1970s again

The Rocketry Forum

Help Support The Rocketry Forum:

Reinhard

Well-Known Member
TRF Supporter
Joined
Jan 18, 2009
Messages
1,159
Reaction score
371
Location
Austria
No dumber? Challenge accepted!

As Albert Einstein once famously said: "Don't believe everything you see on the internet".

There is not much overlap between the folks who haven't figured out that baskets wont hold liquid and those that know how to operate a gas pump.

The lady with the plastic tote is maybe, and sadly, for real. The folks with laundry baskets and cardboard boxes are just having fun on social media.

Reinhard
 

les

Well-Known Member
TRF Supporter
Joined
Jan 20, 2009
Messages
2,849
Reaction score
493
That's relatively easy. We had system controls in place that could detect an external mass storage device connected to a USB (or any other port) and would block transfers to and from them. We had the system option, though we did not use it, to tattle on you if you even tried. DLP software in enterprise environments is quite common.
You do like Lowes and some other companies have done: You block USB drives in the OS. That doesn't stope someone from inserting a USB Killer, but it will stop malware from reaching the network.
You can block USB, but so long as the system somewhere connects to the web, it is still susceptible to someone clicking on a phishing email which can install malicious software

Various areas (classified or main plant control) can be kept isolated but most businesses need to connect to the rest of the world - either to drive sales or find information. I'm an engineer and I am constantly searching for a part or product to use in a new design, or getting manuals for existing items....
 

Art Upton

Well-Known Member
Joined
Jan 23, 2009
Messages
1,998
Reaction score
84
Well, you had cheesy AM TOP 40 if you didn't know better, the Bicentennial, Estes at its bestest, Centuri, and Grandpa Skow with the world's best little Allis-Chalmers and New Holland dealership.....

Otherwise...

Wanna see my drawin of a cyclop gurl?

View attachment 464512
Pinto, my Mom had one and I learned to Drive Stick shift in it at 15
 

dhbarr

Amateur Professional
Joined
Jan 30, 2016
Messages
7,273
Reaction score
1,706
That sounds easy. How do you stop someone from bringing a USB stick or drive to the office? Make a policy? That works for people that follow policies to the letter.

If someone hasn't separated their business network from the control network by now they need a new IT department.

I will add that this incident increased my awareness and I will no longer check personal email at work. We all have the freedom to do that but this incident changes the way I see MY responsibility.
Order workstations without exposed USB. Whitelist only HID, allow only a single bridge. I'm sure there's a bunch of other stuff you can do, these just popped into my head. Oh, and fire people who repeatedly violate datasec policies.
 

John Kemker

Well-Known Member
TRF Supporter
Joined
Aug 25, 2019
Messages
1,887
Reaction score
821
You can block USB, but so long as the system somewhere connects to the web, it is still susceptible to someone clicking on a phishing email which can install malicious software

Various areas (classified or main plant control) can be kept isolated but most businesses need to connect to the rest of the world - either to drive sales or find information. I'm an engineer and I am constantly searching for a part or product to use in a new design, or getting manuals for existing items....
True. My point was that you can block USB. Email phishing is a social engineering hack and requires social engineering protection: Create a culture of "don't click on anything you're not sure of." Easier said than done.
 

dr wogz

Fly caster
Joined
Feb 5, 2009
Messages
6,581
Reaction score
1,736
Location
Land of Poutine!
I'm an engineer and I am constantly searching for a part or product to use in a new design, or getting manuals for existing items....
Me too, and therein lies another issue: Some manuf. sites require you to create an account to get the info; a datasheet, catalogs, or a quote.. So, now you've given your 'work' credentials to another party, who may or may not have adequate security.. (and then soon an endless stream of 'marketing' from them..)
 

dr wogz

Fly caster
Joined
Feb 5, 2009
Messages
6,581
Reaction score
1,736
Location
Land of Poutine!
True. My point was that you can block USB. Email phishing is a social engineering hack and requires social engineering protection: Create a culture of "don't click on anything you're not sure of." Easier said than done.
And as I pointed out earlier, the need to 'educate' the work populace. And, some of these 'fake e-mails' are pretty snazzy & look really legit..
 

Michael L

Random Pixel Generator
TRF Supporter
Joined
Sep 22, 2020
Messages
308
Reaction score
233
Location
Weimar, TX
An Astatic D-104 microphone! Those are still popular with some ham radio and CB operators!
I have one of those new in the box. I was going to use it on my Collins S-line rig but haven't had the time to set any of it up
 

dr wogz

Fly caster
Joined
Feb 5, 2009
Messages
6,581
Reaction score
1,736
Location
Land of Poutine!
As mentioned, I get a weekly 'be web safe' reminder from KnowBe4, So yo know what kind of weekly e-mail I get. This also kinda shows how sophisticated these things can be..

this weeks "Scam of the week":


Scam of the Week: Credential Scam With a Clever Twist

If you try logging in to an account, but get a “wrong password” error what do you do? You’ll probably try typing the same password again. But if that doesn’t work do you try another one of your passwords? Then another, and another? Cybercriminals have a clever new scam that takes advantage of this exact behavior.

