127.0.0.1
Flashlight Enthusiast
the #1 greatest threat to individual and corporate network security are threats
that originate from Facebook activity. Please be ultra cautious with anything and everything
you do, or click in or on, with any Facebook account, app, or shared link.
same goes for any other social network site: twitter or other
I work for a 'pretty big deal' company that helps other 'insert big deal here' organizations deal
with security, and the latest gigantic attacks (massive credit card loss, massive data breach,
defense contractor vulnerabilities)....all have had some roots in phishing that originated from something
spawned on Facebook. (my CEO reports directly to Congress for updates on these type of attacks, so
we at this company know quite a bit about what I am saying here about facebook being a wasteland of risk.)
facebook is hugely popular and it that is the reason it is the #1 vector for attacks. every jamoke
wants to haul in Facebook clicks 'like this' and 'like that' and 'check this out on facebook'....N-A-S-T-Y
stuff if you just use Facebook and other websites and assume it is safe. Always assume everything is unsafe
until proven otherwise.
And also let it be known that. At any given microsecond there are well over 40,000 paid government
employees of (insert bad guy government here) who work 24x7 grabbing every last bit of seemingly unimportant
data about users and will work for YEARS on gaining any type of small foothold. These are not driveby attacks,
this is cool, calm, calculated efforts at gathering and collecting data. So if you work for a big company and
think you might have assets worth stealing (you work for government, defense, banking...etc)
do NOT mix your 'work internet life' with your 'facebook internet life' unless you exercise extreme caution and
diligence. and still, just don't do it. this also applies to anything else on the 'net, but good god you should see
the crap that corporations are dealing with due to employees getting phished and then BAM, someone has
hooks into the company network....
a) someone finds out that a person works at bank XYZ
b) badguys start mining the whole world for info on this person
c) badguys find out this person is someone of significance at bank XYZ
d) badguys step up and start to attempt phishing everything, phone, snail mail,
recruitment offers, you name it. anything to collect more data, info, what their kid
or cats name is...new running shoes offer, what car do they drive, have an oil change coupon,
whatever it might take....and will spend 1, 2 , 3 years doing it to get any nugget of added info
e) like a giant spiderweb, the database grows about bank XYZ and it's employees of significance
f) multiply a-e by 40,000+...cracks will be found, these badguy mooks are PAID to do it.
quite nasty stuff and staying on top of these problems gives a certain collection
of mathematicians and statisticians at MIT, and spooks at the CIA, nightmares...
the only good thing about it, is it keeps me employed, and this security business isn't shrinking whatsoever
that originate from Facebook activity. Please be ultra cautious with anything and everything
you do, or click in or on, with any Facebook account, app, or shared link.
same goes for any other social network site: twitter or other
I work for a 'pretty big deal' company that helps other 'insert big deal here' organizations deal
with security, and the latest gigantic attacks (massive credit card loss, massive data breach,
defense contractor vulnerabilities)....all have had some roots in phishing that originated from something
spawned on Facebook. (my CEO reports directly to Congress for updates on these type of attacks, so
we at this company know quite a bit about what I am saying here about facebook being a wasteland of risk.)
facebook is hugely popular and it that is the reason it is the #1 vector for attacks. every jamoke
wants to haul in Facebook clicks 'like this' and 'like that' and 'check this out on facebook'....N-A-S-T-Y
stuff if you just use Facebook and other websites and assume it is safe. Always assume everything is unsafe
until proven otherwise.
And also let it be known that. At any given microsecond there are well over 40,000 paid government
employees of (insert bad guy government here) who work 24x7 grabbing every last bit of seemingly unimportant
data about users and will work for YEARS on gaining any type of small foothold. These are not driveby attacks,
this is cool, calm, calculated efforts at gathering and collecting data. So if you work for a big company and
think you might have assets worth stealing (you work for government, defense, banking...etc)
do NOT mix your 'work internet life' with your 'facebook internet life' unless you exercise extreme caution and
diligence. and still, just don't do it. this also applies to anything else on the 'net, but good god you should see
the crap that corporations are dealing with due to employees getting phished and then BAM, someone has
hooks into the company network....
a) someone finds out that a person works at bank XYZ
b) badguys start mining the whole world for info on this person
c) badguys find out this person is someone of significance at bank XYZ
d) badguys step up and start to attempt phishing everything, phone, snail mail,
recruitment offers, you name it. anything to collect more data, info, what their kid
or cats name is...new running shoes offer, what car do they drive, have an oil change coupon,
whatever it might take....and will spend 1, 2 , 3 years doing it to get any nugget of added info
e) like a giant spiderweb, the database grows about bank XYZ and it's employees of significance
f) multiply a-e by 40,000+...cracks will be found, these badguy mooks are PAID to do it.
quite nasty stuff and staying on top of these problems gives a certain collection
of mathematicians and statisticians at MIT, and spooks at the CIA, nightmares...
the only good thing about it, is it keeps me employed, and this security business isn't shrinking whatsoever
Last edited: