague statement – Observe the information elicited from you and take note of how you could have added that information at the beginning.
Language for Influence
Types of Influence • Defined all the way back in ancient Greece. – Aristotle, “On Rhetoric” • 3 types of rhetorical persuasion – Logos: Appeal to reason – Pathos: Appeal to emotion – Ethos: Appeal to authority/ethics • Logos: – relies on having the right information - precision • Ethos - leave for later • Pathos - focus for now.
Agreement • The goal of information transfer is precision – Different than the goal of influence – This is about the amygdala • The goal is to change representation without triggering disagreement • Disagreement is the mind’s defense against inappropriate influence. • This is not about rhetorical/logical disagreement • Agreement allows • The artful inversion of precision – Use of deletion, distortion and generalization to maintain agreement – Sometimes referred to as being “artfully vague”
A brief word on hypnosis... • Hypnosis is portrayed as a magical state – It can be, but so is meditation – Hypnosis is actually accurately depicted by the idea of the relaxation of the critical faculty • Critical faculty – barrier between conscious and unconscious mind – actually part of the conscious mind – Part of the memetic immune system • Consistent agreement depotentiates the critical faculty – This state is what is known as hypnosis – Also seen in cult behavior in a different context
Compliance Set • Agreement patterns – Consistent agreement creates an altered state – This consistent agreement is important for the purposes of influence • As long as someone remains in agreement, it is possible to feed suggestion – This is the basis of hypnosis – In fact, disagreement ends trance • Tell story of Melina from the weekend.
Using what’s not there • So, how do we create consistent agreement? • Maintaining agreement requires allowing shared representations – Which is easier to agree with? • I feel a sensation in my hand. • I feel a stabbing pain in my left index finger? • The artful inversion of precision – Use of deletion, distortion and generalization to maintain implicit agreement in all contexts – Sometimes referred to as being “artfully vague”
Deletion – Unspecified Verbs • You can wonder exactly what it is to know. – Loss of reference - Recover the reference point. • Lacking Referential Indices – “People can know that things are as they should be.” • Comparative Superlatives – “You can find that being successful is always best. • The “Ly” Verbs – “Obviously, you can give me the password because you can trust me.”
Distortion • Acts of Distortion – Nominalization -> Turn nominalization back in to verb, recover information. • “You can have the knowledge that it’s the right decision.” • “Our fear keeps us from making change”. – Mind Reading -> Recover actual data that allowed realization • “I knew he wanted to give me his password, but he didn’t.” - How did you know? – Universal Quantifiers - Challenge the relationship • “All of the things that you can do are the right ones...”
Generalization • Acts of Generalization – Modal Operators - Generalize the modal operator • One should find themselves working out each day. – Complex Equivalence - making causal connections • Transitional words – Using “and”, “as”, “because”, “will”, etc. – “The more x, the more y”
Presuppositions • The artful use of presuppositions is the true method of influence – Once you have agreement, presuppositions are used to create and alter shared meaning • Example: the Hypnotist’s use of “try” – “Try” presupposes failure. – “Try” to open your eyes. Really, really try.
Presuppositions • The artful use of presuppositions is the true method of influence – Once you have agreement, presuppositions are used to create and alter shared meaning • Example: the Hypnotist’s use of “try” – “Try” presupposes failure. – “Try” to open your eyes. Really, really try. • Other words with useful presuppositions – -er at the end of the word (“you can get sleepier now..”)
Binds • Binds are situations that reduce the number of choices that we have – Simple binds create an “illusion of choice” (e.g. “Magician’s choice”) – Double binds create no choice at all. • Simple binds – Would you like to go to bed now or in five minutes? – Would you like to brush your teeth before or after your bath?
Questions • The question can not be avoided by the unconscious mind – If you ask a question, it will be answered – This doesn’t have to be conscious • Knowing how to use questions is the key of making change – Questions can ensure that your content gets processed, can’t they?
Negation • Negation is not understood by the human mind – We understand only positively framed statements – “Don’t think of a pink elephant” • The pattern is unavoidable
Process / Content Confusion • Linguistic Ambiguity – Hypnotic language patterns often turn on the ability to substitute process for content – The conscious mind need not understand the content • Ambiguous Content – Syntactic Ambiguity – Phonetic Ambiguity

