Special THA Panel Discussion Webinar: Vulnerability Research Reporting
May 13, 2011
That’s right. For those who have come to our webinars in the past – have we got a special one this time around for you. For those who this may be their first time attending – wow. We know we’ve said some of our webinars in the past were the greatest thing since sliced bread; what can we say, we’ve had some awesome topics so far. But the next webinar is extra awesome because it will take the format of a panel discussion. Woot!
THA’s Mike Murray and Dan Frye will be joined by Cris Neckar (of the Google Chrome Security Team) to discuss all of the fun that they’ve had discovering and reporting vulnerabilities to vendors over the years as well as share some of their most important lessons around what you should and shouldn’t do.To answer the common question “what do I do with the vulnerabilities I find?”, what better way is there than to get three researchers who have been in the situation an immense number of times and seen the good, bad and ugly as far as vulnerability research.
This is also the very first time we’ve ever held a panel discussion-type webinar. The format will be a tad different than what some of you are used to. We are holding a normal webinar portion, which will display slides for the questions that will be moderated by THA’s own creative director Rob Murray, and will have live chat. For the discussion itself, we will be using a phone conference bridge. A little different, we know, than our usual format (usually just a webinar portion) – but that’s part of what makes this webinar so awesome. 
Time/Date details:
Special THA Panel Discussion Webinar – Vulnerability Research Reporting
Date: 2011-05-18 (Wed., May 18th, 2011)
Time: 11:30 PM – 01:30 AM
Time zone: (UTC-05) Eastern Time (US + Canada)
Cost: Absolutely FREE, as always.
To join us for this 1-2 hour free webinar, Click Here to sign up to receive attendence information.
Note: if you’ve previously signed up for our webinars, there is no need to sign up again – you will have already received an invite to register via email.
The Problems with Hypnosis and Social Engineering
May 9, 2011
My newest column is up on EthicalHacker.net. Actually, I should probably call it my newest “rant”, as I really somewhat went off about the problem with some people who are making themselves experts in social engineering using hypnosis as part of their background.
For those who know my background, you probably know that I’m not exactly one to talk here. But, as I said in my article:
In short… if you’re learning social engineering and the person is trotting out hypnosis as the primary reason that they’re good at it, examine their other credentials VERY closely. Expect that they can back up their work, and that they can tell you the difference between hypnosis and social engineering and how the two skill-sets translate.
In the column, I didn’t really lay out that correspondence appropriately. Hypnosis can be a useful skill-set for someone who wants to be a social engineer in that:
- Learning hypnosis teaches you to be incredibly sensitive to the impact of your communication on another person
- Language patterns in learned and used in hypnosis CAN BE very effective in social engineering scenarios (though, if you do it wrong, you end up sounding like Ross Jeffries).
- If you can find a trainer who is aware of framing to the level that they can teach the implicit frames involved in hypnosis, you can separate out the frame related components from those that aren’t
