est.social

1 postitusega1 osalejaga0 postitust täna

Erik van StratenVirussen en phishing(Een late reactie op een discussie tussen <a href="https://mastodon.nl/@EllyvA" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@EllyvA</a> en <a href="https://mastodon.nl/@ximaar" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@ximaar</a> eindigend met <a href="https://mastodon.nl/@EllyvA/114064535418745561" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://mastodon.nl/@EllyvA/114064535418745561</a>).Computervirussen, in de zin van malware (malicious software) die zichzelf verspreidt, zie ik nauwelijks nog - omdat mensen geen floppies meer gebruiken om gegevens uit te wisselen.Cybercriminelen gebruiken nu vooral social engineering om mensen te bestelen, of om aan vertrouwelijke gegevens te komen waarmee zij vervolgens mensen overtuigen dat zij een betrouwbare partij zijn.Als zij malware maken bestaat de kwaadaardige component uit een programma (of script in het een of andere document) dat zij bij elke verspreiding wijzigen, en eerst testen op alle gangbare virusscanners (waardoor de meeste scanners aanvankelijk kansloos zijn).In een steeds groter deel van de gevallen maakt malware misbruik van standaard onder Windows geïnstalleerde software ("lolbins" - Living Of the Land binaries) of installeert een legitieme driver waarmee verhoogde rechten (administrator privileges) worden verkregen.Ook zeer populair zijn RAT's, Remote Access Tools zoals Teamviewer en Anydesk (steeds vaker misbruikt ook op Android en iPhones). Mensen wordt vaak voorgelogen dat zij een virusscanner zouden moeten installeren - en dat is dus zo'n RAT, zie <a href="https://infosec.exchange/@ErikvanStraten/113987804370380156" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113987804370380156</a>.En inderdaad is phishing een gigantisch probleem - waar virusscanners nauwelijks of niet tegen helpen, omdat criminelen steeds nieuwe domeinnamen gebruiken (vb: <a href="https://security.nl/posting/879531" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://security.nl/posting/879531</a>) voor hun websites, en vaak captcha's inzetten waar virusscanners niet "doorheen komen".Het komt ook voor dat automatisch door browsers verzonden gegevens, en/of IP-adressen, en/of tijdstip van de dag vaak aan specifieke criteria moeten voldoen wil de kwaadaardige versie van een website worden getoond (zie screenshot, druk Alt voor meer info).Het beste dat je kunt doen, na het openen van een webpagina, is niet op de inhoud letten maar op de DOMEINNAAM (in de adresbalk van de browser). Voor veel te veel mensen is het echter (nagenoeg) onmogelijk om vast te stellen dat een gegeven domeinnaam *niet* van de gesuggereerde organisatie is - en hier bestaat helaas geen SIMPEL en betrouwbaar recept voor.<a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/Virusscanners" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Virusscanners</a> <a href="https://infosec.exchange/tags/SocialEngineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SocialEngineering</a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BigTechIsEvil</a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GoogleIsEvil</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudflareIsEvil</a>

Erik van Straten<a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@aral</a> :I don't want to pay a cent. Neither donate, nor via taxes.<a href="https://infosec.exchange/@ErikvanStraten/114227977082449887" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/114227977082449887</a><a href="https://mstdn.social/@TheDutchChief" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@TheDutchChief</a> <a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@EUCommission</a> <a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@letsencrypt</a> <a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@nlnet</a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authentication</a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Impersonation</a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Spoofing</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GoogleIsEvil</a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BigTechIsEvil</a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Certificates</a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#httpsVShttp</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FakeWebsites</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudflareIsEvil</a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bond</a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dotBond</a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Spam</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Banks</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudflareIsEvil</a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FakeWebsites</a>