You receive an email with a link to view an important document. If you click the link, the document looks blurred-out and is covered by a fake Adobe PDF login page. If you enter your email and password, you’ll get an error stating that your password is invalid. This page allows you to try a few more times before eventually blocking you from viewing the document. But the truth is, there was never a document to view. Instead, the cybercriminals saved your email address and every password you tried to use. They can use this information to try to log in as you on other websites.

Don’t be fooled! Remember these tips:
• Remember that any site, brand, or service can be spoofed.
• Never click a link in an email that you were not expecting. If you’re not sure, reach out to the sender by phone to confirm the legitimacy of the email.
• Always use a password that is unique to that specific account. This way, if your credentials are stolen, the cybercriminals can’t access your accounts on other websites.

Stop, Look, and Think. Don't be fooled.
The KnowBe4 Security Team
KnowBe4.com
 

H_Rocket

Death by Powerpoint
Joined
Jan 18, 2009
Messages
3,944
Reaction score
291
Location
North Central Texas
You can block USB, but so long as the system somewhere connects to the web, it is still susceptible to someone clicking on a phishing email which can install malicious software
Our DLP would strip links and attachments off any incoming mail and store them in a file for further examination. Our Kiosk machines had epoxy squirted into the open USB ports and you needed a tamper resistant screwdriver to disconnect the ports for the keyboard and mouse. Yes, security made life very inconvenient. If you were authorized to have a USB drive, you had to use ones provided by IT (Iron Key or similar).

Various areas (classified or main plant control) can be kept isolated but most businesses need to connect to the rest of the world - either to drive sales or find information. I'm an engineer and I am constantly searching for a part or product to use in a new design, or getting manuals for existing items....
I had the same situation. We used dead drop accounts to control inbound attachments. It was a PITA , but I had to often call for information or have my VAR provide it.

You can't fix stupid users, but you can make them work for it.
 

Sandy H.

Well-Known Member
Joined
Mar 20, 2009
Messages
708
Reaction score
156
Growing up, my parents taught me to not trust any phone call you get from a stranger. When I was going off to college, dad sat me down and gave some logical life lessons. One was (paraphrased) "If you get a phone call from the power company or similar saying you need to pay this or that and they want any information, ask for the person's name, ID number and any other information related to their call (ticket number or similar). Then politely end the call, then go to the power company bill, look at the number printed on that and call that number and give them the information. If it is legit, you know you're talking to the real people." (Dad was in his 60's at that point, so he wouldn't use a word like legit. . . hence the paraphrase).

Anyway, I do the same thing with any email I receive that comes from a questionable source. Look at what they are claiming and then launch your own browser, navigate to the known address (i.e. adobe.com etc) and look for what the email is stating. If the email says 'call this number' and you still think it is legit, call the number on the real site, not whatever number they claim.

I don't get a huge amount of spam (amazingly) but one I got today was about a '$500 Walmart card I purchased, call this number if you didn't order it.' Those get completely ignored, obviously, and most others are easily debunked without other research.

The one or two I get per month that seem mildly possible either pass or fail the "I'll call you back" test. I don't click on links, hence the reason I get little spam, I assume.

Sandy.
 

Peartree

Cyborg Rocketeer
Staff member
Administrator
Global Mod
Joined
Jan 6, 2009
Messages
5,513
Reaction score
976
Location
Alliance, Ohio
Growing up, my parents taught me to not trust any phone call you get from a stranger. When I was going off to college, dad sat me down and gave some logical life lessons. One was (paraphrased) "If you get a phone call from the power company or similar saying you need to pay this or that and they want any information, ask for the person's name, ID number and any other information related to their call (ticket number or similar). Then politely end the call, then go to the power company bill, look at the number printed on that and call that number and give them the information. If it is legit, you know you're talking to the real people." (Dad was in his 60's at that point, so he wouldn't use a word like legit. . . hence the paraphrase).

Anyway, I do the same thing with any email I receive that comes from a questionable source. Look at what they are claiming and then launch your own browser, navigate to the known address (i.e. adobe.com etc) and look for what the email is stating. If the email says 'call this number' and you still think it is legit, call the number on the real site, not whatever number they claim.

I don't get a huge amount of spam (amazingly) but one I got today was about a '$500 Walmart card I purchased, call this number if you didn't order it.' Those get completely ignored, obviously, and most others are easily debunked without other research.

The one or two I get per month that seem mildly possible either pass or fail the "I'll call you back" test. I don't click on links, hence the reason I get little spam, I assume.

Sandy.
I got one of those recently from Google. I kept getting pop-ups on my phone (but not my laptop) that said Google Play needed my birthdate to comply with some law. I wouldn't click on the link. But whenever I opened the Google Play app, I couldn't find any such request. Today, after the umteenth time, I finally opened the personal part of my Google account instead of Google Play. There, they were asking for my birth date. I always go directly to Chase, