Continuing on my social media spam train, a study conducted by Nexgate (published today) analyzed that over 60 million pieces of social media content contained a 355% jump in social spam over the last year. 355 PERCENT! 15% of this spam contained links to pornography and malware. I wrote yesterday how astonished I was that these attacks still existed. The article did not say how many of these attacks were a success. But if the jump was 355% these attacks must have some level of success.
I just don't understand it. I guess I have more faith in human intelligence than I should. Ok, that sounded mean. What I do mean is I find it shocking how people have not been informed. The first series of this blog has been about social engineering and how users interact with these attacks. But I have to remember, I grew up with this stuff. I'm guessing some of the victims did not grow up with the internet and social media. But it's like Chris Croad said, the battle is not with the hackers, it's educating people to know what to look for.
That's all for now. I'll be back soon.
--Chris
Wednesday, September 25, 2013
Tuesday, September 24, 2013
Breaking Bad Hackers
Breaking Bad has cultivated America. The hit show ends it 6 season run this Sunday. Because of this Hackers have used this as a way to attack viewers through Twitter. Spammers have been adding users to a Breaking Bad themed list on twitter. After users were added to the list they would see tweets saying "Leaked Breaking Bad" or "New Episode" and a Pastebin.com link. Satnam Narang, a security response manager at Symantic said "In order to open the large file, users are instructed to download the latest version of 7-Zip,"."The link directs users through an affiliate program, which is how scammers make money. The affiliate program directs users to an installer that comes bundled with other applications. Users can choose not to install these applications" he said. Apparently these list gain quite a lot of traction but were easily to remove yourself from.
I'm very surprised that this actually worked on people. But that's what people do. Sometimes they just don't think and click. I'm more surprised that this worked over a social media outlet. Most hacks over Facebook or Twitter are very easy to spot out; the links are rather sketchy looking. Statistics show that 30% of twitter are 18-30 year olds, so a lot of them grew up with Twitter and Facebook and you would think they would be able to spot this obvious hack.
Just today I heard a girl talking about how her Twitter got hacked and was sending strange message to people. The messages said "Recommended: (inset strange link)." The funniest part was I received a message just like that from somebody else a few hours after that.
I'm surprised that these attacks still exist. Because they are so obvious I figure that Hackers wouldn't move on to something less out in the open. But maybe the out in the open attack is the best kind. Kind of like hiding in plain sight.
I'm very surprised that this actually worked on people. But that's what people do. Sometimes they just don't think and click. I'm more surprised that this worked over a social media outlet. Most hacks over Facebook or Twitter are very easy to spot out; the links are rather sketchy looking. Statistics show that 30% of twitter are 18-30 year olds, so a lot of them grew up with Twitter and Facebook and you would think they would be able to spot this obvious hack.
Just today I heard a girl talking about how her Twitter got hacked and was sending strange message to people. The messages said "Recommended: (inset strange link)." The funniest part was I received a message just like that from somebody else a few hours after that.
I'm surprised that these attacks still exist. Because they are so obvious I figure that Hackers wouldn't move on to something less out in the open. But maybe the out in the open attack is the best kind. Kind of like hiding in plain sight.
Monday, September 23, 2013
iPhone has already been hacked
As we all were afraid of, the new iPhone fingerprint scanner has already been hacked. Yesterday mid afternoon Buzz Feed released and article saying the Chaos Computer Club has created a fake fingerprint using a photograph on transparent paper and then "pink latex milk or white wood glue is smeared in the pattern created by the toner onto the transparent sheet."
Here's the article: http://www.buzzfeed.com/jwherrman/the-iphones-fingerprint-sensor-has-already-been-hacked
If you wanted to go through all that trouble to steal and crack into my phone go right a head. You deserve it.
Here's the article: http://www.buzzfeed.com/jwherrman/the-iphones-fingerprint-sensor-has-already-been-hacked
If you wanted to go through all that trouble to steal and crack into my phone go right a head. You deserve it.
These hackers are obviously more advanced than your average thief. But lets look at this in the business world. According to an article on venturebeat.com there is about 300 million active iPhones. So obviously there are a lot of executives who use iPhones. If a hacker were to steal a phone and could steal a fingerprint half the battle is already over to get into that phone and could possibly get into company e-mail. Who's to say there would even be a passcode on the phone. As we discussed in class Yahoo! President Marissa Mayer said she thought the fingerprint scanner was a great idea because she did not like typing in her code 15-20 times a day. Imagine the possibilities of getting into her phone.
I have a problem with idea of the fingerprint scanner itself. Sure it's cool and we can all feel like secret FBI agents, but it is actually taking away from the authentication process. I feel like a fingerprint is something you have and something that you are. Genetically you are you fingerprint. I know that you can set it up to be your cat's paw or your nose but not too many people are going to do that. But because it is taking away from the authentication process I feel that Apple is actually making their phones security weaker not stronger.
Sunday, September 22, 2013
New Blog Purpose
This is Chris Harter's new security blog for IST 323. In this blog I will be posting my opinions on different IT security news and my experiences with IT security. I am going to be posting 3 to 4 times per short assignment based on the length of my posts. For my first post I am going to talk about my own experience as a "hacker." Don't worry I didn't do anything illegal so you won't have to call the cops after reading this.
My girlfriend is a sophomore at LeMoyne and has lived in two different dorms the last two years. To get into their dorms just like Syracuse students swipe their ID (something you have authentication). There have been times where instead of waiting for her to answer the door someone from LeMoyne have been entering their dorm and I have walked right behind them and into the dorm. I never thought anything of it until I started taking IST 323.
After reading our textbook and being in lecture, I have learned this type of hack is called tailgating. Tailgating is exactly what it sounds like, it's walking behind someone who has authentication and looking like you belong there to gain access to a place you are not authorized to be in.
Obviously I was not doing anything malicious, I was just seeing my girlfriend. It made me chuckle when I tailgated someone last week. Over the past 2 years I have tailgated at least 15 times. But then it made me think what if I was somewhere else. Or what if I was somebody dangerous? All I had to do is smile and say thank you and I was in. If we were somewhere with more security I know I would not have been let in. It all comes back to the need to train people to not be susceptible to social engineering.
But all in all, this is just a fun story of how I accidentally became a hacker even if it was the lamest hacker of all time.
Thanks for reading there will be another post tomorrow!
--Chris
My girlfriend is a sophomore at LeMoyne and has lived in two different dorms the last two years. To get into their dorms just like Syracuse students swipe their ID (something you have authentication). There have been times where instead of waiting for her to answer the door someone from LeMoyne have been entering their dorm and I have walked right behind them and into the dorm. I never thought anything of it until I started taking IST 323.
After reading our textbook and being in lecture, I have learned this type of hack is called tailgating. Tailgating is exactly what it sounds like, it's walking behind someone who has authentication and looking like you belong there to gain access to a place you are not authorized to be in.
Obviously I was not doing anything malicious, I was just seeing my girlfriend. It made me chuckle when I tailgated someone last week. Over the past 2 years I have tailgated at least 15 times. But then it made me think what if I was somewhere else. Or what if I was somebody dangerous? All I had to do is smile and say thank you and I was in. If we were somewhere with more security I know I would not have been let in. It all comes back to the need to train people to not be susceptible to social engineering.
But all in all, this is just a fun story of how I accidentally became a hacker even if it was the lamest hacker of all time.
Thanks for reading there will be another post tomorrow!
--Chris
Subscribe to:
Comments (Atom)