November 15, 2009 at 15:22I see you through and through, and you naively believe that you are completely safe
Kevin Mitnik, in one of his interviews with reporters, said that the weakest link in the security system is a person. Thanks to the skills of social engineering, he managed to become one of the most famous hackers of our time. If you think that Kevin, as shown in films about hackers, was sitting in a dark room with a bunch of monitors with digits and hacking everyone and everything from there, never leaving this room, then you are deeply mistaken.
Okay. Ask yourself - what does the Internet already know about you? Most likely, the Internet already knows everything about you, and that, as they say, seen can not be unseen on the global network. Now the second question is how attackers can take advantage of this.
I won’t come up with superhacking stories for stupid American action movies where mega-terrorists erase completely electronic lives of people, replace identities in police databases, look for dandruff in hair from satellites, etc. I have no doubt that this is all possible now, but not to all of us. And what is available to everyone?
Do you have a blog? Twitter? Page on VKontakte or Facebook? Are you an active user of forums? Then we will go to you ...
I reread my own text and I was scared. Seriously.
Immediately, as they say, in the forehead. Some time ago, on the network, bloggers were copying each other’s article, as one guy using only publicly available data sources eventually got access to his girlfriend’s credit card toli to a bank account. Who is not lazy, throw the link.
The moral is that there is already so much public information about you on the Internet that is enough to get access to your private data and the private data of your friends.
Popular in recent years, social networks perform an excellent task - they make friends irl (in real life), unite people according to their interests, create a community. I like that I can see how and where my classmate lives, whom I have not seen for 10 years, I am pleased to communicate with people with the same interests as I have on some website of a specialized community. I also want people to learn about how I live here, what kind of car I have, where I rested in the summer. I indicate the maximum amount of data about myself in the profile in the hope that a once forgotten friend will find me and I will have +1 more virtual friend.
I have Twitter, I write there from time to time some thoughts, my mood and observations of the outside world.
I also have some blogs. A blog is like a diary, originally intended. You know, before there were such notebooks in which they wrote “today Vasya and I made a snow woman” and then “I hate our Russian language teacher”, so now we have blogs that seem to play the same role, but are accessible to everyone . And the people want to have more readers and that they also answer him, they say, "yes, the teacher is a fool!"
People post on the forums. The same lytdybr or questions / answers on some pressing topics.
People have private correspondence stored on gmail.com forever.
It is not difficult for an attacker to collect enough information about you right now. It’s enough to google a little and he will know everything about you: where and when you were born, full details of your parents, the names of all your pets, any schedules, where and when you relaxed, how your mood changed over the past year, what kind of music you listen to who you are friends with and what you eat. And this is only from PUBLIC sources. He did not even have to invent anything yet, much less break the law.
Probably nobody just needs you now.
You may not be the target of an attacker, but remember that I wrote at the very beginning about the weak link. Through you, you can safely get into the company where you work or to people with whom you are friends.
I’m sure that pulling one publicly accessible rope, it will pull out a whole roll of information that you would prefer to hide.
People have circles of trust. I trust completely a small part of my friends and relatives. I trust many friends. I do not trust little-known people. And even more unfamiliar.
But if a person knows everything about me, it is STRONGLY easier for him to enter my circle of trust and get the necessary information. It is enough only to show in a casual conversation that our interests coincided by chance (of course, I wrote about all interests on VKontakte), and then somehow put the questions in the right direction, and I won’t notice.
Heck, he can pretend to be my friend Vasya, who enters the first round. Niraz from friends on ICQ did not get questions to lend money? Well, spam on VKontakte from friends?
O RLY?
A picture to make it more fun.
And now there are more real examples. Enough abstract horror stories.
All of you are aware that not so long ago you dragged a thuja a bunch of logins and passwords from VKontakte. How this is done now is not important. It is important that they put the whole thing on the Internet. Personally, Pavel Durov, without thinking twice (apparently) throughout the sheet, reset the passwords of hacked users. And now the question is - how many percent of users of the list have a mail password (which is the username) that matches the password on VKontakte? How many of them had a mailbox on gmail? How many of them have ever deleted letters from it? How many services allow you to recover your password while having access to your mailbox?
