{"id":2442,"date":"2017-07-28T13:55:32","date_gmt":"2017-07-28T11:55:32","guid":{"rendered":"https:\/\/blog.mi.hdm-stuttgart.de\/?p=2442"},"modified":"2023-06-08T15:33:24","modified_gmt":"2023-06-08T13:33:24","slug":"social-engineering-firewall-rules-for-your-brain-part-1","status":"publish","type":"post","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2017\/07\/28\/social-engineering-firewall-rules-for-your-brain-part-1\/","title":{"rendered":"Social Engineering: Firewall-Rules for your brain \u2013 Part 1"},"content":{"rendered":"<p>Humans can be regarded as one of the biggest weaknesses for secure systems. Their interaction with technology and awareness for information security makes them usually the \u201cweak link\u201d for gaining access to enterprise networks and private information. From an attackers point of view the investment of using a human to hack a system is much cheaper than searching for 0-day exploits or unpatched vulnerabilities. That\u2019s why the art of human hacking, called <em>Social Engineering<\/em>, has become an important threat factor for secure systems.<\/p>\n<p><!--more--><\/p>\n<p>Social Engineering is the effort to get a victim to do something beneficial to the attacker such as getting victims to divulge passwords or credit card information. But how is this primarily accomplished? The answer to this question is through manipulation of the human element.&nbsp;To get a basic understanding on how Social Engineering works (at least from a theatrical view-point), we will have a look at the following YouTube clip from the movie <em>Red Dragon<\/em> and analyze it with the help of Barnlund\u2019s communication model.<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe loading=\"lazy\" class=\"youtube-player\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/4rDTnRGmVBs?version=3&#038;rel=1&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;fs=1&#038;hl=en-US&#038;autohide=2&#038;wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\"><\/iframe><\/span><\/p>\n<figure id=\"attachment_2448\" aria-describedby=\"caption-attachment-2448\" style=\"width: 651px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/01_Communication_Model_Barnlund.jpeg\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"2448\" data-permalink=\"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2017\/07\/28\/social-engineering-firewall-rules-for-your-brain-part-1\/01_communication_model_barnlund\/\" data-orig-file=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/01_Communication_Model_Barnlund.jpeg\" data-orig-size=\"1518,773\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"01_Communication_Model_Barnlund\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/01_Communication_Model_Barnlund-1024x521.jpeg\" class=\"wp-image-2448\" src=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/01_Communication_Model_Barnlund-300x153.jpeg\" alt=\"\" width=\"651\" height=\"293\"><\/a><figcaption id=\"caption-attachment-2448\" class=\"wp-caption-text\">Transactional Model of Communication by Dean Barnlund (1970)<\/figcaption><\/figure>\n<p>What happened there in detail? A vicious <u>sender<\/u> (Dr. Hannibal Lecter) transmitted a message (\u201cgive me Will Grahams private address\u201d) via a specific <u>channel<\/u> (phone) to a <u>listener<\/u> (Dr. Bloom\u2019s secretary). Usually every person has a communication filter active while listening to another person, called <u>mental room<\/u>. This filter prevents us from accepting messages blindly and forces us to question the intention of a sender. To work around the secretary\u2019s mental room, Hannibal Lecter exploited human behavioral patterns (e.g. lack of time which forces a hasty decision) and influencing techniques (such as threatening that Will Graham\u2019s assistant will be in trouble, if she doesn\u2019t help). Once Hannibal had invaded her room, the secretary gave Hannibal his&nbsp;desired feedback.<\/p>\n<p>After reading this series you will know how to avoid such an attack, you will learn:<\/p>\n<ul>\n<li>Which <u>behavioral patterns<\/u>&nbsp;a trained Social Engineering uses to get in your mental room? (part1)<\/li>\n<li>What <u>advanced influencing techniques<\/u> are available to control your communication feedback (part 2)<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>Behavioral patterns<\/h2>\n<p>In this section, we are going to examine evolutionary and socially learned <em>behavioral patterns<\/em> that a social engineer can use to influence and to break into the mental room of his victims. Those patterns can be seen as fuel that makes a Social Engineering attack possible. Knowing them is the first important step to get your brain\u2019s firewall up and running.<\/p>\n<h3>Reciprocity<\/h3>\n<p><em>Reciprocity<\/em> is an important principle of everyday human interaction. It refers to an intrinsic expectation that a positive action should be rewarded with another positive action (\u201csomething for something\u201d). If you receive something of value from another person, e.g. a useful information or a tangible gift, you will subconsciously feel the urge to give something back.