What is smishing?

Posted on by admin

Smishing is a type of cyber attack where an attacker uses text messages, also known as SMS (Short Message Service), to trick a victim into giving away sensitive information such as credit card numbers, passwords, or other personal data.

In a smishing attack, the attacker usually poses as a representative from a legitimate organization, such as a bank or government agency, and uses social engineering techniques to gain the victim’s trust. They may claim that there is a problem with the victim’s account or that there has been suspicious activity, and ask for sensitive information to resolve the issue.

Smishing attacks can be especially effective because text messages are often perceived as more trustworthy than emails and can create a sense of urgency or fear in the victim. They may also use links or attachments in the text message to download malware onto the victim’s device.

To protect yourself from smishing attacks, it’s important to be cautious when receiving unsolicited text messages and never give out sensitive information through a text message unless you are sure of the sender’s identity. You can also verify the legitimacy of the message by contacting the organization directly through a trusted channel, such as the phone number listed on their official website. Additionally, enabling anti-phishing and anti-malware features on your phone can help to prevent smishing attacks.

What is vishing?

Posted on by admin

Vishing, also known as voice phishing, is a type of cyber attack where an attacker uses a phone call to trick a victim into giving away sensitive information such as credit card numbers, passwords, or other personal data.

In a vishing attack, the attacker usually poses as a representative from a legitimate organization, such as a bank or government agency, and uses social engineering techniques to gain the victim’s trust. They may claim that there is a problem with the victim’s account or that there has been suspicious activity, and ask for sensitive information to resolve the issue.

Vishing attacks can be especially effective because the attacker can use voice manipulation techniques to sound convincing and create a sense of urgency or fear in the victim. They may also use spoofing to make it appear as if the call is coming from a legitimate source.

To protect yourself from vishing attacks, it’s important to be cautious when receiving unsolicited phone calls and never give out sensitive information over the phone unless you are sure of the caller’s identity. You can also verify the legitimacy of the call by contacting the organization directly through a trusted channel, such as the phone number listed on their official website. Additionally, enabling call-blocking and anti-spoofing features on your phone can help to prevent vishing attacks.

What is phishing?

Posted on by admin

Phishing is a type of cyber attack in which an attacker tries to trick a victim into giving away sensitive information such as usernames, passwords, credit card numbers, or other personal data. Phishing attacks typically occur through fraudulent emails, text messages, or websites that appear to be legitimate but are actually designed to deceive the victim.

The attackers often use social engineering techniques to make the message or website seem convincing, such as creating a sense of urgency or fear, or impersonating a trusted entity like a bank, a government agency, or a popular online service. They may also use fake links or attachments to download malware onto the victim’s device.

Once the victim is tricked into providing their sensitive information, the attackers can use it for identity theft, financial fraud, or other malicious purposes.

To protect yourself from phishing attacks, it’s important to be vigilant and skeptical of unsolicited messages or websites that ask for your personal information. Always verify the legitimacy of the message or website by checking the sender’s email address, the website URL, or contacting the organization directly through a trusted channel. Additionally, enabling two-factor authentication and using anti-phishing software can add an extra layer of protection to your online accounts.

Why is password re-use a bad thing?

Posted on by admin

Using the same password across multiple accounts is generally not a good idea for the following reasons:

Security Breaches: If one account gets hacked, the hacker will be able to access all other accounts using the same password.

Lack of Complexity: It is difficult to create a complex password that is unique for each account. Using the same password may mean using a less complex password that is easier for hackers to guess or crack.

Phishing Attacks: Phishing attacks can trick users into revealing their login credentials. If the same password is used across multiple accounts, the hacker can use the stolen credentials to access all the other accounts.

Personal Information: If a password is compromised, a hacker could use personal information from one account to guess the passwords for other accounts.

Compromised Devices: If a device is lost or stolen, a hacker may be able to access all accounts that use the same password.

Overall, using the same password is risky and could lead to a significant compromise of your online security. It’s always recommended to use unique, complex passwords for each account and enable two-factor authentication whenever possible.

New content going up

Posted on by admin

I am getting more pages added so that there is more to wander around and view.

If you hover the menu items at the top of the page, you may find subtopics. If you have topics that you want to see, speak up and I can prioritize it.

The current focus is going to be OSINT tools. These will take some time, but I will try to add other items as I go. If you know me, you know that I can dive pretty hard into the rabbit holes. Sometimes… I explore the whole warren.

