I see through you, and you naively believe that you are completely safe.
Kevin Mitnick, in one of his interviews with reporters, said that the weakest link in the security system is man. It is thanks to the skills of social engineering, he managed to become one of the most famous hackers of our time. If you think that Kevin, as shown in films about hackers, was sitting in a dark room with a bunch of monitors with digits and hacking everyone and everything from there, never leaving this room, then you are deeply mistaken.
Okay. Ask yourself the question - what does the Internet already know about you? Most likely, the Internet already knows everything about you, and that, as they say, seen can not be unseen in the global network. Now the second question is how attackers can take advantage of this.
I will not invent super-hacker plots for stupid American action movies, where mega-terrorists erase completely electronic lives of people, replace identity in police databases, look for dandruff in hair from satellites, etc. I have no doubt that all this is possible now, but not all of us. And what is available to all?
')
Do you have a blog? Twitter? A page on VKontakte or Facebook? Are you an active forum user? Then we go to you…
I re-read my own text and I was scared. Seriously.
Immediately, as they say, in the forehead. Some time ago, online bloggers copied an article from each other, as one guy using only publicly available data sources eventually got toli access to his girlfriend’s credit card, toli bank account. To whom not laziness, throw the link.
The moral is that there is already so much public information about you on the Internet, which is enough to get access to your private data and private data of your friends.
Popular in recent years, social networks perform an excellent task - they gather friends irl (in real life), unite people according to their interests, create a community. I like that I can see how and where my classmate lives, whom I have not seen for 10 years, I am pleased to communicate with people with the same interests as I have on some specialized community site. I also want people to learn about how I live here, what my car is, where I rested in the summer. I indicate the maximum amount of data about myself in my profile in the hope that a once-forgotten friend will find me and I will have a +1 virtual friend more.
I have Twitter, I write there from time to time some thoughts, my mood and observations of the world around me.
I also have a few blogs. A blog is like a diary originally intended. You know, before such notebooks were in which they wrote “today Vasya and I sculpted a snowman” and then “I hate our Russian language teacher,” so now we have blogs that seem to play the same role, but are accessible to everyone . And the people want to have more readers and that they also answered, they say, "yes, teacher, stupid!".
People write on the forums. The same lytdybr or questions / answers on some pressing topics.
People keep private correspondence on gmail.com forever.
The attacker now collect enough information about you is not difficult. It’s enough to google a little and he will know everything about you: where and when you were born, complete data on your parents, names of all your pets, any schedules, where and when you rested, how your mood changed over the last year, what music you listen to who you are friends with and what you eat. And this is only from PUBLIC sources. He did not even have to invent something, let alone break the law.
Probably you just now no one needs.
You may not be the target of the attacker, but remember that I wrote at the very beginning about the weak link. Through you, you can safely get into the company where you work or to people with whom you are friends.
I’m sure that by tugging on one publicly accessible string, it will pull out a roll of information that you would prefer to hide.
People have circles of trust. I trust a completely small part of my friends and relatives. I trust many friends. I do not trust few familiar people. And all the more unfamiliar.
But if a person knows everything about me, it is STRONGLY easier for him to enter my circle of trust and get the necessary information. It is enough only in a casual conversation to show that our interests coincided coincidentally (of course, I wrote all interests on VKontakte), and then somehow translate questions into the direction he needed, and I will not notice.
Damn it, he can pretend to be my friend Vasya, who enters the first circle. Nirazu from friends on ICQ did not come questions to borrow money? Well, spam vkontakte from friends?
O rly?
Picture, so it was more fun.
And now more real-life examples. Enough of abstract horror stories.
All of you are aware that not so long ago they dragged the trickle of logins and passwords on VKontakte. How it is done now is not important. It is important that they put the whole thing on the Internet. Personally, Pavel Durov without thinking twice (apparently) dropped the passwords of hacked users on the whole list. And now the question is - how many percent of users on the list have a password for the mail (which is the login) coincided with the password on VKontakte? How many of them had a gmail box? How many of them have ever deleted letters from it? How many services allow you to recover a password with access to the mailbox?
Everything, the whole electronic life of a person is in your hands. Pulled the thread.
How many of you in the form of password recovery somewhere raised the question "pet name"? Do you think of your contacts and blogs, I will not find the answer to this question? Real story.
Once in the popular private bookmarking service under the password password, I found a root sftp login for the main server of a large company. Inside was interesting.
Well and still, admit, you have only 1-2 passwords for all services? Are you sure of the reliability of each of them?
Need more examples? They are D O F I G A.
I have never mentioned the leaky software and a bunch of vulnerabilities anywhere. However, not everyone can take advantage of the holes, but completely any publicly available information.
Pray if you believe in God. If you are an active network resident, then it is already difficult to do something. All your pages are in the cache of search engines, aggregators and "time machines". Remember each service you use, find a reliable program for generating and storing passwords, make a unique password for each service. Delete unnecessary correspondence. Close public access to your Vkontakte.
And remember, if you are paranoid, it does not mean that no one is watching you.
PS each item is greatly reduced, otherwise it turned out too long and tedious.
PPS is well written here .
This should be talked about and reminded all the time, like on cigarette packs about the dangers of smoking. When registering on the same forums and social networks, you need to write in large red letters that everything you write here can be used against you.
The fact is that most of those who read this post are IT specialists, and they (we) are familiar with the whole kitchen from the inside, and hence the indignation - they say, why not, I don’t believe it, bullshit, garbage, babe me something nagugli. At the same time, we have 10 passwords of varying degrees of security, at least 3 soaps (registrations in govnoservisah, turnover and private mail that no more than 20 people know). For us, this is all in the order of things, taken for granted, and hence the indignation.
But this is for us, and what is it for a 17-year-old girl who suddenly decided to play pranks and in “private” correspondence with her boyfriend on some social network decides to post photos with her tits? Tomorrow, well, or the day after tomorrow, these boobs will be on the chips.
Tell me, do you consider yourself a weak link? Me neither. I will go look to the secretary Masha and her contact. Why do you need me with your geekiness and paranoia.
Okay. Ask yourself the question - what does the Internet already know about you? Most likely, the Internet already knows everything about you, and that, as they say, seen can not be unseen in the global network. Now the second question is how attackers can take advantage of this.
I will not invent super-hacker plots for stupid American action movies, where mega-terrorists erase completely electronic lives of people, replace identity in police databases, look for dandruff in hair from satellites, etc. I have no doubt that all this is possible now, but not all of us. And what is available to all?
')
Do you have a blog? Twitter? A page on VKontakte or Facebook? Are you an active forum user? Then we go to you…
I re-read my own text and I was scared. Seriously.
Immediately, as they say, in the forehead. Some time ago, online bloggers copied an article from each other, as one guy using only publicly available data sources eventually got toli access to his girlfriend’s credit card, toli bank account. To whom not laziness, throw the link.
The moral is that there is already so much public information about you on the Internet, which is enough to get access to your private data and private data of your friends.
What.
Popular in recent years, social networks perform an excellent task - they gather friends irl (in real life), unite people according to their interests, create a community. I like that I can see how and where my classmate lives, whom I have not seen for 10 years, I am pleased to communicate with people with the same interests as I have on some specialized community site. I also want people to learn about how I live here, what my car is, where I rested in the summer. I indicate the maximum amount of data about myself in my profile in the hope that a once-forgotten friend will find me and I will have a +1 virtual friend more.
I have Twitter, I write there from time to time some thoughts, my mood and observations of the world around me.
I also have a few blogs. A blog is like a diary originally intended. You know, before such notebooks were in which they wrote “today Vasya and I sculpted a snowman” and then “I hate our Russian language teacher,” so now we have blogs that seem to play the same role, but are accessible to everyone . And the people want to have more readers and that they also answered, they say, "yes, teacher, stupid!".
People write on the forums. The same lytdybr or questions / answers on some pressing topics.
