Airport Runways And Hashtags — How To Become A Social Engineer

Of the $11.7 million companies lose to cyber attacks each year, an estimated 90% begin with a phone call or a chat with support, showing that the human factor is clearly an important facet of security and that security training is seriously lacking in most companies. Between open-source intelligence (OSINT) — the data the leaks out to public sources just waiting to be collected — and social engineering — manipulating people into telling you what you want to know — there’s much about information security that nothing to do with a strong login credentials or VPNs.

There’s great training available if you know where to look. The first time I heard about WISP (Women in Security and Privacy) was last June on Twitter when they announced their first-ever DEFCON Scholarship. As one of 57 lucky participants, I had the chance to attend my first DEFCON and Black Hat, and learn about their organization.

Apart from awarding scholarships to security conferences, WISP also runs regional workshops in lockpicking, security research, cryptography, and other security-related topics. They recently hosted an OSINT and Social Engineering talk in San Francisco, where Rachel Tobac (three-time DEFCON Social Engineering CTF winner and WISP Board Member) spoke about Robert Cialdini’s principles of persuasion and their relevance in social engineering.

Cialdini is a psychologist known for his writings on how persuasion works — one of the core skills of social engineering. It is important to note that while Cialdini’s principles are being applied in the context of social engineering, they are also useful for other means of persuasion, such as bartering for a better price at an open market or convincing a child to finish their vegetables. It is recommended that they are used for legal purposes and that they result in positive consequences for targets. Let’s work through the major points from Tobac’s talk and see if we can learn a little bit about this craft.

Continue reading “Airport Runways And Hashtags — How To Become A Social Engineer”

WISP Needs No Battery Or Cable

One of the problems with the Internet of Things, or any embedded device, is how to get power. Batteries are better than ever and circuits are low power. But you still have to eventually replace or recharge a battery. Not everything can plug into a wall, and fuel cells need consumables.

University of Washington researchers are turning to a harvesting approach. Their open source WISP board has a sensor and a CPU that draws power from an RFID reader. To save power during communication, the device backscatters incoming radio waves, which means it doesn’t consume a lot of its own power during transmissions.

The big  news is that TU Delft has contributed code to allow WISP to reprogram wirelessly. You can see a video about the innovation below. The source code is on GitHub. Previously, a WISP had to connect to a PC to receive a new software load.

Continue reading “WISP Needs No Battery Or Cable”

WISP Adds Wifi To The Internet Of Things

The guys over at embdSocial sent in a project they’ve been working on for a while. It’s a small wifi module for an Arduino or other microcontroller called Wisp. Unlike the many, many other wifi breakout boards we’ve seen, the Wisp has a truly incredible amount of potential. With an API that allows an Arduino to post to Twitter, sending text messages, and even has remote admin capabilities, the embedSocial team came up with something really cool.

We’ve seen our fair share of projects that use wifi, but the Wisp is amazingly clever as to how projects can be controlled. Each Wisp is administered through the Internet. Once a Wisp is registered to your online embdSocial account you can upload new code without ever physically connecting a microcontroller to your computer.

To demonstrate the remote administration capabilities of the Wisp, the embdSocial guys put an Arduino and Wisp inside an electrical junction box. With their setup, the guys have the simplest and smallest Internet connected power outlet we’ve ever seen.

After the break, you can see a demo of a Wisp opening a garage door and a remotely operated, web enabled airsoft turret. We’re loving that the turret sends video from the gun to any device on the Internet, and it’s impressive that [Chris] and [Art] whipped up both these projects in a single weekend. There’s also a Kickstarter for the Wisp, so here’s to hoping we can pick one of these up soon.

Continue reading “WISP Adds Wifi To The Internet Of Things”

Notacon 2008: Last-mile Wireless


[Mark Doner] presented on how the WISP he works for near Toledo is set up. His most important point was that 802.11 is garbage when it comes to the type of installations WISPs do. 802.11 expects the clients to adjust based on the traffic from other clients, but when all your clients are directional they won’t see each other. Mark uses Motorola’s Canopy equipment, but he also mentioned Trango and Redline as other vendors. The radios operate in the 5.7GHz band which doesn’t have any power restrictions so they can use refurbished Dish Network dishes when they’re doing long shots. For customers that are nearly at the edge of service, they have 900MHz equipment as well. Heavy fog and freezing rain have proven to be the only weather that really affects the service. For back-haul between their towers they use Dragonwave equipment. Each of the radios costs ~$350 and features GPS to determine distance and maintain sync with the AP. It was interesting to see how a good WISP operates as opposed to the flakey ones we’ve had to deal with in the past.