# 1970s again

### Help Support The Rocketry Forum:

##### Lonewolf.... No Club
An Astatic D-104 microphone! Those are still popular with some ham radio and CB operators!
I still have it. It makes a distinctive "thunk" noise when you key the microphone... retro cool.

Last edited:

#### Reinhard

##### Well-Known Member
TRF Supporter
No dumber? Challenge accepted!

As Albert Einstein once famously said: "Don't believe everything you see on the internet".

There is not much overlap between the folks who haven't figured out that baskets wont hold liquid and those that know how to operate a gas pump.

The lady with the plastic tote is maybe, and sadly, for real. The folks with laundry baskets and cardboard boxes are just having fun on social media.

Reinhard

#### Doug Holverson

##### Well-Known Member
I loved the 70's... Good times.
Well, you had cheesy AM TOP 40 if you didn't know better, the Bicentennial, Estes at its bestest, Centuri, and Grandpa Skow with the world's best little Allis-Chalmers and New Holland dealership.....

Otherwise...

Wanna see my drawin of a cyclop gurl?

#### les

##### Well-Known Member
TRF Supporter
That's relatively easy. We had system controls in place that could detect an external mass storage device connected to a USB (or any other port) and would block transfers to and from them. We had the system option, though we did not use it, to tattle on you if you even tried. DLP software in enterprise environments is quite common.
You do like Lowes and some other companies have done: You block USB drives in the OS. That doesn't stope someone from inserting a USB Killer, but it will stop malware from reaching the network.
You can block USB, but so long as the system somewhere connects to the web, it is still susceptible to someone clicking on a phishing email which can install malicious software

Various areas (classified or main plant control) can be kept isolated but most businesses need to connect to the rest of the world - either to drive sales or find information. I'm an engineer and I am constantly searching for a part or product to use in a new design, or getting manuals for existing items....

#### Art Upton

##### Well-Known Member
Well, you had cheesy AM TOP 40 if you didn't know better, the Bicentennial, Estes at its bestest, Centuri, and Grandpa Skow with the world's best little Allis-Chalmers and New Holland dealership.....

Otherwise...

Wanna see my drawin of a cyclop gurl?

View attachment 464512
Pinto, my Mom had one and I learned to Drive Stick shift in it at 15

#### dhbarr

##### Amateur Professional
That sounds easy. How do you stop someone from bringing a USB stick or drive to the office? Make a policy? That works for people that follow policies to the letter.

If someone hasn't separated their business network from the control network by now they need a new IT department.

I will add that this incident increased my awareness and I will no longer check personal email at work. We all have the freedom to do that but this incident changes the way I see MY responsibility.
Order workstations without exposed USB. Whitelist only HID, allow only a single bridge. I'm sure there's a bunch of other stuff you can do, these just popped into my head. Oh, and fire people who repeatedly violate datasec policies.

#### John Kemker

##### Well-Known Member
TRF Supporter
You can block USB, but so long as the system somewhere connects to the web, it is still susceptible to someone clicking on a phishing email which can install malicious software

Various areas (classified or main plant control) can be kept isolated but most businesses need to connect to the rest of the world - either to drive sales or find information. I'm an engineer and I am constantly searching for a part or product to use in a new design, or getting manuals for existing items....
True. My point was that you can block USB. Email phishing is a social engineering hack and requires social engineering protection: Create a culture of "don't click on anything you're not sure of." Easier said than done.

#### dr wogz

##### Fly caster
I'm an engineer and I am constantly searching for a part or product to use in a new design, or getting manuals for existing items....
Me too, and therein lies another issue: Some manuf. sites require you to create an account to get the info; a datasheet, catalogs, or a quote.. So, now you've given your 'work' credentials to another party, who may or may not have adequate security.. (and then soon an endless stream of 'marketing' from them..)

#### dr wogz

##### Fly caster
True. My point was that you can block USB. Email phishing is a social engineering hack and requires social engineering protection: Create a culture of "don't click on anything you're not sure of." Easier said than done.
And as I pointed out earlier, the need to 'educate' the work populace. And, some of these 'fake e-mails' are pretty snazzy & look really legit..

#### Michael L

##### Random Pixel Generator
TRF Supporter
An Astatic D-104 microphone! Those are still popular with some ham radio and CB operators!
I have one of those new in the box. I was going to use it on my Collins S-line rig but haven't had the time to set any of it up

#### dr wogz

##### Fly caster
As mentioned, I get a weekly 'be web safe' reminder from KnowBe4, So yo know what kind of weekly e-mail I get. This also kinda shows how sophisticated these things can be..

this weeks "Scam of the week":

Scam of the Week: Credential Scam With a Clever Twist

If you try logging in to an account, but get a “wrong password” error what do you do? You’ll probably try typing the same password again. But if that doesn’t work do you try another one of your passwords? Then another, and another? Cybercriminals have a clever new scam that takes advantage of this exact behavior.

Don’t be fooled! Remember these tips:
• Remember that any site, brand, or service can be spoofed.
• Never click a link in an email that you were not expecting. If you’re not sure, reach out to the sender by phone to confirm the legitimacy of the email.
• Always use a password that is unique to that specific account. This way, if your credentials are stolen, the cybercriminals can’t access your accounts on other websites.

Stop, Look, and Think. Don't be fooled.
The KnowBe4 Security Team
KnowBe4.com

#### H_Rocket

##### Death by Powerpoint
You can block USB, but so long as the system somewhere connects to the web, it is still susceptible to someone clicking on a phishing email which can install malicious software
Our DLP would strip links and attachments off any incoming mail and store them in a file for further examination. Our Kiosk machines had epoxy squirted into the open USB ports and you needed a tamper resistant screwdriver to disconnect the ports for the keyboard and mouse. Yes, security made life very inconvenient. If you were authorized to have a USB drive, you had to use ones provided by IT (Iron Key or similar).

Various areas (classified or main plant control) can be kept isolated but most businesses need to connect to the rest of the world - either to drive sales or find information. I'm an engineer and I am constantly searching for a part or product to use in a new design, or getting manuals for existing items....
I had the same situation. We used dead drop accounts to control inbound attachments. It was a PITA , but I had to often call for information or have my VAR provide it.

You can't fix stupid users, but you can make them work for it.

#### Sandy H.

##### Well-Known Member
Growing up, my parents taught me to not trust any phone call you get from a stranger. When I was going off to college, dad sat me down and gave some logical life lessons. One was (paraphrased) "If you get a phone call from the power company or similar saying you need to pay this or that and they want any information, ask for the person's name, ID number and any other information related to their call (ticket number or similar). Then politely end the call, then go to the power company bill, look at the number printed on that and call that number and give them the information. If it is legit, you know you're talking to the real people." (Dad was in his 60's at that point, so he wouldn't use a word like legit. . . hence the paraphrase).

Anyway, I do the same thing with any email I receive that comes from a questionable source. Look at what they are claiming and then launch your own browser, navigate to the known address (i.e. adobe.com etc) and look for what the email is stating. If the email says 'call this number' and you still think it is legit, call the number on the real site, not whatever number they claim.

I don't get a huge amount of spam (amazingly) but one I got today was about a '$500 Walmart card I purchased, call this number if you didn't order it.' Those get completely ignored, obviously, and most others are easily debunked without other research. The one or two I get per month that seem mildly possible either pass or fail the "I'll call you back" test. I don't click on links, hence the reason I get little spam, I assume. Sandy. #### Mike Haberer ##### Well-Known Member TRF Supporter #### Peartree ##### Cyborg Rocketeer Staff member Administrator Global Mod Growing up, my parents taught me to not trust any phone call you get from a stranger. When I was going off to college, dad sat me down and gave some logical life lessons. One was (paraphrased) "If you get a phone call from the power company or similar saying you need to pay this or that and they want any information, ask for the person's name, ID number and any other information related to their call (ticket number or similar). Then politely end the call, then go to the power company bill, look at the number printed on that and call that number and give them the information. If it is legit, you know you're talking to the real people." (Dad was in his 60's at that point, so he wouldn't use a word like legit. . . hence the paraphrase). Anyway, I do the same thing with any email I receive that comes from a questionable source. Look at what they are claiming and then launch your own browser, navigate to the known address (i.e. adobe.com etc) and look for what the email is stating. If the email says 'call this number' and you still think it is legit, call the number on the real site, not whatever number they claim. I don't get a huge amount of spam (amazingly) but one I got today was about a '$500 Walmart card I purchased, call this number if you didn't order it.' Those get completely ignored, obviously, and most others are easily debunked without other research.

The one or two I get per month that seem mildly possible either pass or fail the "I'll call you back" test. I don't click on links, hence the reason I get little spam, I assume.

Sandy.
I got one of those recently from Google. I kept getting pop-ups on my phone (but not my laptop) that said Google Play needed my birthdate to comply with some law. I wouldn't click on the link. But whenever I opened the Google Play app, I couldn't find any such request. Today, after the umteenth time, I finally opened the personal part of my Google account instead of Google Play. There, they were asking for my birth date. I always go directly to Chase, Google, Firefox, State Farm, or whatever and NEVER click on a link. Most reputable places tell you flat out that they will never send such a request in an email anyway.

#### RocketT.Coyote

##### Well-Known Member
Beginning to sense some malaise.