Ep. 134 – Altered Memories and Alternate Realities with Dr. Elizabeth Loftus
46 min

In this episode, Chris Hadnagy and Ryan MacDougall are joined by distinguished professor: Elizabeth Loftus. Listen in to understand the vulnerabilities in human memories and how they are sometimes exploited. Learn to defend against attacks on your memory and how this info can be applied in the information security industry.  

00:01 – Introduction to Elizabeth Loftus and her research on the malleability of human memory. 

01:41 – Elizabeth's reasoning for researching human memory.  

03:12 – What our faulty memory means for eyewitness testimonies. 

04:20 – How the phrasing of a question can distort someone's memory.  

06:27 – Is it possible to verify the accuracy of a memory? 

10:34 – Trying hard to remember something can sometimes lead to the creation of a false memory. 

11:22 – Elizabeth's experience with the trial of George Franklin

14:13 – How can we protect ourselves from having our memories modified? 

14:21 – The similarities between preventing false memories and preventing scams. 

 20:40 – “What the heck is going on in the world of Social-Engineer: COVID Style.” 

Practical Open Source Intelligence For Everyday Social Engineers 

Advanced Practical Social Engineering Training 

The Human Hacking Conference - Orlando, FL March 11-13, 2021 

2021 Training Schedule 

Book: Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You 

Website: social-engineer.com 

Website: social-engineer.org 

25:43 – How hypnosis therapy often generates false memories.  

30:21 – How to protect yourself from having your memories altered. 

32:58 – The prevalence and impact of misinformation on social media. 

38:30 – Elizabeth’s website, Ted Talk and books. 

Elizabeth F. Loftus’ UCI School of Social Ecology Website 

Ted Talk at TedGlobal 2013 

Books by Elizabeth 

39:44 – Elizabeth’s book recommendations. 

Mistakes Were Made (but Not by Me) 

41:50 – Outro  

Social-Engineer.org   

Newsletter 

Framework 

Blog 

Social-Engineer.com   

The Innocent Lives Foundation   

The Innocent Lives Foundation on Twitter 

The Human Hacking Conference  

The Human Hacking Conference on Twitter  

Human Hacking Book 

Chris on Twitter   

Social-Engineer on Twitter  

Social-Engineer on Facebook 

Social-Engineer on LinkedIn 

Social-Engineer on Instagram  

Social-Engineer on Slack 

CISO-Security Vendor Relationship Podcast
CISO-Security Vendor Relationship Podcast
Mike Johnson and David Spark
Why Is 'Pay the Ransom' In Next Year's Budget?
All links and images for this episode can be found on CISO Series (https://cisoseries.com/why-is-pay-the-ransom-in-next-years-budget/) With 25 percent of ransomware victims paying the ransomware, have we waved the white flag to the attackers? Should we just budget for it? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest is Les McCollum (@doinmorewithles), managing vp, CISO, ICMA-RC. Thanks to our sponsor, BitSight. BitSight is the most widely used Security Ratings service with a mission to change the way the world addresses cyber risk. Learn how BitSight for Third-Party Risk Management helps you efficiently mitigate the growing risk across your vendor ecosystem by taking an automated, data-driven approach. On this week’s episode Why is everybody talking about this now Are culture fit and diversity mutually exclusive? Allan Alford, co-host of Defense in Depth podcast, brought up the conversation of needing diversity in all areas: age, gender, ethnicity, city vs. country, country of origin, military vs. civilian, college educated vs. self-taught, socioeconomic status, and disabilities. But at the same time, I'm thinking we NEVER see those types of groups hanging out together or getting along. So how do you create a culturally sane group among such a diverse group? People are tribal by nature and even if you're successful creating diversity on your team they're going to bond with people of similar types. Won't this introduce new problems? If you haven’t made this mistake you’re not in security At the end of the year when you look at your security budget, what are the costs you didn't expect or budget appropriately at the beginning of the year? On CSO Online, John Edwards has an article about seven overlooked cybersecurity costs that may bust your budget. He mentioned items such as staff acquisition and retention, incident response, third-party analysis, and replacement costs. What has been a surprise for you and has adjusting things for the next year helped, or is there always a surprise? Which is the one everyone should prepare for but they don't? More bad security advice Over a quarter of companies that fall victim to ransomware, pay the ransom, according to a study by Crowdstrike. In a discussion thread on reddit, user yourdigitalmind said they had a client who remarked, "WHEN we get hit, it will force us to start doing things right, but right now, it's cheaper'" So he's accepted being hit by ransomware is inevitable. That falls in line with Crowdstrike's study that found after a ransomware attack 75 percent of the victims do increase their security spend on tools and hiring. Humor for me a moment. Most of us do not want to pay the ransom, but sometimes you can't think of the greater good and you have to think of the survival of the business. Is this where I should put my marketing dollars? What types of vendor stories do you respond to? I bring this up because Mike O'Toole, president of PJA Advertising wrote a great piece about how to build a cybersecurity brand story. In the article, he offers up some really good advice such as "Position yourself against the category, not just your direct competitors," "Fear gets attention, but opportunity can drive purchase behavior," and "The strongest brand stories are about market change." Which advice most resonates with how you're pitched, and can you think of either a customer story or offering that you overheard that pushed you into exploring a vendor's solution?
34 min
Cyber Security Interviews
Cyber Security Interviews
Douglas A. Brush | Weekly Interviews w/ InfoSec Pros
#103 – Jeff Hussey: Try Not To Make More Than One Mistake In a Row
https://www.linkedin.com/in/jeff-hussey-a6628a7/ (Jeff Hussey) is the President and CEO of https://tempered.io/ (Tempered). Jeff, the founder of https://www.f5.com/ (F5 Networks), is an accomplished entrepreneur with a proven track record in the networking and security markets. He maintains several board positions across a variety of technology, nonprofit and philanthropic organizations and currently is the chairman of the board for Carena and chairman and co-owner of https://www.ecofiltro.com/ (Ecofiltro) and https://www.puravidacreategood.com/ (PuraVidaCreateGood). Jeff also serves on the board for Webaroo and the Seattle Symphony. He was the chairman of the board for Lockdown Networks, which was sold to McAfee in 2008. Hussey received a BA in Finance from SPU and an MBA from the University of Washington. In this episode, we discuss adjusting to a remote workforce with a start-up, founding F5 Networks, developing a userbase community, tips for information security product success, IoT and OT cybersecurity, the https://www.security7.net/news/what-is-host-identity-protocol-hip (Host Identity Protocol), healthcare security, prioritizing efforts as a founder, what gets him out of the bed in the morning, and so much more! Where you can find Jeff: https://www.linkedin.com/in/jeff-hussey-a6628a7/ (LinkedIn) https://tempered.io/company/#press-room (Tempered)
47 min
Brakeing Down Security Podcast
Brakeing Down Security Podcast
Bryan Brake, Amanda Berlin, Brian Boettcher
2020-044-Marcello Salvati (@byt3bl33d3r), porchetta industries, supporting opensource tool creators, sponsorship model