Recomendados

Digital literacy edpc605
Digital literacy edpc605Digital literacy edpc605
Digital literacy edpc605Barbara M. King
 
Ibm cog institutetalk_diab
Ibm cog institutetalk_diabIbm cog institutetalk_diab
Ibm cog institutetalk_diabdiannepatricia
 
James pengelley real speaking
James pengelley real speakingJames pengelley real speaking
James pengelley real speakingOnlineconference
 
Knowledge structures official
Knowledge structures officialKnowledge structures official
Knowledge structures officialJo Elliott
 
Assistive technology presentation post
Assistive technology presentation postAssistive technology presentation post
Assistive technology presentation postmountain2009
 
The Social-Engineer Village at DEF CON 24 : Does Cultural Differences Become ...
The Social-Engineer Village at DEF CON 24 : Does Cultural Differences Become ...The Social-Engineer Village at DEF CON 24 : Does Cultural Differences Become ...
The Social-Engineer Village at DEF CON 24 : Does Cultural Differences Become ...Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE
 
Desarrollo aplicaciones distribuidas sockets
Desarrollo aplicaciones distribuidas socketsDesarrollo aplicaciones distribuidas sockets
Desarrollo aplicaciones distribuidas socketsdandark2000
 
How to improve communication skill
How to improve communication skillHow to improve communication skill
How to improve communication skillVjaddicted
 

Recomendados

Digital literacy edpc605
Digital literacy edpc605Digital literacy edpc605
Digital literacy edpc605Barbara M. King
 
Ibm cog institutetalk_diab
Ibm cog institutetalk_diabIbm cog institutetalk_diab
Ibm cog institutetalk_diabdiannepatricia
 
James pengelley real speaking
James pengelley real speakingJames pengelley real speaking
James pengelley real speakingOnlineconference
 
Knowledge structures official
Knowledge structures officialKnowledge structures official
Knowledge structures officialJo Elliott
 
Assistive technology presentation post
Assistive technology presentation postAssistive technology presentation post
Assistive technology presentation postmountain2009
 
The Social-Engineer Village at DEF CON 24 : Does Cultural Differences Become ...
The Social-Engineer Village at DEF CON 24 : Does Cultural Differences Become ...The Social-Engineer Village at DEF CON 24 : Does Cultural Differences Become ...
The Social-Engineer Village at DEF CON 24 : Does Cultural Differences Become ...Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE
 
Desarrollo aplicaciones distribuidas sockets
Desarrollo aplicaciones distribuidas socketsDesarrollo aplicaciones distribuidas sockets
Desarrollo aplicaciones distribuidas socketsdandark2000
 
How to improve communication skill
How to improve communication skillHow to improve communication skill
How to improve communication skillVjaddicted
 
Chp1,2&3
Chp1,2&3Chp1,2&3
Chp1,2&3sachipatel0618
 
OpenStax 19 Creator Fest
OpenStax 19 Creator FestOpenStax 19 Creator Fest
OpenStax 19 Creator FestJess Mitchell
 
Communication theories comm
Communication theories commCommunication theories comm
Communication theories commTarek Mahmoud
 
1. Describe physical security threats to the United States as a re.docx
1. Describe physical security threats to the United States as a re.docx1. Describe physical security threats to the United States as a re.docx
1. Describe physical security threats to the United States as a re.docxjeremylockett77
 
Speech121listening
Speech121listeningSpeech121listening
Speech121listeningRThornock
 
Wood Badge - Communication
Wood Badge - CommunicationWood Badge - Communication
Wood Badge - CommunicationJohn Green
 
Managing Stress: Communication Skills
Managing Stress: Communication SkillsManaging Stress: Communication Skills
Managing Stress: Communication SkillsChelsea Coffman
 
21tips of good speaker
21tips of good speaker21tips of good speaker
21tips of good speakerडॉ. शंकर सोलंकी
 
Social Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike BaileySocial Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike BaileySecurity B-Sides
 
What did you say? interculture communication [HICSS 45 2012-01-04
What did you say? interculture communication [HICSS 45 2012-01-04What did you say? interculture communication [HICSS 45 2012-01-04
What did you say? interculture communication [HICSS 45 2012-01-04Frederick Zarndt
 
Effective Communication Skills
Effective Communication SkillsEffective Communication Skills
Effective Communication SkillsM_abbas_1
 