<\/p>\n<figure id=\"attachment_2454\" aria-describedby=\"caption-attachment-2454\" style=\"width: 645px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_reciprocity.jpeg\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"2454\" data-permalink=\"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2017\/07\/28\/social-engineering-firewall-rules-for-your-brain-part-1\/02_pattern_reciprocity\/\" data-orig-file=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_reciprocity.jpeg\" data-orig-size=\"1518,762\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"02_pattern_reciprocity\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_reciprocity-1024x514.jpeg\" class=\"wp-image-2454\" src=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_reciprocity-300x151.jpeg\" alt=\"\" width=\"645\" height=\"278\"><\/a><figcaption id=\"caption-attachment-2454\" class=\"wp-caption-text\">Regan&#8217;s Reciprocity Experiment (1971)<\/figcaption><\/figure>\n<p>The power of <em>reciprocity<\/em> was scientifically demonstrated by Dennis Regan in 1971. Regan matched two probands and told them to rate artwork together, because he wanted to study their \u201cfeeling for art\u201d. In fact one of the probands in every research pair was a scientific assistant of Regan, who should test the effect of <em>reciprocity<\/em> by giving a can of cola to the other person. After the art experiment was finished the scientific assistant asked if the other person wanted to buy some lottery tickets from him. In average all probands that received a cola bought twice as much tickets (even if they didn\u2019t like the assistant, because he contradicted with their opinion on art).<\/p>\n<p><strong>Use Case:&nbsp;<\/strong>While trying to get physical access to a secured location, reciprocity can be accomplished by hanging out in the smoker\u2019s area and offering to light someone\u2019s cigarette. This small gesture will increase the chance of someone holding an entrance door open for you.<\/p>\n<h3>Authority<\/h3>\n<p>From a young age, people are taught to respect parents, teachers, police and other persons of <em>authority<\/em>. This principle is instilled in all of us from early childhood and follows us through adulthood. Leveraging <em>authority<\/em> in social engineering is an effective tactic, because humans lean to accept instructions from authorities without questioning them at length (especially if the authority holds power over the target, like a CTO).<\/p>\n<figure id=\"attachment_2460\" aria-describedby=\"caption-attachment-2460\" style=\"width: 540px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_authority.jpeg\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"2460\" data-permalink=\"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2017\/07\/28\/social-engineering-firewall-rules-for-your-brain-part-1\/02_pattern_authority\/\" data-orig-file=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_authority.jpeg\" data-orig-size=\"1111,743\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"02_pattern_authority\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_authority-1024x685.jpeg\" class=\"wp-image-2460\" src=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_authority-300x201.jpeg\" alt=\"\" width=\"540\" height=\"368\"><\/a><figcaption id=\"caption-attachment-2460\" class=\"wp-caption-text\">Authority Experiment by Leonard Bickman (1974)<\/figcaption><\/figure>\n<p>In an experiment by Leonard Bickman, pedestrians on a public street were requested to pick up trash that didn\u2019t belong to them. Around 92% pedestrians followed the instruction without hesitating, if the command came from a person of authority.<\/p>\n<p><strong>Use Case:<\/strong>&nbsp;Organizational authority can be used to persuade less senior staff into compliance by making them belief the attacker maintains some level of power over them.<\/p>\n<h3>Obligation<\/h3>\n<p>There are actions that make you feel you have to do them based on social, ethical and legal requirements, contracts and promises. This feeling is closely linked to <em>reciprocity<\/em>. For example calls for donations typically get a higher return rate if the recipient is personally addressed in the call. A personal address will create a social <em>obligation<\/em>.<\/p>\n<figure id=\"attachment_2463\" aria-describedby=\"caption-attachment-2463\" style=\"width: 650px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_duty.jpeg\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"2463\" data-permalink=\"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2017\/07\/28\/social-engineering-firewall-rules-for-your-brain-part-1\/02_pattern_duty\/\" data-orig-file=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_duty.jpeg\" data-orig-size=\"1505,745\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"02_pattern_duty\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_duty-1024x507.jpeg\" class=\"wp-image-2463\" src=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_duty-300x149.jpeg\" alt=\"\" width=\"650\" height=\"330\"><\/a><figcaption id=\"caption-attachment-2463\" class=\"wp-caption-text\">Fields of Obligation<\/figcaption><\/figure>\n<p><strong>Use Case:<\/strong>&nbsp;An example of an obligation tactic might be sending an employee of a company you want to attack a modified USB-mouse with malware on it, e.g. as a prize for wining at a competition. The employee will usually feel the social obligation to at least test the mouse once.<\/p>\n<h3>Scarcity<\/h3>\n<p><em>Scarcity<\/em> is a pattern often used in advertising like sales or special offers. <em>Scarcity<\/em> can be used to manipulate a person\u2019s thoughtfulness by creating feelings of urgency and forcing the person to make quick and rash decisions. Also combining scarcity with patterns like <em>authority<\/em> can strengthen the Social Engineering attack.<\/p>\n<figure id=\"attachment_2466\" aria-describedby=\"caption-attachment-2466\" style=\"width: 367px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_scarcity.jpeg\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"2466\" data-permalink=\"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2017\/07\/28\/social-engineering-firewall-rules-for-your-brain-part-1\/02_pattern_scarcity\/\" data-orig-file=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_scarcity.jpeg\" data-orig-size=\"786,559\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"02_pattern_scarcity\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_scarcity.jpeg\" class=\"wp-image-2466\" src=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_scarcity-300x213.jpeg\" alt=\"\" width=\"367\" height=\"261\" srcset=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_scarcity-300x213.jpeg 300w, https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_scarcity-768x546.jpeg 768w, https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_scarcity.jpeg 786w\" sizes=\"auto, (max-width: 367px) 100vw, 367px\" \/><\/a><figcaption id=\"caption-attachment-2466\" class=\"wp-caption-text\">Scarcity tactics against a secretary<\/figcaption><\/figure>\n<p><strong>Use Case:<\/strong>&nbsp;Every scenario with the word \u201curgent\u201d in it.