People keep private correspondence on gmail.com forever.
To whom.
The attacker now collect enough information about you is not difficult. It’s enough to google a little and he will know everything about you: where and when you were born, complete data on your parents, names of all your pets, any schedules, where and when you rested, how your mood changed over the last year, what music you listen to who you are friends with and what you eat. And this is only from PUBLIC sources. He did not even have to invent something, let alone break the law.
Probably you just now no one needs.
What for.
You may not be the target of the attacker, but remember that I wrote at the very beginning about the weak link. Through you, you can safely get into the company where you work or to people with whom you are friends.
I’m sure that by tugging on one publicly accessible string, it will pull out a roll of information that you would prefer to hide.
How.
People have circles of trust. I trust a completely small part of my friends and relatives. I trust many friends. I do not trust few familiar people. And all the more unfamiliar.
But if a person knows everything about me, it is STRONGLY easier for him to enter my circle of trust and get the necessary information. It is enough only in a casual conversation to show that our interests coincided coincidentally (of course, I wrote all interests on VKontakte), and then somehow translate questions into the direction he needed, and I will not notice.
Damn it, he can pretend to be my friend Vasya, who enters the first circle. Nirazu from friends on ICQ did not come questions to borrow money? Well, spam vkontakte from friends?
O rly?
Picture, so it was more fun.
And now more real-life examples. Enough of abstract horror stories.
All of you are aware that not so long ago they dragged the trickle of logins and passwords on VKontakte. How it is done now is not important. It is important that they put the whole thing on the Internet. Personally, Pavel Durov without thinking twice (apparently) dropped the passwords of hacked users on the whole list. And now the question is - how many percent of users on the list have a password for the mail (which is the login) coincided with the password on VKontakte? How many of them had a gmail box? How many of them have ever deleted letters from it? How many services allow you to recover a password with access to the mailbox?
Everything, the whole electronic life of a person is in your hands. Pulled the thread.
How many of you in the form of password recovery somewhere raised the question "pet name"? Do you think of your contacts and blogs, I will not find the answer to this question? Real story.
Once in the popular private bookmarking service under the password password, I found a root sftp login for the main server of a large company. Inside was interesting.
Well and still, admit, you have only 1-2 passwords for all services? Are you sure of the reliability of each of them?
Need more examples? They are D O F I G A.
I have never mentioned the leaky software and a bunch of vulnerabilities anywhere. However, not everyone can take advantage of the holes, but completely any publicly available information.
What to do.
Pray if you believe in God. If you are an active network resident, then it is already difficult to do something. All your pages are in the cache of search engines, aggregators and "time machines". Remember each service you use, find a reliable program for generating and storing passwords, make a unique password for each service. Delete unnecessary correspondence. Close public access to your Vkontakte.
And remember, if you are paranoid, it does not mean that no one is watching you.
PS each item is greatly reduced, otherwise it turned out too long and tedious.
PPS is well written here .
This should be talked about and reminded all the time, like on cigarette packs about the dangers of smoking. When registering on the same forums and social networks, you need to write in large red letters that everything you write here can be used against you.
The fact is that most of those who read this post are IT specialists, and they (we) are familiar with the whole kitchen from the inside, and hence the indignation - they say, why not, I don’t believe it, bullshit, garbage, babe me something nagugli. At the same time, we have 10 passwords of varying degrees of security, at least 3 soaps (registrations in govnoservisah, turnover and private mail that no more than 20 people know). For us, this is all in the order of things, taken for granted, and hence the indignation.
But this is for us, and what is it for a 17-year-old girl who suddenly decided to play pranks and in “private” correspondence with her boyfriend on some social network decides to post photos with her tits? Tomorrow, well, or the day after tomorrow, these boobs will be on the chips.
Tell me, do you consider yourself a weak link? Me neither. I will go look to the secretary Masha and her contact. Why do you need me with your geekiness and paranoia.
Source: https://habr.com/ru/post/75316/
All Articles