To The Last Tribe Consulting

I have no idea who Greg, developer of the Penny Stock Secret is, or whether or not he really is a millionaire, but I do know one thing for sure:  They really need to obfuscate their javascript better.

So the idea of PennyStockSecret.com is that after ‘Greg”, “studied all the investment theories, consulted financial advisors and spent extraordinary amounts of time at his computer,” he found the “keys that bring stock market success.”

And for only a one time fee of $97, you can be in on his success!  How?

Well, “More than just identifying the best stocks to buy, we tell you exactly when to sell them too.” They do this through subscribing you to a newsletter that will alert you when you should buy and sell.

But wait, there is a catch!  There are only Insert Random Number Here spots on the newsletter list available!

Wait, what?

Yes, if you view the source, you can see that all the Javascript does is generate a random number for how many spots are available.

What is sad is that I’m sure they are bilking quite a few people out of their cash.  Why?

Wizard’s First Rule.

-Josh

As I mentioned in my previous post, I am currently working on some original research dealing with Social Engineering.  For background, I have been reading some of the few books on social engineering.  One of them, Hacking the Human, by Ian Mann, has been fantastic.  One of the areas of research he goes into is some basic principles on using Neuro-Lingustic Programming to profile a target.

Neuro-Lingustic Programming (NLP) was first developed by Richard Bandler and John Grinder, as a form of psychological therapy.  They felt there was a  ”…theoretical connection between neurological processes (‘neuro’), language (‘linguistic’), and behavioral patterns that have been learned through experience (‘programming’), and that can be organised to achieve specific goals in life.” (Wikipedia)

One aspect of NLP that Mann brought out was the idea of observing eye movements to indicate current thought processes.  For example, the idea that as one talks to themselves, their eyes drift bottom-right.

The following is a diagram of the different possible locations:

I found a great video that showcases this.

(Used with Permission)

I found this to be a very interesting concept–So I decided to test it out for myself.  I asked the same questions as the above video to a friend, while videoing him answering.  Interestingly, I got the same results, though not quite as pronounced as the above video.

To bring this back to Social Engineering: Mann saw this as a powerful tool to add to his repertoire for face to face social engineering attacks–being able to get clues to the current thought process of the target–even being able to tell, with a high percentage of accuracy, if the target is lying! (Mann, Hacking the Human)

Just another exploitable vulnerability in the being that is the called the Human.

-Josh

Just wanted to give you a brief update on what I have been working on lately.

I am currently working on my GCIH Gold paper–My abstract was accepted by SANS, and I have been working on it for a little over a month now.

I would rather not share the abstract for now, as it is an area of original research, and I would rather not tip my hand.

But to give you a clue of the general direction, here is a pic of some of my source material for the background research.

Josh