<\/p>\n<h3>Concession<\/h3>\n<p><em>Concession<\/em> has its historical origin in trading. When two persons are bargaining for an assets, usually both persons propose a potential price until an equilibrium is reached. This behavior of wanting to concede can also be used to manipulate people.<\/p>\n<figure id=\"attachment_2468\" aria-describedby=\"caption-attachment-2468\" style=\"width: 409px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_concession.jpeg\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"2468\" data-permalink=\"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2017\/07\/28\/social-engineering-firewall-rules-for-your-brain-part-1\/02_pattern_concession\/\" data-orig-file=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_concession.jpeg\" data-orig-size=\"706,469\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"02_pattern_concession\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_concession.jpeg\" class=\"wp-image-2468\" src=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_concession-300x199.jpeg\" alt=\"\" width=\"409\" height=\"280\"><\/a><figcaption id=\"caption-attachment-2468\" class=\"wp-caption-text\">Concession in a vishing-attack<\/figcaption><\/figure>\n<p><strong>Use Case:<\/strong> In the context of social engineering, a concession might be used in a phishing attack over phone (<em>vishing<\/em>). At first the attacker asks for the social security number of the victim. If the victim gets suspicious and doesn\u2019t want to give this information over the phone, the attacker then lowers his expectation (cost) by saying the victim could instead visit a website and enter it by himself. Because the attacker conceded by lowering the \u201ccost\u201d, the victim feels compelled to oblige and meet halfway.<\/p>\n<h3>Likability<\/h3>\n<p>In a study about \u201ctips and advice\u201d researcher found out that humans prefer to take a bad advice from somebody they like, e.g. a friend, instead of a good advice from somebody unappealing. This pattern can be found in everyday life or as social engineer Christopher Hadnagy puts it: \u201cPeople like to be liked and like people who like them\u201d.<\/p>\n<figure id=\"attachment_2469\" aria-describedby=\"caption-attachment-2469\" style=\"width: 397px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_likability.jpeg\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"2469\" data-permalink=\"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2017\/07\/28\/social-engineering-firewall-rules-for-your-brain-part-1\/02_pattern_likability\/\" data-orig-file=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_likability.jpeg\" data-orig-size=\"663,514\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"02_pattern_likability\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_likability.jpeg\" class=\"wp-image-2469\" src=\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/02_pattern_likability-300x233.jpeg\" alt=\"\" width=\"397\" height=\"324\"><\/a><figcaption id=\"caption-attachment-2469\" class=\"wp-caption-text\">Study about &#8220;tips and advice&#8221;<\/figcaption><\/figure>\n<p><strong>Use Case:<\/strong>&nbsp;The goal is to establish a rapport with the target. This can be accomplished through tactful compliment, a positive demeanor and a confident aura.<\/p>\n<p>Continue to read in <a href=\"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2017\/07\/31\/social-engineering-firewall-rules-for-your-brain-part-2\/\">Part 2<\/a><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Humans can be regarded as one of the biggest weaknesses for secure systems. Their interaction with technology and awareness for information security makes them usually the \u201cweak link\u201d for gaining access to enterprise networks and private information. From an attackers point of view the investment of using a human to hack a system is much [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[26,651],"tags":[],"ppma_author":[723],"class_list":["post-2442","post","type-post","status-publish","format-standard","hentry","category-secure-systems","category-system-designs"],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":3232,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2017\/10\/06\/usable-security-users-are-not-your-enemy\/","url_meta":{"origin":2442,"position":0},"title":"Usable Security &#8211; Users are not your enemy","author":"mw195","date":"6. October 2017","format":false,"excerpt":"Introduction Often overlooked, usability turned out to be one of the most important aspects of security. Usable systems enable users to accomplish their goals with increased productivity, less errors and security incidents. And It stills seems to be the exception rather than the rule. When it comes to software, many\u2026","rel":"","context":"In &quot;Secure Systems&quot;","block_context":{"text":"Secure Systems","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/system-designs\/secure-systems\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/10\/windows-uac.