Founder Leadership Workshop
Founder Leadership WorkshopFounder Leadership Workshop
Founder Leadership WorkshopHannah Knapp
 
How to Make Sense of Any Mess
How to Make Sense of Any MessHow to Make Sense of Any Mess
How to Make Sense of Any MessAbby Covert
 
Founder Leadership Workshop
Founder Leadership WorkshopFounder Leadership Workshop
Founder Leadership WorkshopHannah Knapp
 
Founder Leadership Workshop
Founder Leadership WorkshopFounder Leadership Workshop
Founder Leadership WorkshopHannah Knapp
 
Language versus process
Language versus processLanguage versus process
Language versus processSteve Finlay
 
Founder Leadership Workshop
Founder Leadership WorkshopFounder Leadership Workshop
Founder Leadership WorkshopHannah Knapp
 
Cammy Bean_WordsMatter_TechLearn 2022.pptx
Cammy Bean_WordsMatter_TechLearn 2022.pptxCammy Bean_WordsMatter_TechLearn 2022.pptx
Cammy Bean_WordsMatter_TechLearn 2022.pptxCammy Bean
 
MindWing Presentation—NYC Dept. of Education, Dec. 1-3, 2015
MindWing Presentation—NYC Dept. of Education, Dec. 1-3, 2015MindWing Presentation—NYC Dept. of Education, Dec. 1-3, 2015
MindWing Presentation—NYC Dept. of Education, Dec. 1-3, 2015MindWing Concepts, Inc.
 
What did you say? mindful interculture communication [201608 icgse]
What did you say? mindful interculture communication [201608 icgse]What did you say? mindful interculture communication [201608 icgse]
What did you say? mindful interculture communication [201608 icgse]Frederick Zarndt
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 

Mais conteúdo relacionado

Semelhante a BSides Rhode Island 2013 - Bite the Wax Tadpole (with Katrina Rodzon)

OpenStax 19 Creator Fest
OpenStax 19 Creator FestOpenStax 19 Creator Fest
OpenStax 19 Creator FestJess Mitchell
 
Communication theories comm
Communication theories commCommunication theories comm
Communication theories commTarek Mahmoud
 
1. Describe physical security threats to the United States as a re.docx
1. Describe physical security threats to the United States as a re.docx1. Describe physical security threats to the United States as a re.docx
1. Describe physical security threats to the United States as a re.docxjeremylockett77
 
Speech121listening
Speech121listeningSpeech121listening
Speech121listeningRThornock
 
Wood Badge - Communication
Wood Badge - CommunicationWood Badge - Communication
Wood Badge - CommunicationJohn Green
 
Managing Stress: Communication Skills
Managing Stress: Communication SkillsManaging Stress: Communication Skills
Managing Stress: Communication SkillsChelsea Coffman
 
Social Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike BaileySocial Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike BaileySecurity B-Sides
 
What did you say? interculture communication [HICSS 45 2012-01-04
What did you say? interculture communication [HICSS 45 2012-01-04What did you say? interculture communication [HICSS 45 2012-01-04
What did you say? interculture communication [HICSS 45 2012-01-04Frederick Zarndt
 
Effective Communication Skills
Effective Communication SkillsEffective Communication Skills
Effective Communication SkillsM_abbas_1
 
Founder Leadership Workshop
Founder Leadership WorkshopFounder Leadership Workshop
Founder Leadership WorkshopHannah Knapp
 
How to Make Sense of Any Mess
How to Make Sense of Any MessHow to Make Sense of Any Mess
How to Make Sense of Any MessAbby Covert
 
Founder Leadership Workshop
Founder Leadership WorkshopFounder Leadership Workshop
Founder Leadership WorkshopHannah Knapp
 
Founder Leadership Workshop
Founder Leadership WorkshopFounder Leadership Workshop
Founder Leadership WorkshopHannah Knapp
 
Language versus process
Language versus processLanguage versus process
Language versus processSteve Finlay
 
Founder Leadership Workshop
Founder Leadership WorkshopFounder Leadership Workshop
Founder Leadership WorkshopHannah Knapp
 
Cammy Bean_WordsMatter_TechLearn 2022.pptx
Cammy Bean_WordsMatter_TechLearn 2022.pptxCammy Bean_WordsMatter_TechLearn 2022.pptx
Cammy Bean_WordsMatter_TechLearn 2022.pptxCammy Bean
 
MindWing Presentation—NYC Dept. of Education, Dec. 1-3, 2015
MindWing Presentation—NYC Dept. of Education, Dec. 1-3, 2015MindWing Presentation—NYC Dept. of Education, Dec. 1-3, 2015
MindWing Presentation—NYC Dept. of Education, Dec. 1-3, 2015MindWing Concepts, Inc.
 