Everything, all the electronic life of a person in your hands. They pulled the thread.
How many of you, in the form of password recovery, raised the question “pet name” somewhere? You think from your contacts and blogs I can not find the answer to this question? Real story.
Once, in the popular service of private bookmarks with the password password, I found a root sftp login for the main server of a large company. Inside was interesting.
Well, also, admit, you only have 1-2 passwords for all services? Are you sure of the reliability of each of them?
Need more examples? Their D O F AND G A.
That I have not mentioned anywhere else about leaky software and a bunch of vulnerabilities. Nevertheless, not everyone can use the holes, but anybody can use publicly available information.
Pray if you believe in God. If you are an active network resident, then it is already difficult to do something. All your pages are in the cache of search engines, aggregators and "time machines". Remember each service you use, find a reliable program for generating and storing passwords, make a unique password for each service. Delete unnecessary correspondence. Close public access to your VKontakte.
And remember, if you are paranoid, this does not mean that no one is following you.
PS each item is greatly reduced, otherwise it turned out very long and tedious.
PPS is well written here .
This should be talked about and reminded constantly, like on packs of cigarettes about the dangers of smoking. When registering on the same forums and social networks, you need to write in big red letters that everything you write here can be used against you.
The fact is that the majority of readers of this post are IT experts, and they (we) are familiar with the whole kitchen from the inside, and from here the indignation - they say, well, what the hell, I don’t believe it can’t be, bullshit, garbage, davayka baby on googled me something. At the same time, we have 10 passwords of varying degrees of security, at least 3 soaps (registration in govnoservis, turnover and private mail that knows no more than 20 people). For us, this is all in the order of things for granted, and hence the indignation.
But this is for us, and what for a girl of 17 years old, who suddenly decided to play pranks and in a “private” correspondence with her boyfriend in some social network decides to upload photos with her boobs? Tomorrow, well, or the day after tomorrow, these boobs will be on the chips.
Tell me, do you consider yourself a weak link? Me neither. I’ll go to look closely at secretary Masha and her contact person. Why do you need me with your geekiness and paranoia.
Okay. Ask yourself - what does the Internet already know about you? Most likely, the Internet already knows everything about you, and that, as they say, seen can not be unseen on the global network. Now the second question is how attackers can take advantage of this.
I won’t come up with superhacking stories for stupid American action movies where mega-terrorists erase completely electronic lives of people, replace identities in police databases, look for dandruff in hair from satellites, etc. I have no doubt that this is all possible now, but not to all of us. And what is available to everyone?
Do you have a blog? Twitter? Page on VKontakte or Facebook? Are you an active user of forums? Then we will go to you ...
I reread my own text and I was scared. Seriously.
Immediately, as they say, in the forehead. Some time ago, on the network, bloggers were copying each other’s article, as one guy using only publicly available data sources eventually got access to his girlfriend’s credit card toli to a bank account. Who is not lazy, throw the link.
The moral is that there is already so much public information about you on the Internet that is enough to get access to your private data and the private data of your friends.
What.
Popular in recent years, social networks perform an excellent task - they make friends irl (in real life), unite people according to their interests, create a community. I like that I can see how and where my classmate lives, whom I have not seen for 10 years, I am pleased to communicate with people with the same interests as I have on some website of a specialized community. I also want people to learn about how I live here, what kind of car I have, where I rested in the summer. I indicate the maximum amount of data about myself in the profile in the hope that a once forgotten friend will find me and I will have +1 more virtual friend.
I have Twitter, I write there from time to time some thoughts, my mood and observations of the outside world.
I also have some blogs. A blog is like a diary, originally intended. You know, before there were such notebooks in which they wrote “today Vasya and I made a snow woman” and then “I hate our Russian language teacher”, so now we have blogs that seem to play the same role, but are accessible to everyone . And the people want to have more readers and that they also answer him, they say, "yes, the teacher is a fool!"