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":36,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2015\/11\/26\/systems-engineering-and-management-ws-20152016\/","url_meta":{"origin":2442,"position":1},"title":"Systems Engineering and Management WS 2015\/2016","author":"Thomas Pohl","date":"26. November 2015","format":false,"excerpt":"The course Systems Engineering and Management is designed to bridge the gap between theoretical studies in Ultra Large\u00a0Scale Systems\u00a0and\u00a0professional state of the art development. Students should find a platform to explore modern tooling and environments for building, integrating, testing and scaling their applications. It turned out as a good idea\u2026","rel":"","context":"In &quot;Allgemein&quot;","block_context":{"text":"Allgemein","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/allgemein\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8720,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2019\/09\/03\/social-engineering-learn-from-the-best\/","url_meta":{"origin":2442,"position":2},"title":"Social Engineering \u2013 Learn From the Best!","author":"Gisela Kollotzek","date":"3. September 2019","format":false,"excerpt":"It isn\u2019t always necessary to attack by technical means to collect information or to penetrate a system. In many cases, it\u2019s more effective to exploit the human risk factor. To successfully protect yourself and your company from social engineering, you\u2019ve to understand how a social engineer works. And the best\u2026","rel":"","context":"In &quot;Allgemein&quot;","block_context":{"text":"Allgemein","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/allgemein\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2019\/09\/kevin-mitnick-today.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2019\/09\/kevin-mitnick-today.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2019\/09\/kevin-mitnick-today.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2019\/09\/kevin-mitnick-today.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":2476,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2017\/07\/31\/social-engineering-firewall-rules-for-your-brain-part-2\/","url_meta":{"origin":2442,"position":3},"title":"Social Engineering: Firewall-Rules for your brain \u2013 Part 2","author":"Simon Schuster","date":"31. July 2017","format":false,"excerpt":"In the first part of this series you learned which behavioral patterns are usually used to influence humans. Those patterns are the basis of a Social Engineering attack and can usually be detected by a trained person. In the second part we will examine much more sophisticated influencing techniques. Those\u2026","rel":"","context":"In &quot;Secure Systems&quot;","block_context":{"text":"Secure Systems","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/system-designs\/secure-systems\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/07\/03_framing-300x104.jpeg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":3867,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2018\/08\/07\/social-engineering-hacking-the-human-os\/","url_meta":{"origin":2442,"position":4},"title":"Social Engineering &#8211; Hacking the human OS","author":"Benjamin Kowatsch","date":"7. August 2018","format":false,"excerpt":"Abstract Nowadays, our secure systems are already sophisticated and perform well. In addition, research on subjects such as quantum computers ensures continuous improvement. However, even with a completely secure system, we humans pose the most significant threat. Social engineers prey on this to conduct illegal activities. For early detection and\u2026","rel":"","context":"In &quot;Secure Systems&quot;","block_context":{"text":"Secure Systems","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/system-designs\/secure-systems\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1017,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2016\/07\/25\/machine-learning-in-secure-systems\/","url_meta":{"origin":2442,"position":5},"title":"Machine Learning in secure systems","author":"Claudius Messerschmidt","date":"25. July 2016","format":false,"excerpt":"Sadly today's security systems often be hacked and sensitive informations get stolen. To protect a company against cyber-attacks security experts define a \"rule set\" to detect and prevent any attack. This \u201canalyst-driven solutions\u201d are build up from human experts with their domain knowledge. This knowledge is based on experiences and\u2026","rel":"","context":"In &quot;Allgemein&quot;","block_context":{"text":"Allgemein","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/allgemein\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2016\/07\/Machine_learning_SeSy_robot_landscape.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2016\/07\/Machine_learning_SeSy_robot_landscape.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2016\/07\/Machine_learning_SeSy_robot_landscape.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2016\/07\/Machine_learning_SeSy_robot_landscape.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]}],"jetpack_sharing_enabled":true,"authors":[{"term_id":723,"user_id":7,"is_guest":0,"slug":"ss403","display_name":"Simon Schuster","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/47396ece860a3e99df4acda4484c73d3bde2f449a1f16047493496bb9e935660?s=96&d=mm&r=g","0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts\/2442","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/comments?post=2442"}],"version-history":[{"count":26,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts\/2442\/revisions"}],"predecessor-version":[{"id":24717,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts\/2442\/revisions\/24717"}],"wp:attachment":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/media?parent=2442"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/categories?post=2442"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/tags?post=2442"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/ppma_author?post=2442"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}