What did you say? mindful interculture communication [201608 icgse]
What did you say? mindful interculture communication [201608 icgse]What did you say? mindful interculture communication [201608 icgse]
What did you say? mindful interculture communication [201608 icgse]Frederick Zarndt
 

Semelhante a BSides Rhode Island 2013 - Bite the Wax Tadpole (with Katrina Rodzon) (20)

Chp1,2&3
Chp1,2&3Chp1,2&3
Chp1,2&3
 
OpenStax 19 Creator Fest
OpenStax 19 Creator FestOpenStax 19 Creator Fest
OpenStax 19 Creator Fest
 
Communication theories comm
Communication theories commCommunication theories comm
Communication theories comm
 
1. Describe physical security threats to the United States as a re.docx
1. Describe physical security threats to the United States as a re.docx1. Describe physical security threats to the United States as a re.docx
1. Describe physical security threats to the United States as a re.docx
 
Speech121listening
Speech121listeningSpeech121listening
Speech121listening
 
Wood Badge - Communication
Wood Badge - CommunicationWood Badge - Communication
Wood Badge - Communication
 
Managing Stress: Communication Skills
Managing Stress: Communication SkillsManaging Stress: Communication Skills
Managing Stress: Communication Skills
 
21tips of good speaker
21tips of good speaker21tips of good speaker
21tips of good speaker
 
Social Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike BaileySocial Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike Bailey
 
What did you say? interculture communication [HICSS 45 2012-01-04
What did you say? interculture communication [HICSS 45 2012-01-04What did you say? interculture communication [HICSS 45 2012-01-04
What did you say? interculture communication [HICSS 45 2012-01-04
 
Effective Communication Skills
Effective Communication SkillsEffective Communication Skills
Effective Communication Skills
 
Founder Leadership Workshop
Founder Leadership WorkshopFounder Leadership Workshop
Founder Leadership Workshop
 
How to Make Sense of Any Mess
How to Make Sense of Any MessHow to Make Sense of Any Mess
How to Make Sense of Any Mess
 
Founder Leadership Workshop
Founder Leadership WorkshopFounder Leadership Workshop
Founder Leadership Workshop
 
Founder Leadership Workshop
Founder Leadership WorkshopFounder Leadership Workshop
Founder Leadership Workshop
 
Language versus process
Language versus processLanguage versus process
Language versus process
 
Founder Leadership Workshop
Founder Leadership WorkshopFounder Leadership Workshop
Founder Leadership Workshop
 
Cammy Bean_WordsMatter_TechLearn 2022.pptx
Cammy Bean_WordsMatter_TechLearn 2022.pptxCammy Bean_WordsMatter_TechLearn 2022.pptx
Cammy Bean_WordsMatter_TechLearn 2022.pptx
 
MindWing Presentation—NYC Dept. of Education, Dec. 1-3, 2015
MindWing Presentation—NYC Dept. of Education, Dec. 1-3, 2015MindWing Presentation—NYC Dept. of Education, Dec. 1-3, 2015
MindWing Presentation—NYC Dept. of Education, Dec. 1-3, 2015
 
What did you say? mindful interculture communication [201608 icgse]
What did you say? mindful interculture communication [201608 icgse]What did you say? mindful interculture communication [201608 icgse]
What did you say? mindful interculture communication [201608 icgse]
 

Último

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 

Último (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 

BSides Rhode Island 2013 - Bite the Wax Tadpole (with Katrina Rodzon)