Password Security

Posted on by admin

As I pondered how to best discuss password security, I wondered if I could find a nice history of when passwords came into use and how badly they have been handled over time. Little did I know, we have been quite bad with them since their inception. The resource I found for the subject did such a wonderful job that I am opting instead to wrap his original work into this post. Major credit and props to Troy Hunt for his wonderfully crafted article, https://stealthbits.com/blog/a-history-of-passwords/. I do hope that you will give it a full read and perhaps click on an ad while you are there to show appreciation of his work. I have also been a fan of another piece of his work; https://haveibeenpwned.com/ which is a site that I have used many times. This is a site that will tell you if your email address has been discovered in one of the many multitudes of email/pswd caches out there. If you find your email address is listed there, just reset your password and move on. There is no cause for alarm unless you have that email address tied to something like… your back account. Now if you are one who abuses password by reusing the same one all over, then you may have an issue. If that is the case, then it is time that you start changing up those passwords so that one compromise doesn’t hand over the keys to your email kingdom. Oh I can hear you know… but I don’t have anything worthwhile in my email box, nothing that anyone would find interesting. Sound familiar. think of all of the places that you give your email address to in order to log in or perhaps to verify your existence. How many accounts do you think a black hat hacker could gain control of just by being able to lo into a web mail utility somewhere posing as you with your oh so clever password (yeah Password1)?

Really read Troy’s article, drink it in as it will help you understand why passwords are a bigger deal than you may think. If you want to discuss the topic more, please, drop a comment below. If you liked this article, please come back for more and feel free to mash an ad on your way in or out to help the cause.

Do you like to write on technical subjects?

Posted on by Griz

If you have a cybersecurity paper that you would like to publish here, please let me know. I would be happy to look it over and post it here as either a post, or a page. You would of course get full credit for the work under any name of your choosing. Keeping in mind that some prefer to be anonymous I am happy to accommodate.

OSINT and leveraging the internet to your favor

Posted on by Griz

More than likely even if you do not know the term OSINT, you have used it. If you have dated modern women, it has likely been used against you.

OSINT is open source intelligence. Have you ever “Googled” someone or yourself? Then you have used OSINT. Open source intelligence is using any publicly available information to gather information about a person or organization.

The reason for your search will determine what tools are best for you. Sometimes it is any number of search engines like Google, Dogpile, Bing, Duckduckgo, etc.

When my daughter started dating, she cautioned at least some of the guys that they would be background checked. Now some parents may pay for these name check sites, but my wife and I have learned to use OSINT and do the digging for free. I was able to find stuff that one of the guys did not even know existed (or wouldn’t fess too as he was a crap fest). Once you have gathered your notes form the basic web searches, you can start in with the local civil and criminal courts. I am in Washington State where we have some good searchable resources open to us. Check your area to see what you have access to. Use your own name to see what can be found (without being in law enforcement). You can piece together a fair idea of their character. Are they a felon? perhaps a sex offender, or just a ton of civil cases for not paying bills etc. You could find bankruptcies, evictions, or simple disputes. Some of these results will require a trip to the court house to get more details that are all in the public record. Leaving home may not be technically OSINT as you may have to pay for access to the data.

As you start your adventure into OSINT, I hope that you bookmark the best sites that you find. As you practice, you will go back to those favorite sites and become better with your search patterns. Before you know it, you will be a world class information excavator. (see also, the skills of a suspicious wife/girlfriend)

Can you help with my inspiration?

Posted on by Griz

With all of the hustle and bustle of my day job, it is very easy to get to the end of the day and not think about adding to the content of this site.

Of course I feel guilty about it since I know that there is so much that I could (or should) be sharing with you.

Part of the dilemma, is what to bring to your plate. The world of cybersecurity has an immense spectrum. You will find areas that you enjoy most and they may end up as your specialty.

Here is what I am asking, are there tools that you want to learn about?

Are there attack types that interest you? Perhaps a tool that has caught your attention and you would like to see it discussed.

Do you have content that you have written that you feel would be a good fit for what we are doing here?

Please speak up in the comments and I will do my best to make it happen.

Do you over share?

Posted on by Griz

A friend and colleague posted a picture this morning and I had to steal it. It has too much educational value to not share it. (You know who you are, thank you)
One of my driving hobbies is personality reading of people by their bumper stickers. I had not contemplated the potential black hat value of it. Just like any other form of social media, we share too much. There needs to be a cool name for this bumper/back glass social media… is there one yet?

https://www.wsls.com/news/local/2020/09/03/how-the-bedford-police-department-says-you-could-be-oversharing-through-bumper-stickers/https://www.wsls.com/news/local/2020/09/03/how-the-bedford-police-department-says-you-could-be-oversharing-through-bumper-stickers/