Found 3 comments on HN
wu-ikkyu · 2017-06-08 · Original thread
>There is a much more dynamic use of tone and they generally speak more slowly.

From what I've read on social engineering[1] and communications theory a slower speaker is generally perceived as more calm, confident, and deliberate whereas fast talkers are often perceived as being more anxious.

Also, alteration of tones is a tactic often used to add subtle influence to the delivery of key words and concepts.

[1]https://www.amazon.com/Social-Engineering-Art-Human-Hacking/...

anocendi · 2014-12-18 · Original thread
I just want to point you out to a book. It is a good read, I promise.

http://www.amazon.com/Social-Engineering-The-Human-Hacking/d...

It looks like you genuinely believe that two people talking face to face would not be subjected to exploitation.

The book exactly talks about how exploitation in this context had been thriving even before Computer and Network Security became a thing.

In computer setting, an adversary still needs to do factorization to crack keys or priming the victim's computing machinery, both of which require advanced knowledge in science and technologies mind you, to do the exploits.

But for people, they come with beliefs, cultural and social biases, personal habits, and ignorance which are not too hard to discern, making human factor in systems a larger risk.

ljd · 2014-02-05 · Original thread
I was reading Social Engineering: The Art of Human Hacking [0] a few years ago and it was really fascinating to see how easy it is to get the user to give us data versus unlocking an AES256 encrypted value on a computer I'm not allowed to touch.

Since I do a lot of work in PCI (Ecommerce / Orders / Credit Cards) I've learned that the most secure systems never allow the human user to access decrypted data. That things like tokenization work, and it's far better to give an abstraction of a credit card for tech support and developers to work with than the actual card even though on the surface it seems like it's not a big deal.

If you are designing a system and at any point think, "This data is okay for the user to access because they can't (share/steal/walk out of the building with) it." You should seriously read the book I mentioned above. It really is impossible for you to imagine all of the very logical scenarios that would lead a janitor to keep a door unlocked. In fact, I can already think of a handful of reason why, if I were a janitor, I would keep that door unlocked because of a sticky note.

[0]http://www.amazon.com/Social-Engineering-The-Human-Hacking/d...

Get dozens of book recommendations delivered straight to your inbox every Thursday.