LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-29-2017, 09:42 PM   #1
RandomTroll
Senior Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 1,286

Rep: Reputation: 218Reputation: 218Reputation: 218
'Hackers Hide Cyberattacks in Social Media Posts'


Quote:

'It took only one attempt for Russian hackers to make their way into
the computer of a Pentagon official. But the attack didn't come
through an email or a file buried within a seemingly innocuous
document.

'A link, attached to a Twitter post put out by a robot account,
promised a family-friendly vacation package for the summer. It was the
kind of thing anyone might click on, according to the official hit by
the attack, who was not authorized to speak publicly about it.'
https://www.nytimes.com/2017/05/28/t...dia-posts.html
 
Old 05-29-2017, 10:14 PM   #2
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 15,440
Blog Entries: 25

Rep: Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441
There's nothing social about "social" media, not any more, if there ever was. What has not been subverted has been sacrificed to mammon.

Electrons and emoticons are not the stuff on which friendships are built. They can lead to friendship, surely, but they are not friendship.

As an acquaintance of mine said when she disappeared from view (for reasons which she didn't volunteer and, because I don't know her well enough, for which I didn't ask), "'Facebook friends' are not really friends."

I think it was Stallman who said that "Facebook doesn't have "users." It has "used."

Also, the stupid, it burns.

Last edited by frankbell; 05-29-2017 at 10:15 PM.
 
Old 05-29-2017, 11:19 PM   #3
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177
However ...

I quite-frankly think that there is considerable bias(!!) in these particular accounts of "Russian Hackers™," as related as such once-august venues such as The New York Times.

These folks want ... in order to advance their own personal agendas ... to advance the notion of the "all-powerful [Russian™, of course ...] Hacker™," against the "all-American Pentagon™."

Quote:
"It took only one attempt for Russian hackers to make their way into the computer of a Pentagon official."
Seriously? You actually said that?

(Uh huh... "it was just as easy as pie.") ... Uh huh ... As though many thousands of dedicated security professionals within the US Government simply did not exist.

... so that ... "We love yooouuu-u-uuu!! Madame Presidente!!"

Yeah. "I get it." (However, did I also mention that you have, by now, long over-stayed your welcome?)

Last edited by sundialsvcs; 05-29-2017 at 11:21 PM.
 
Old 05-31-2017, 02:30 AM   #4
JJJCR
Senior Member
 
Registered: Apr 2010
Posts: 1,642

Rep: Reputation: 277Reputation: 277Reputation: 277
Wow..Hacker Innovation..

Time to make good business in Payload anti-virus.

From Wikipedia: In computer security, the payload is the part of malware such as worms or viruses which performs the malicious action;

More Social Media, More Malware Media.. 3Ms.

Last edited by JJJCR; 05-31-2017 at 02:31 AM. Reason: edit
 
Old 06-03-2017, 05:55 AM   #5
fred2014
Member
 
Registered: Mar 2015
Posts: 63

Rep: Reputation: Disabled
If people insist on behaving like 12 year old schoolgirls they deserve everything they get.
 
Old 06-03-2017, 08:12 AM   #6
jmccue
Member
 
Registered: Nov 2008
Location: US
Distribution: slackware
Posts: 318

Rep: Reputation: 158Reputation: 158
In some cases it does not take much to get zinged, for example.

Where I work security sends out phishing emails once in a great while, the redirects to a edu site.

I never got caught until a couple days ago. I walked to work, I was tired and a colleague said "you should see this interesting email, it is for ...." (forgot the subject). I looked for it and bingo Luckily I had noscript and my name was not recorded as 'caught'. He had not gone into it yet, but was reading the subject to me, he was caught when he selected the link

BTW, If you get 'caught' no harm comes to you, it is purely educational.
 