Erik van Straten<a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@aral</a> : most Let's Encrypt (and other Domain Validated) certificates are issued to junk- or plain criminal websites.They're the ultimate manifestation of evil big tech.They were introduced to encrypt the "last mile" because Internet Service Providers were replacing ads in webpages and, in the other direction, inserting fake clicks.DV has destroyed the internet. People loose their ebank savings and companies get ransomwared; phishing is dead simple. EDIW/EUDIW will become an identity fraud disaster (because of AitM phishing atracks).Even the name "Let's Encrypt" is wrong for a CSP: nobody needs a certificate to encrypt a connection. The primary purpose of a certificate is AUTHENTICATION (of the owner of the private key, in this case the website).However, for human beings, just a domain name simply does not provide reliable identification information. It renders impersonation a peace of cake.Decent online authentication is HARD. Get used to it instead of denying it.REASONS/EXAMPLES🔹 Troy Hunt fell in the DV trap: <a href="https://infosec.exchange/@ErikvanStraten/114222237036021070" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/114222237036021070</a>🔹 Google (and Troy Hunt!) killed non-DV certs (for profit) because of the stripe.com PoC. Now Chrome does not give you any more info than what Google argumented: <a href="https://infosec.exchange/@ErikvanStraten/114224682101772569" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/114224682101772569</a>🔹 https:⧸⧸cancel-google.com/captcha was live yesterday: <a href="https://infosec.exchange/@ErikvanStraten/114224264440704546" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/114224264440704546</a>🔹 Stop phishing proposal: <a href="https://infosec.exchange/@ErikvanStraten/113079966331873386" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113079966331873386</a>🔹 Lots of reasons why LE sucks: <a href="https://infosec.exchange/@ErikvanStraten/112914047006977222" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/112914047006977222</a> (corrected link 09:20 UTC)🔹 This website stopped registering junk .bond domain names, probably because there were too many every day (the last page I found): <a href="https://newly-registered-domains.abtdomain.com/2024-08-15-bond-newly-registered-domains-part-1/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://newly-registered-domains.abtdomain.com/2024-08-15-bond-newly-registered-domains-part-1/</a>. However, this gang is still active, open the RELATIONS tab in <a href="https://www.virustotal.com/gui/ip-address/13.248.197.209/relations" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.virustotal.com/gui/ip-address/13.248.197.209/relations</a>. You have to multiply the number of LE certs by approx. 5 because they also register subdomains and don't use wildcard certs. Source: <a href="https://www.bleepingcomputer.com/news/security/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/</a><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@EUCommission</a> <a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@letsencrypt</a> <a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@nlnet</a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authentication</a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Impersonation</a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Spoofing</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GoogleIsEvil</a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BigTechIsEvil</a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Certificates</a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#httpsVShttp</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FakeWebsites</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudflareIsEvil</a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bond</a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dotBond</a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Spam</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Banks</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudflareIsEvil</a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FakeWebsites</a>

Erik van Straten<a href="https://infosec.exchange/@troyhunt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@troyhunt</a> : if we open a website that we've never visited before, we need browsers to show us all available details about that website, and warn us if such details are not available.We also need better (readable) certificates identifying the responsible / accountable party for a website.We have been lied to that anonymous DV certificates are a good idea *also* for websites we need to trust. It's a hoax.Important: certificates never directly warrant the trustworthyness of a website. They're about authenticity, which includes knowing who the owner is and in which country they are located. This helps ensuring that you can sue them (or not, if in e.g. Russia) which *indirectly* makes better identifiable websites more reliable.More info in <a href="https://infosec.exchange/@ErikvanStraten/113079966331873386" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113079966331873386</a> (see also <a href="https://crt.sh/?Identity=mailchimp-sso.com" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://crt.sh/?Identity=mailchimp-sso.com</a>).Note: most people do not understand certificates, like <a href="https://mastodon.social/@BjornW" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@BjornW</a> in <a href="https://mastodon.social/@BjornW/114064065891034415" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://mastodon.social/@BjornW/114064065891034415</a>: ❝ <a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@letsencrypt</a> offers certificates to encrypt the traffic between a website & your browser. ❞ 2x wrong.A TLS v1.3 connection is encrypted before the website sends their certificate, which is used only for *authentication* of the website (using a digital signature over unguessable secret TLS connection parameters). A cert binds the domain name to a public key, and the website proves possession of the associated private key.However, for people a domain name simply does not suffice for reliable identification. People need more info in the certificate and it should be shown to them when it changes.Will you please help me get this topic seriously on the public agenda?Edited 09:15 UTC to add: tap "Alt" in the images for details.<a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DVcerts</a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authentication</a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Impersonation</a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Spoofing</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GoogleIsEvil</a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BigTechIsEvil</a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Certificates</a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#httpsVShttp</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FakeWebsites</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudflareIsEvil</a>

Erik van Straten<a href="https://infosec.exchange/@0xF21D" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@0xF21D</a> : Cloudflare is evil anyway.Cloudflare reverse-proxies (or -proxied):- cloudflare.com.save-israel·org - ns.cloudflare.com.save-israel·org - albert.ns.cloudflare.com.save-israel·org - sydney.ns.cloudflare.com.save-israel·org -I don't know whether any of these domains were or are malicious, but such domain names are insane; expect evilness.See also: <a href="https://crt.sh/?Identity=save-israel.org" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://crt.sh/?Identity=save-israel.org</a>Tap "Alt" in the images for more info.<a href="https://infosec.exchange/@malanalysis" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@malanalysis</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudflareIsEvil</a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BigTechIsEvil</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/DVCerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DVCerts</a> <a href="https://infosec.exchange/tags/DVCertsSuck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DVCertsSuck</a> <a href="https://infosec.exchange/tags/BrowsersSuck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BrowsersSuck</a>

Viimatised otsingud

Otsimisvalikud

Administraator:

Serveri statistika:

#bigtechisevil