People post on the forums. The same lytdybr or questions / answers on some pressing topics.
People have private correspondence stored on gmail.com forever.
To.
It is not difficult for an attacker to collect enough information about you right now. It’s enough to google a little and he will know everything about you: where and when you were born, full details of your parents, the names of all your pets, any schedules, where and when you relaxed, how your mood changed over the past year, what kind of music you listen to who you are friends with and what you eat. And this is only from PUBLIC sources. He did not even have to invent anything yet, much less break the law.
Probably nobody just needs you now.
What for.
You may not be the target of an attacker, but remember that I wrote at the very beginning about the weak link. Through you, you can safely get into the company where you work or to people with whom you are friends.
I’m sure that pulling one publicly accessible rope, it will pull out a whole roll of information that you would prefer to hide.
How.
People have circles of trust. I trust completely a small part of my friends and relatives. I trust many friends. I do not trust little-known people. And even more unfamiliar.
But if a person knows everything about me, it is STRONGLY easier for him to enter my circle of trust and get the necessary information. It is enough only to show in a casual conversation that our interests coincided by chance (of course, I wrote about all interests on VKontakte), and then somehow put the questions in the right direction, and I won’t notice.
Heck, he can pretend to be my friend Vasya, who enters the first round. Niraz from friends on ICQ did not get questions to lend money? Well, spam on VKontakte from friends?
O RLY?
A picture to make it more fun.
And now there are more real examples. Enough abstract horror stories.
All of you are aware that not so long ago you dragged a thuja a bunch of logins and passwords from VKontakte. How this is done now is not important. It is important that they put the whole thing on the Internet. Personally, Pavel Durov, without thinking twice (apparently) throughout the sheet, reset the passwords of hacked users. And now the question is - how many percent of users of the list have a mail password (which is the username) that matches the password on VKontakte? How many of them had a mailbox on gmail? How many of them have ever deleted letters from it? How many services allow you to recover your password while having access to your mailbox?
Everything, all the electronic life of a person in your hands. They pulled the thread.
How many of you, in the form of password recovery, raised the question “pet name” somewhere? You think from your contacts and blogs I can not find the answer to this question? Real story.
Once, in the popular service of private bookmarks with the password password, I found a root sftp login for the main server of a large company. Inside was interesting.
Well, also, admit, you only have 1-2 passwords for all services? Are you sure of the reliability of each of them?
Need more examples? Their D O F AND G A.
That I have not mentioned anywhere else about leaky software and a bunch of vulnerabilities. Nevertheless, not everyone can use the holes, but anybody can use publicly available information.
What to do.
Pray if you believe in God. If you are an active network resident, then it is already difficult to do something. All your pages are in the cache of search engines, aggregators and "time machines". Remember each service you use, find a reliable program for generating and storing passwords, make a unique password for each service. Delete unnecessary correspondence. Close public access to your VKontakte.
And remember, if you are paranoid, this does not mean that no one is following you.
PS each item is greatly reduced, otherwise it turned out very long and tedious.
PPS is well written here .
This should be talked about and reminded constantly, like on packs of cigarettes about the dangers of smoking. When registering on the same forums and social networks, you need to write in big red letters that everything you write here can be used against you.
The fact is that the majority of readers of this post are IT experts, and they (we) are familiar with the whole kitchen from the inside, and from here the indignation - they say, well, what the hell, I don’t believe it can’t be, bullshit, garbage, davayka baby on googled me something. At the same time, we have 10 passwords of varying degrees of security, at least 3 soaps (registration in govnoservis, turnover and private mail that knows no more than 20 people). For us, this is all in the order of things for granted, and hence the indignation.
But this is for us, and what for a girl of 17 years old, who suddenly decided to play pranks and in a “private” correspondence with her boyfriend in some social network decides to upload photos with her boobs? Tomorrow, well, or the day after tomorrow, these boobs will be on the chips.
Tell me, do you consider yourself a weak link? Me neither. I’ll go to look closely at secretary Masha and her contact person. Why do you need me with your geekiness and paranoia.