  • 1. Bite The Wax Tadpole BSides Rhode Island Katrina Rodzon / Mike MAD Security / The Hacker Academy Murray mmurray@thehackeracademy.com © 2010 – MAD Security, LLC All rights reserved
  • 2.
  • 3.
  • 4. Culture / Why it influences us
  • 5. The Human Vulnerability The Grog Problem (or: Why Users Aren’t Stupid)
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13. We Shouldn’t Be Here. But We Are.
  • 14.
  • 15.
  • 16.
  • 17. There’s a pattern there somewhere…
  • 18. The fundamental human advantage: Our ability to work together
  • 19. Trust is a feature of our hardware
  • 21. Social Engineering: The practice of obtaining confidential information by manipulating users. Source: Wikipedia
  • 22. Success in Social Engineering Create a context that ensures that the behavior we want is completely appropriate and ensure congruency with that context
  • 24. The Six Universal Expressions
  • 26.
  • 27.
  • 28. Wilson Baka’s Mistakes • • • • • The “A 4O6 Expressway” - The road is called “A406” (note that it’s a zero and not an “O”). The UK calls them highways or “roads”. (Q.C.) – British Barristers don’t usually enclose their credentials in parentheses (and often don’t use periods, writing their names as “Wilson Baka QC”) Nine Million Eight Hundred Thousand British Dollars – The British currency is the Pound, and 9,800,000 British Pounds is approximately $15,000,000 USD, not $2.6 million. The “abandoned property decree of 1996” – There is no such law in Britain “Barr” as a formal signature – British Barristers don’t sign their name as including “Barr” at the beginning to indicate their job title. This is the equivalent of an American lawyer named “John Smith” signing their name as “Lawy John Smith”.
  • 30. Wilson’s Email Host Why is a British Lawyer using an Indian Free Email Service?
  • 31. Domain Names $19.98 is a small investment
  • 32.
  • 36. But it’s still not likely to work.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43. Example: The Evil Twin Attack
  • 44. My Real Facebook Account
  • 45. Set up A Fake Facebook Account
  • 46. Steal the Picture Take the info directly from the original
  • 47. Add the Right Info Stolen from the Public Facebook Profile
  • 49. Questions? Get a free demo to learn more: http://www.hackeracademy.com Get in touch with Mike Email: mmurray@madsecinc.com Twitter: @mmurray © 2010 – MAD Security, LLC All rights reserved Get in touch with Kati Email: krodzon@madsecinc.com Twitter: @krodzon
  • 50. Exploiting Language Me Speak Good © 2010 – MAD Security, LLC All rights reserved
  • 51. Review: 3 Skills of a Social Engineer 1. Ability to Use Language Artfully 2. Awareness of the Target and their Responses 3. Awareness and Control of the Context
  • 54. Processing the Written Word http://www.e-speec.com/model.jpg
  • 55. Language and Reality • Language is not reality – This seems obvious – Except that we treat it as somewhat real. – Language acts a model of reality. • Characteristics of models – Most models have the following characteristics • Incomplete • Distorted • Purposeful – Example: maps – Each of these characteristics applies to language.
  • 56. Linguistic Incompleteness • All Linguistic Acts are Incomplete – We should be glad. – If we had to be complete about every linguistic act... – Imagine the description of: • Eating a strawberry. • Walking down the stairs. – But it causes issues. – We have all been in the situation of misunderstanding because we didn’t understand what someone meant. – Even the most simple situations have confusion built in: • “The cat walked across the room.” • “John gave Mary a ring.” • The key is to know HOW it is incomplete...
  • 57. Deep vs. Surface Structure • Deep Structure – A full representation of the speaker’s model of the world – Contains full sensory representations – Too detailed for practical use • Surface Structure – What we hear/read in a sentence – The key in language is that surface structure somehow communicates deep structure • That correspondence is what makes language effective • It’s the failure of correspondence that is the incompletion of language
  • 58. The Usual Suspects • There are a few common classes of incompleteness that arise when dealing with language: • Deletion • Distortion • Generalization • Why do we care? – Understanding what isn’t present allows you to understand what is being said (and what isn’t). – As in hacking, knowing the rules allows you to bend them.
  • 59. Deletion • We leave out parts of any linguistic act – We filter out that which we believe is unimportant – This creates a partial representation • Acts of Deletion – Unspecified Verbs – Loss of reference • Lacking Referential Indices • Comparative Superlatives • The “Ly” Verbs
  • 60. Distortion • We choose a distorted representation – Purposeful representation - we have “selective memory” – Language that relies on incomplete shared representations • Acts of Distortion – Nominalization – Mind Reading – Universal Quantifiers
  • 61. Generalization • Abstraction for the purpose of extension – A form of deletion - we leave out or “roll up” information – Language that relies on incomplete shared representations • Acts of Generalization – Modal Operators – Symmetrical/Asymmetrical Predicates • Symmetrical - “I slept next to him.” • Asymmetrical “I talked to him.” – Complex Equivalence • “He was excited, so he’s going to give me the information.”
  • 62. Language and Its Impact • Language impacts each of the brains – Creates vivid representations to be processed by the brain’s systems • Two main purposes of language – Information Transfer • Representations that are (mostly) relevant to the NeoCortex – Influence • Representations processed across all three “brains”. • The focus of the rest of this section.
  • 64. Outline • Information Transfer – While social eng. is primarily about influence, we need to talk about transferring information.... – The first purpose of language – The key is precision – Gathering information • Similar to meta-model exercises • Asking questions • Eliciting information without being invasive - Reflecting Back. – Providing information to others • Ensuring your own completeness • Creating Feedback loops
