INTL 3:770/1 3:770/3   
   REPLYADDR 68g.1499@etr6.net   
   REPLYTO 3:770/3.0 UUCP   
   MSGID:  aa79b137   
   REPLY: <20240131074723.55a545dc153b6fec036ecc03@eircom.net> a409d1ef   
   PID: SoupGate-Win32 v1.05   
   On 1/31/24 2:47 AM, Ahem A Rivet's Shot wrote:   
   > On Tue, 30 Jan 2024 22:43:16 -0500   
   > "68g.1499" <68g.1499@etr6.net> wrote:   
   >   
   >>     I'll still say the greatest risk is not hackers, but   
   >>     USERS. They fall for all the tricks and install evilware   
   >>     themselves.   
   >   
   > 	This is standard wisdom in the security game. Simulated phishing   
   > attacks are common in the workplace now - fall for one and get sent on a   
   > course, report one and get congratulated. Pity about the giveaway header   
   > they all carry.   
      
      
      Every time someone sent me a note about smelly e-mail I'd   
      look through the html/js for telltale signs and often   
      investigate links (some were to legit entities like PayPal   
      but with a defective reference number - and then you were   
      supposed to use an alt address or even call (one call for   
      a supposedly local US company was actually a Turkish phone#).   
      
      Found a few with links to what WAS a legit company wanting   
      us to check into an invoice - but the company was a mining-   
      equipment rental company, in Australia.   
      
      Another good question is to ask "Does anyone remember EVER   
      doing business with these people ?". Often it was "No".   
      
      Sometimes the evil is hidden as attached Word dox or Excel   
      spreadsheets or links to same - with lots of interesting   
      macros. Best research is done with LibreOffice - and DON'T   
      enable any macros. Incompatibility has its uses.   
      
      Anyway, they can be VERY sneaky and the rank and file often   
      just click by reflex. A "security validation" page wanting   
      to know a bunch of usernames/passwords/ss# and such, well,   
      that seems legit/safe, doesn't it ?  :-)   
      
      My practice was to write a couple paragraph exposition   
      of exactly WHY a mail was evil and send it to all those   
      who routinely "did business" in the office. Kept the   
      tech level low, but just enough. These kinda paid off   
      in 'sensitizing' them to what's smelly. Is the mail   
      from some odd entity ? Is it very unclear about WHAT   
      we're supposed to have purchased/paid ? Odd spelling   
      or grammar errors ? No such employee ? Long links to   
      Who-Knows-What ? They DID get better at it.   
      
      Thing is, M$ or any other entity you're paying   
      CANNOT spot all these 'human factors' tricks.   
      They might spot 'common' ones with kinda fixed   
      source addresses, but that's about it. Not really   
      a shield, more a sieve.   
      
      Oh, found this today :   
      
   https://www.dailymail.co.uk/sciencetech/article-13029089/Notorio   
   s-Russia-gang-claims-stole-classified-secret-documents-intellige   
   ce-agencies-FBI-warns-China-hackers-preparing-wreak-havoc-America.html   
      
      These people work their way into the tippy-top systems, and   
      often by exploiting "human factors". The SolarWinds hack was   
      also brilliant - and took awhile to notice - because it took   
      a sort of indirect path, via a 'trusted vendor' for lower-   
      level sys-management stuff, rather than a frontal attack.   
      
      It's a problem.   
      
      It's getting worse, fast.   
      
      And there's just no decent replacement for e-mail for biz   
      purposes. We demand receipts, tracking info, mails in   
      case of problems, mails for bills. Doesn't matter if   
      the mail agent is on yer PC or something online, the   
      evil can still getcha. Back to snail-mail ? Ain't gonna   
      happen now.   
      
      Linux/Unix can be configured to be fairly resistant to   
      "traditional hacking" - but every user is a serious   
      vulnerability, by multiple approaches.   
      
      Hmmm ... sounds like those abovementioned "top secret   
      documents" weren't even encrypted - the group KNEW what   
      it had to bargain with. Oh, it WILL pass the stuff along   
      to Vlad whether you pay 'em or not - patriotic duty !   
      
   --- SoupGate-Win32 v1.05   
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)   
   SEEN-BY: 10/0 1 15/0 90/1 103/705 105/81 106/201 128/260 129/305 135/225   
   SEEN-BY: 153/757 7715 218/0 1 601 700 840 870 930 220/70 221/1 6 226/17   
   SEEN-BY: 226/30 100 227/114 229/110 112 113 200 206 307 317 400 426   
   SEEN-BY: 229/428 470 550 616 664 700 240/1120 266/512 267/800 282/1038   
   SEEN-BY: 291/111 292/854 301/1 113 812 310/31 320/219 322/757 335/364   
   SEEN-BY: 341/66 342/200 396/45 460/58 633/280 712/848 770/1 3 100   
   SEEN-BY: 770/330 340 772/210 220 230 5020/400 1042 5058/104 5075/35   
   PATH: 770/3 1 218/840 221/6 301/1 218/700 229/426