Old 06-04-2017, 03:05 AM   #7
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 12,507
Blog Entries: 9

Rep: Reputation: 3393Reputation: 3393Reputation: 3393Reputation: 3393Reputation: 3393Reputation: 3393Reputation: 3393Reputation: 3393Reputation: 3393Reputation: 3393Reputation: 3393
Quote:
Originally Posted by jmccue View Post
Where I work security sends out phishing emails once in a great while
and the ones that step into it get a reprimanding mail?
i like that. inventive it department.
 
Old 06-04-2017, 08:06 AM   #8
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177
Quote:
Originally Posted by ondoho View Post
and the ones that step into it get a reprimanding mail?
i like that. inventive it department.
I would object to that practice. Generally speaking, a company should be filtering its email pro-actively. If they want to make an illustrative point, they should send an e-mail that obviously redirects to an internal page ... and, they should not take any sort of further "action." The point will be made well enough.
 
Old 06-05-2017, 06:06 AM   #9
dave@burn-it.co.uk
Member
 
Registered: Sep 2011
Distribution: Puppy
Posts: 601

Rep: Reputation: 172Reputation: 172
It is called "entrapment".
Society deems it illegal for security forces to use it.
 
Old 06-05-2017, 06:24 AM   #10
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Quote:
Originally Posted by RandomTroll View Post
I don't think it's either inventive or unexpected. "Social media", whatever it may mean to you, is just a tool. And any tool that lends itself to be abused (whatever the definition of abuse is) will be abused. Guard security posture, educate users (in short: ensure compliance) and do expect the Spanish Inquisition ;-p
 
Old 06-13-2017, 10:12 PM   #11
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,513

Rep: Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004
Like I always say, "All your friends on facebook + 15.00$ will get you lunch."
 
Old 06-17-2017, 08:30 AM   #12
jmccue
Member
 
Registered: Nov 2008
Location: US
Distribution: slackware
Posts: 318

Rep: Reputation: 158Reputation: 158
Quote:
Originally Posted by ondoho View Post
and the ones that step into it get a reprimanding mail?
i like that. inventive it department.
Actually there is no downside to getting 'caught', it is purely educational, nothing more.

I even know one high level VP and a few managers and many other people who got caught multiple times without getting a 'reprimand'. The one time I got taken in I was redirected to an edu site and never heard anything at all.

Actually the way it is run it quite good and it helps people learn the dangers of not paying attention to links in a email

John
 
Old 06-18-2017, 10:48 PM   #13
RandomTroll
Senior Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 1,286

Original Poster
Rep: Reputation: 218Reputation: 218Reputation: 218
Quote:
Originally Posted by jmccue View Post
Where I work security sends out phishing emails
I fetch e-mail with fetchmail, read it with mailx: I'm unphishable.

'I think it was Stallman who said that "Facebook doesn't have "users." It has "used."'
If you're not the consumer, you're the product.
 
Old 06-19-2017, 05:04 AM   #14
dave@burn-it.co.uk
Member
 
Registered: Sep 2011
Distribution: Puppy
Posts: 601

Rep: Reputation: 172Reputation: 172
Quote:
I'm unphishable
Oh yes you are. Look up the meaning
 
Old 06-19-2017, 11:06 AM   #15
RandomTroll
Senior Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 1,286

Original Poster
Rep: Reputation: 218Reputation: 218Reputation: 218
Quote:
Originally Posted by dave@burn-it.co.uk View Post
Oh yes you are. Look up the meaning
I just looked it up on wiktionary. Unless you have a different meaning, I think I'm right.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: IndieWeb: Make your social media posts open first LXer Syndicated Linux News 0 11-04-2016 06:45 AM
LXer: Hackers Fool Tesla S's Autopilot to Hide and Spoof Obstacles LXer Syndicated Linux News 0 08-08-2016 10:30 PM
Who's Using Social Media And What Are You Using It For? JockVSJock General 22 02-22-2016 01:20 PM
LXer: Social media for slackers LXer Syndicated Linux News 0 12-01-2014 09:20 AM
LXer: Get the Most out of Social Media On Your Ubuntu LXer Syndicated Linux News 0 03-25-2008 07:42 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration