- John Gonder
Have a Cyber Safe and Aware Holiday
Greetings - This time of year is sweet for hackers; IT folk are off, you’re on break and perfect targets for malware infestation and ID theft. Even better, many email systems don’t filter bad emails very well. They can pass through or retain many bad emails in quarantine, especially on weekends or breaks, and if one looks good and fools you into even just looking at it, you’re up the creek. These links are a small demonstration of a simple script in a web page, like the links in the emails you get in your inbox and quarantine. There’s no danger here - I promise - but you should think about what’s possible when you try them: 1 This link is one we use in my Network Analysis class. It’s a real Fry’s error page saved from 2009 that, after 10 seconds, with no input from you, will still load today’s main Fry’s page. http://tinyurl.com/FrysErrorPage Note on today’s page you’re getting various pictures loaded automatically - each picture can have it’s own hidden evil script. 2 This is a version of that script that, after 10 seconds, will take you to a youtube video about driveby malware. Driveby malware for Androids is a really hot growth industry, since they’re so insecure and folks bank with them. http://tinyurl.com/SpecialScriptPage The video will start automatically - no input needed. It could just as easily have done invisible malware installation, as shown you the video. This should scare the heck out of you. Takeaways should include: - Any email you get, or even just view without opening or clicking on things can be dangerous. - No email from a known bad source should be there for you. - Even an innocent looking page, attachment, or picture can be doing evil in the background. If you want to see the whole student exercise, it’s in a PDF I can send you in email. Of course, an innocent PDF can have a script too - but I’m one of the good-guys, right? You can trust me. ;> Guided tour of my evil email collection by arrangement. Have a safe and aware holiday - Don’t click on anything I wouldn’t - Yes, I am paranoid - but, yes, the Russian mob, their Romanian coders, and others, actually /are/ out to get /all/ of us. Best regards, John Gonder
