Social Engineering Blogs

An Aggregator for Blogs About Social Engineering and Related Fields

Hackers Find Exploit and Reactivate LizardSquad’s Twitter Account

On September 2, hackers calling themselves “Spain Squad” used an exploit to take control of several previously suspended Twitter accounts. Among these accounts were usernames like @Hitler, @botnet, @LizardSquad and @1337. Twitter re-suspended all of the breached accounts shortly after the hack, but it is unclear whether or not they are still vulnerable to this exploit.

One of the hackers aligned with Spain Squad tweets about reactivated accounts.

One of the hackers aligned with Spain Squad tweets about reactivated accounts.

“It could be a vulnerability in Twitter’s software, a compromised staff account, or some other explanation. It’s also unclear whether the exploit is still active, or was patched concurrently with the banning of the hijacked accounts.” (Business Insider)

A spokesperson for the hacking group has stated they can do even more than recover old accounts with the exploit they found:

“The new exploit allows Spain Squad to change to suspend active accounts, change a user’s Twitter handle and even take control of active accounts. So far, the group has only demonstrated the ability to recover officially suspended accounts — though all of those have already been re-suspended by the social media company.” (Engadget)

Twitter actively suspends accounts that violate their Terms of Service (TOS). Sometimes these suspensions can be temporary and the user is able to restore their account after acknowledging broken rules and promising not to violate TOS again. Often, the user must delete offending tweets before the account will be restored. Alternatively, a Twitter account can become permanently suspended, which means the account is never to be restored under any circumstances. Restoring access to accounts that were thought to be never again accessible could prove to be profitable for hackers selling screen names that may be valuable. However Spain Squad claims to be non-malicious. Whatever their intent, they were definitely doing some of it for the lulz when they took control of the LizardSquad account:

socialhax hackers poodlecorp lizardsquad skids hack exploit twitter suspended accounts

The post Hackers Find Exploit and Reactivate LizardSquad’s Twitter Account appeared first on Social Hax.

Smiling People May be Less Likely to be Judged by Their Gender or Race

By Bahar Gholipour and David Freeman for Huffington Post

Could something as simple as a smile put an end to racist and sexist first impressions?

Probably not. But a new study published in the August issue of the journal Motivation and Emotion suggests that when people smile, strangers may be less likely to judge them based on their race and gender. In other words, by conveying friendliness and openness, people may stop some of those harsh snap judgments in their tracks.

But this doesn’t mean you should smile your way through unfair social interactions.

“Some have concluded the implication of this finding is that members of stereotyped minorities could just smile to reduce the likelihood that others will apply stereotypes to them, but that is too simplistic,” said study co-author Nicole Senft of Georgetown University.

“That conclusion places the responsibility on minority group members to combat stereotypes through their own behavior,” Senft said. “Instead, I think it’s important that we all turn the lens inward and become more aware of the many factors that play into the impressions we form of others.”

Senft and her colleagues asked 93 students to look at a series of photographs of faces and rate the person on Big Five personality traits, which include agreeableness, extroversion, openness to experience, conscientiousness and neuroticism. The photographs included Caucasian and Japanese men and women. Half the students looked at photographs showing faces with a neutral expression, and the other half looked at the same faces smiling.

When judging the inexpressive faces, the students showed hints of applying some preconceived notions about gender and ethnicity in their impressions. They rated Caucasian men lower on agreeableness than Caucasian women, and rated Japanese women as less extroverted than their Caucasian counterparts.

However, when the same faces were smiling, these biases disappeared from the ratings.

This might not be that surprising after all. Smiling, just like race, gender and various facial expressions, sends social cues, which people use to form a quick idea about the person they’ve just met.

“We smile to signal our intent to play, to affiliate, to approve, to appease, or to submit,” said psychologist Alan Fridlund of the University of California at Santa Barbara, who wasn’t involved with the study. “All of these motives have in common our signaling others that we mean them no threat.”

But Fridlund isn’t convinced that smiling can do away with the cultural prejudices formed over a lifetime, and said it’s more likely that the findings simply demonstrate a phenomenon called overshadowing: The smile momentarily distracts people of other cues they can get from the other person. “Give people something big to look at, and they are diverted from everything else,” Fridlund said.

