Untitled Notes

Steganography Concept
- Definition: Hiding messages in plain sight by using everyday objects.
- Example: Women knitting socks during wartime, encoding messages via the knitting patterns to evade border checks.
- Implication: This method of communication is effective since it avoids suspicion compared to standard communication methods.

Arthur C. Clarke's Quote
- "Any sufficiently advanced technology is indistinguishable from magic" - highlights the concept of hidden threats within technology.
Historical Example
- Ancient Greece:
- Method of messenger stealth included tattooing messages on a shaved slave's head, later concealing it with hair regrowth.

Payload and Carrier
- Payload: The actual message being transmitted.
- Carrier: The medium used to conceal the message (e.g., socks or data files).
- Together they create the COBRA message.
Printer Tracking
- Printers embed invisible yellow dots on printed documents that encode the printer’s serial number and print timestamp.
- These dots serve as hidden identifiers, allowing tracing back to the source printer.

AI-Generated Videos
- Discussion on observation of watermarks in AI-generated videos reflects the importance of identifying authenticity in digital content.
Manipulated Images
- An image can be manipulated such that it contains malware or a virus, though it appears visually appealing.

OPSEC
- Definition: The process of protecting sensitive information within an operation.
OSINT
- Definition: Open Source Intelligence gathering, which leverages publicly available information to derive insights.
- Example of geolocation: Skillful individuals can deduce the origins of images based purely on visual information (e.g. location in Geoguessr).

Definition: Psychological manipulation to coerce individuals into divulging confidential information.
- Primary Security Threat: Well-intentioned employees can pose the greatest risk due to their susceptibility to manipulation.

Reciprocity
- People feel obliged to return favors or gestures.
Commitment and Consistency
- Individuals desire to be consistent with their identity or commitments.
Social Proof
- Individuals are influenced by the actions of others; humans adapt their behavior based on group actions.
Authority
- Tendency to comply with authority figures, which can be exploited in manipulative scenarios.
Truth Bias
- The inclination to believe others are truthful, making it easier for malicious actors to gain trust.

Phishing
- Mass emails pretending to be legitimate entities seeking sensitive information.
- Example: Emails mimicking banks, social media sites, etc.
- Example: A phishing strategy can yield significant returns from a large sample size (capturing data from a small response rate).
Spear Phishing
- A targeted approach focusing on a specific individual or organization, requiring in-depth research on the target.
Pretexting
- Creating a scenario that allows gathering personal information under false pretenses.
Vishing (Voice Phishing)
- Fraudulent phone calls aiming to extract personal or financial information.

Definition: A method where malicious actors create a fake login interface to capture user credentials.
- Example: Using a university login page that appears legitimate but is actually a facade to collect login information.

Thumb Drive Test
- Leaving thumb drives in common areas to test responses from individuals.
- Purpose: To observe human behavior and susceptibility to security breaches.
- Results: High percentage of individuals plugged in unverified devices, indicating a potential security risk.

Preparedness Against Social Engineering
- The importance of training staff to recognize potential social engineering tactics, scrutinize information, and develop a strong security mindset.