https://www.hak4kidz.com/activities/cdcedu.html Online CTF training using Cisco’s Workshop platform. They did something similar in Spring of 2020. There will be an online panel where kids can ask questions about information security. Occurs on December 12th. Check out the link for more info. Robert M. for upping his patreon to $5 Top 25 Data Security Podcasts You Must Follow in 2020 (feedspot.com) @byt3bl33d3r (Marcello Salvati) @porchetta_ind (porchetta Industries) info@porchetta.industries Wanna sponsor CrackMapExec? Sponsor @byt3bl33d3r on GitHub Sponsors Github sponsors: GitHub Sponsors Introducing Sponsorware: How A Small Open Source Package Increased My Salary By $11k in Two Days | Caleb Porzio How is this different than shareware? “As a developer of one of these tools, you obviously start questioning your life decisions after a while. Especially after putting so much time into these projects.” Adblockers installed 300,000 times are malicious and should be removed now | Ars Technica (spent years supporting the app… the vitriol from ‘unpaid customers’ is deafening… Should be required reading for anyone wanting to open source anything.) [Announcement] Recent and upcoming changes to the Nano projects · Issue #362 · NanoAdblocker/NanoCore (github.com) Business model for typical opensource projects. Where’s the chain broken at? Devs who expect help/support for their project? “Many eyes make for less vulns” (LOL, sounds good, not true anymore --brbr) What is the ‘status quo’ of OSS infosec/hacking tool developer community (in your opinion)? Pull requests, what is ‘meaningful’ contributions? What is the definition of ‘widely-used’? Why support widely-used OSS hacking tools? (2) Marcello on Twitter: "Well also be encouraging community contributions to those same tools by giving out 1 @offsectraining training voucher per quarter to whoever submits the most meaningful pull request to any of the tools in the @porchetta_ind Discord server" / Twitter And now for something completely different... (porchetta.industries) Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #AmazonMusic: https://brakesec.com/amazonmusic #Brakesec Store!: https://brakesec.com/teepub #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://brakesec.com/pandora #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec #cybersecurity #informationsecurity #leadership #podcasts #CPEs #CISSP #porchetta #training #sponsorship #github #opensource #crackmapexec #byt3bl33d3r #marcelloSalvati
29 min
Defense in Depth
Defense in Depth
Allan Alford and David Spark
Data Protection and Visibility
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-data-protection-and-visibility/) Where is your data? Who's accessing it? You may know if you have an identity access management solution, but what happens when that data leaves your control. What do you do then? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our sponsored guest is Elliot Lewis (@elliotdlewis), CEO, Keyavi Data. Thanks to this week's podcast sponsor, Keyavi Data. Our Keyavi breaks new ground by making data itself intelligent and self-aware, so that it stays under its owner’s control and protects itself immediately, no matter where it is or who is attempting access. Keyavi is led by a team of renowned data security, encryption, and cyber forensics experts. See for yourself at keyavidata.com. On this episode of Defense in Depth, you’ll learn: * In general, all of security is based on detecting threats and stopping threats. When those two fail, and they do, what's your recourse to protect your data? * What if when your data leaves your control either accidentally or through a malicious breach, you were still able to see your data wherever it went and your data could communicate back to you its status, allowing you to control access to your data? * There are so many scenarios when data leaves you, it's impossible to protect for all scenarios. * Asset inventory is first step in the CIS 20. Just trying to get an asset inventory of equipment is difficult. An inventory of data is near impossible especially when you may be pumping out a terabyte of data a day. * Ideal situation is to protect data proactively, as it's being created. * The ultimate goal is to have visibility of your data in perpetuity, for the life of the data, and you can decide when to destroy it even when it's no longer within the confines of your greater network and ecosystem. * Governing your network, your applications, the rules, and the data is half the battle. * Data visibility also allows you to make informed decisions as a business and can provide the answers your legal team will need in case there's a breach. * You want the data protection and visibility schema to be platform and ecosystem independent. If data is taken out of the ecosystem, then the protection and visibility is moot. * A good precursor to this is digital rights management or DRM. They have figured out how to manage data from being copied and manipulated and they can place controls on it. The limiting factor though is it's platform dependent.
33 min
Getting Into Infosec
Getting Into Infosec
Ayman Elsawah (@coffeewithayman)
Lisa Jiggetts - From Navy Cook To Pentester To Non-Profit Founder!
Lisa Jiggetts knew from an early age that she was going to be in tech an cyber. A navy veteren who started off as a cook, she always found herself gravitating towards technology. She is also the Founder & Board of Director of Women’s Society of Cyberjutsu, a non-profit that is dedicated to increasing the opportunities and advancement for women in cybersecurity. Checkout her journey into the cybersecurity field.Notes * Originally a cook in the military, then migrated to information security. * Looked for opportunities to transition into information security by talking to people in and outside her social network. * Networking can be hard, but it will turn in your favor. * Lisa is an introvert, but know how to become an extrovert when needed.Quotes * "When you're starting out, you don't necessarily get into the area you want to be in—you got to work your way up." * “That's the biggest thing you can do. I think is networking because somebody knows somebody" * "So I got all these certifications… I read a book and pass. What is it to me personally? That didn't tell me, you know, how to do anything. They get you in the door" * "[Networking is] hard, but, just do it because in the end, it's gonna turn out in your favor."Links * Lisa on Twitter: https://twitter.com/lisajiggetts * Intro Music: https://trash80.com/#/content/133/weeklybeats-2012-week5 * Women’s Society of Cyberjutsu : https://womenscyberjutsu.org/Getting Into Infosec * Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/ * T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/ * Stay in touch and sign up for sneak peaks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe * Ayman on Twitter: https://twitter.com/coffeewithayman
42 min
More episodes
Search
Clear search
Close search
Google apps
Main menu