Senft also cautions that the study was small and only included American students of European and Asian descent. More work is needed to replicate these findings and examine the effects in other racial groups such as African Americans and Hispanic Americans.

Nevertheless, the finding that something as simple as a smiling face can change how we form first impressions suggests how malleable ― and in a way, superficial ― such impressions can be.

“For me, the takeaway is that we all need to be wary of the impressions we form of people when we don’t have much information to go on,” Senft said. “That sense we sometimes get that a person just ‘isn’t very nice’ might have more to do with our own biases than with anything about them.”

Employee Data Security Training: What You Should Do

Don’t let employee training fall to the side of data security. By: David PageSecurity AnalystQSAWhen it comes to data security, many businesses tend to think of things like locks, firewalls, and the latest technology to protect their sensitive data. But they often overlook their biggest vulnerability: employees.Now, I’m not saying employees are bad; they’re just human, and humans make mistakes. Unfortunately, many hackers will take advantage of human error to gain access to your data.  You need to spend just as much time and money on your employees as you do on secure technology.Follow for more data security articles like thisMany data breaches happen as a result of a well-meaning employee doing something to make your business vulnerable, whether it’s clicking on a phishing email that downloads malware, giving out sensitive information to someone they shouldn’t, or not being diligent in protecting their passwords.  Most of these cases aren’t even intentional or malicious.Why is training important?A question a business may have is why should employee training matter so much? After all, a business just has to have a firewall and security policies in place and they should be good, right?Wrong.Your security policies are useless if your employees aren’t aware of them. For example, you may have a policy on what to do if you suspect a data breach. But if your employees aren’t trained in what they should do in that situation, they will likely make an error or waste time in reporting it to the right people, potentially causing your business more damage.Another problem is social engineering, which is rapidly becoming a big threat against businesses of all types and sizes. The problem with social engineering is that it targets your employees specifically.  If your employees aren’t trained to recognize social engineering tactics, you could be vulnerable to a data breach.Finally, you and your employees should care about data security and maintaining compliance with PCI, HIPAA, and other industry data security standards. You need to instill a sense of urgency in your employees when it comes to data security. Sometimes they’re all that stands between your business and a damaging data breach.Who should be trained in data security?It’s important to train all of your employees on basic data security best-practices.It’s critical that employees with access to sensitive data know how to protect it.Tweet: Employees with access to sensitive data should know how to protect it. http://ow.ly/1iVY303H2hU #datasecurityTweetThings like email phishing scams and social engineering can affect anyone in your business from the top executive to the janitor. Make sure all of your employees are briefed on policies involving basic physical and data security.What should employees be trained on?It’s good to make a list of policies employees should be made aware of and be trained on. Some policies may include:technology usepassword managementdata handling proceduresincident response plansdata security best practicessocial engineering techniquesBasically, if you have a policy about security that involves your employees, your employees should know about it. Tips for training employeesHolding yearly meetings doesn’t really do it anymore—your employees need a constant reminder to prioritize data security in their daily activities. They will also absorb more information if they receive training more often. Here are some tips to get your employees ready.Set monthly training meetings: focus each month on a different aspect of data security, such as passwords, social engineering, email phishing, etcGive frequent reminders: these could be sent out in an email or newsletter that includes tips for employeesTrain employees on new policies ASAP: also, newly hired employees should be trained on policies as quickly as possibleMake training materials easily available: Intranet sites are a great way to provide access to training and policy informationCreate incentives: reward your employees for being proactiveWatch out for your employeesIt’s important to make sure your employees understand how critical their role is in keeping your business’s data secure. Training employees should be a top priority in your overall data security strategy. After all, your employees are the ones standing between your data and the bad guys. Shouldn’t you make sure they know what to do?Need help finding resources for employee training? Talk to us!David Page is a Qualified Security Assessor and has been working at SecurityMetrics for 2 and a half years. He has over 18 years experience in network and system engineering, design, and security.