  • 65. Why does this matter? • Imagine an engagement – I call you up and get you to give me your password. That’s all just influence, right? – Not really - first, I have to set a contextual frame – There will always be some form of information transfer in setting the frame. – There will often be information transfer elsewhere, as well. – Additionally (and this will make more sense later) - information transfer and influence are largely inverse operations. Learning one will allow you to invert more easily to the others.
  • 66. Precision • Example of imprecise language: – When we’re talking, we need to do things that ensure that make our language understandable to other people and that convey some ability to arrive at meaning. – WTF?!?!?! What information did I just convey? • In language, precision is the art of overcoming incompleteness • Remember the earlier descriptions of how language is incomplete • We say that a description was precise when a listener arrives at the same mental representations as the speaker (with whatever precision is required to use the information appropriately) • That was precisely vague. (Explain why appropriateness constraint) • Uhh... problem. How do we know? (We’ll get there...) • Put simply, in information transfer, the goal is to synchronize representations between two minds.
  • 67. This is Bi-Directional • There are two types of information transfer • The first is conveying information. • What is the second? • Conveying information – Being precise • Requesting information – Learning to convince others to be precise. • We’ll start with requesting information first – as it’s easier to learn
  • 68. Asking Questions • The primary skill - asking questions – The ability to form a good question is of paramount importance – Most people are never taught what constitutes a “good question” • A Good Question: – One dimensional (only requests one piece of information) • BAD - “Do you like music, fine wine, and the color blue?” – Mutually exclusive choices • (hint: the answer to “or” should never be “yes”) • BAD - “Did you have fun today or stay home from work?” – Does not violate the “7+/-2” principle - Offers limited choice • BAD - “When you grew up, were you in school at a small school while growing up in a big town, a big town when in a small school, a small town with a small school or a big town while in a big school, or were you home-schooled and how many students were at your school?”
  • 69. Overcoming Incompleteness • People are going to leave information out. – Remember the incompleteness exercises from chapter 2 – Your goal is to recover the information – We’re going to go through each of the types of incompleteness and look at how to recover what’s not present. • Remember the usual suspects – – – – Deletion Distortion Generalization Presupposition
  • 70. Deletion • We leave out parts of any linguistic act – – • We filter out that which we believe is unimportant This creates a partial representation Acts of Deletion – Unspecified Verbs - Recover the referrant of the verb: “about what/whom?” • • • – “I’m happy.” - Happy about what? “I stole from him.” - Stole what? “He talked to me for an hour.” - About what? Loss of reference - Recover the reference point. • Lacking Referential Indices • Comparative Superlatives – – – • “People are gullible” - Which people specifically? “He’s the best.” - Compared to what/whom? “More aggressive social engineers always get what they want.” - More aggressive than what? The “Ly” Verbs – – – “Obviously, he believes that I’m the best for the job.” - How is it obvious? “Clearly, we were ready to start the engagement.” - What makes it clear? “Unfortunately, you forgot to write the password down.” - Why is it unfortunate?
  • 71. Distortion • We choose a distorted representation – Purposeful representation - we have “selective memory” – Language that relies on incomplete shared representations • Acts of Distortion – Nominalization -> Turn nominalization back in to verb, recover information. • “We made a great decision.” - What did you decide? • “Our fear keeps us from making change”. - What are you afraid of? What would you change? – Mind Reading -> Recover actual data that allowed realization • “I knew he wanted to give me his password, but he didn’t.” - How did you know? – Universal Quantifiers - Challenge the relationship • “All balls dropped from a height will fall.” - All of them?
  • 72. Generalization • Abstraction for the purpose of extension – A form of deletion - we leave out or “roll up” information – Language that relies on incomplete shared representations • Acts of Generalization – Modal Operators - Challenge the moral. • What would happen if you did/didn’t? – Symmetrical/Asymmetrical Predicates • “I slept next to him.” - Requires that he slept next to you. • “I talked to him.” - Does not require him talking. Did he talk to you? – Complex Equivalence • “He was excited, so he’s going to give me the information.” - How does his excitement == his giving you the information?
  • 73. Challenging Presupposition • Presuppositions are the things that must be true in order for the sentence to be true. – Example: “Bob went to the store down the street.” – Presuppositions: • Bob exists and is able to travel. • Bob is on a street. A store is on the street. • We elicit presupposations with the concept of “does that mean...” – “Does that mean there’s a store on the street?
  • 74. Confirming Model Equivalence • So, this could get annoying really quickly. • Remember, the goal is model equivalence (to the level of specificity required) • We don’t have to question for every piece of incompleteness • Because of this, we need to confirm that what is in our head is in the speaker’s head, as well. • Reflecting back – Old skill from what was known as “active listening”. – Simple restatement of the speaker’s statements: • “What I hear you saying is...” • Or, more simply (and less obviously), just a restatement of their statement with a questioning tone? • Secondary benefit of establishing rapport (more on that later).
  • 75. Providing Information • Unless someone else is trained in this, you’re going to have to do it yourself. • Feedback loops in your own head. • Using the same questions that you were asking • This is the editing process for writing. – – – – Write a sentence Read it and determine what it is missing. Fill in information with next sentence(s). Repeat. • In this case, the editor is your audience.
  • 76. Checking Your Work • Requesting feedback on information you have given – The goal of model equivalence is only achieved in the head of the listener – You need to check in with the listener to determine your success • We can do this without being annoying – Simple checkins request a request for clarification – My use of “Make sense?” – We’ll talk more about audience awareness in section 2, but we can check in specifically. – Also: “say that back to me”
  • 77. Learning to Do it In Real Time • Unfortunately, you can’t learn this by reading or listening to me talk. You have to do it. • Next time you talk – Allowing yourself to become aware, now, of the next time you tell someone something what information you have deleted. – Notice the questions that those around you ask - what information are the people talking to you asking for? • Intentional vagueness – Intentionally start a conversation or two with a completely vague statement – Observe the information elicited from you and take note of how you could have added that information at the beginning.
  • 79. Types of Influence • Defined all the way back in ancient Greece. – Aristotle, “On Rhetoric” • 3 types of rhetorical persuasion – Logos: Appeal to reason – Pathos: Appeal to emotion – Ethos: Appeal to authority/ethics • Logos: – relies on having the right information - precision • Ethos - leave for later • Pathos - focus for now.
  • 80. Agreement • The goal of information transfer is precision – Different than the goal of influence – This is about the amygdala • The goal is to change representation without triggering disagreement • Disagreement is the mind’s defense against inappropriate influence. • This is not about rhetorical/logical disagreement • Agreement allows • The artful inversion of precision – Use of deletion, distortion and generalization to maintain agreement – Sometimes referred to as being “artfully vague”
  • 81. A brief word on hypnosis... • Hypnosis is portrayed as a magical state – It can be, but so is meditation – Hypnosis is actually accurately depicted by the idea of the relaxation of the critical faculty • Critical faculty – barrier between conscious and unconscious mind – actually part of the conscious mind – Part of the memetic immune system • Consistent agreement depotentiates the critical faculty – This state is what is known as hypnosis – Also seen in cult behavior in a different context
  • 82. Compliance Set • Agreement patterns – Consistent agreement creates an altered state – This consistent agreement is important for the purposes of influence • As long as someone remains in agreement, it is possible to feed suggestion – This is the basis of hypnosis – In fact, disagreement ends trance • Tell story of Melina from the weekend.
  • 83. Using what’s not there • So, how do we create consistent agreement? • Maintaining agreement requires allowing shared representations – Which is easier to agree with? • I feel a sensation in my hand. • I feel a stabbing pain in my left index finger? • The artful inversion of precision – Use of deletion, distortion and generalization to maintain implicit agreement in all contexts – Sometimes referred to as being “artfully vague”
  • 84. Deletion – Unspecified Verbs • You can wonder exactly what it is to know. – Loss of reference - Recover the reference point. • Lacking Referential Indices – “People can know that things are as they should be.” • Comparative Superlatives – “You can find that being successful is always best. • The “Ly” Verbs – “Obviously, you can give me the password because you can trust me.”
  • 85. Distortion • Acts of Distortion – Nominalization -> Turn nominalization back in to verb, recover information. • “You can have the knowledge that it’s the right decision.” • “Our fear keeps us from making change”. – Mind Reading -> Recover actual data that allowed realization • “I knew he wanted to give me his password, but he didn’t.” - How did you know? – Universal Quantifiers - Challenge the relationship • “All of the things that you can do are the right ones...”
  • 86. Generalization • Acts of Generalization – Modal Operators - Generalize the modal operator • One should find themselves working out each day. – Complex Equivalence - making causal connections • Transitional words – Using “and”, “as”, “because”, “will”, etc. – “The more x, the more y”
  • 87. Presuppositions • The artful use of presuppositions is the true method of influence – Once you have agreement, presuppositions are used to create and alter shared meaning • Example: the Hypnotist’s use of “try” – “Try” presupposes failure. – “Try” to open your eyes. Really, really try.
  • 88. Presuppositions • The artful use of presuppositions is the true method of influence – Once you have agreement, presuppositions are used to create and alter shared meaning • Example: the Hypnotist’s use of “try” – “Try” presupposes failure. – “Try” to open your eyes. Really, really try. • Other words with useful presuppositions – -er at the end of the word (“you can get sleepier now..”)
  • 89. Binds • Binds are situations that reduce the number of choices that we have – Simple binds create an “illusion of choice” (e.g. “Magician’s choice”) – Double binds create no choice at all. • Simple binds – Would you like to go to bed now or in five minutes? – Would you like to brush your teeth before or after your bath?
  • 90. Questions • The question can not be avoided by the unconscious mind – If you ask a question, it will be answered – This doesn’t have to be conscious • Knowing how to use questions is the key of making change – Questions can ensure that your content gets processed, can’t they?
  • 91. Negation • Negation is not understood by the human mind – We understand only positively framed statements – “Don’t think of a pink elephant” • The pattern is unavoidable
  • 92. Process / Content Confusion • Linguistic Ambiguity – Hypnotic language patterns often turn on the ability to substitute process for content – The conscious mind need not understand the content • Ambiguous Content – Syntactic Ambiguity – Phonetic Ambiguity

Notas do Editor

  1. Comic of Evolution from Ape->Man
  2. Gorilla
  3. Elephant
  4. Elephant
  5. Cheetah
  6. Monkey
  7. We shouldn’t even have been able to eat. How do you catch this? Gazelle
  8. Picture of a tribe
  9. Farmers working in a field
  10. Picture of a city
  11. The Front-Row example
  12. Three Skills – Ability to Use Language ArtfullyAwareness of the Target and their ResponsesAwareness and Control of the Context
  13. Replication of ToneSpelling and GrammarWord ChoiceSalutation and SignatureReplication of AppearanceDomains / Email AddressesImages and PicturesFonts and ColorsValidation of Concept / Context
  14. Confirmation – what lawyer would ever use that subject line?
  15. Pull out wallets – all Visa cards start with 4
  16. What is the country of origin of the author of this email?
  17. Signature, address, right domain name
  18. Overview of Evil Twin attacks, how they work, and how they exploit users.
  19. So, how do we convince our users not to fall for this?
  20. The two key neocortical structures that are most important within the process are Wernicke's area and Broca’s area. Wernicke's Area is involved in the understanding of language – it decodes the visual information and extracts the meaning of the words. Broca’s area is involved in the production of language – once the meanings of the words are produced, Broca’s area puts them together in to the understanding of complex language.More on Wernicke’s Area: http://psychology.about.com/od/windex/g/def_wernickesar.htmMore on Broca’s area: http://www.wisegeek.com/what-is-brocas-area.htm
  21. The process of understanding language is slightly different for written language and spoken language, but most of the process is similar. As in Figure 2.2, the stimulus is passed from the input channel (usually the visual or auditory cortex) to a comparison between the stored word and its meaning, to a reconstruction of the entire message.