(This description is not intended to teach habitancy how to hack, but rather to teach the commonplace someone how to "stay safe" on the internet)
I'm going to talk about the pros and cons of 2 of the most visited sites on the internet; LinkedIn and MegaUpload.com. LinkedIn is a great site to quickly improve your "business affiliates"; many habitancy plainly post their email address for anyone to sense them to "join their network". You could by all means; of course compose some good contacts at specific clubs or even find out about open jobs; many habitancy even refer others or vouch for their experience, which pretty much means that they owe you a favor later on - like in the Godfather ; ) But the qoute with leaving your internet address like that, is anyone can make a fake linked In "Join my Network" invite (that looks like the same invite the victim has seen 300 other times), and pretty much trick the user into clicking on a link that can do categorically any whole of things, by sending out an email that looks like it categorically came from a valid LinkedIn user. To give you a scenario - If I was to do this, that link would automatically look for exploits or vulnerabilities in your browser (basic users probably using Internet Explorer, right?) and then exploit them with some new 0 day (new exploit with no patches yet) or some other exploit thats been floating nearby for awhile.
2 Post Server Rack
This exploit will then allow me supplementary control over your computer; I could even download more code from a remote internet server to use your computer for sending spam or Ddos attacks. I could search your engine for confidential info like login info, prestige card #s, contacts and other personal info; I'm sure every person gets the idea. So what could be done to protect yourselves? Well if its not against your clubs protection procedure to surf random sites, and you have your own personal computer, I wouldn't be going to this site, surrounded by other sites like Myspace or MegaUpload. At a minimum, log into LinkedIn and accept your invitations to join peoples network from here; Do Not accept a invite from an email to your personal email address that you gave on LinkedIn to add them to your network.
Ever heard of MegaUpload? It's in the top 100 most visited sites on the internet. You can upload as much stuff to their servers as you want (like files too big to be sent via email), and other habitancy can download it when they want (just send them a link), and the aid is free. Could also be used for a communal ftp server (unlimited bandwidth courtesy of MegaUpload). It also circumvents users from sending attachments via email (corporate users can categorically violate their email protection procedure by plainly sending someone a link to download their multimedia). protection managers must be pacing nearby like caged animals; but at least there's a signature for this action if your using a good Intrusion Detection theory like Secnap's Hackertrap.
The moral of this story is that theres fullness of indispensable sites out there, just be true how you use
them ; )
No comments:
Post a Comment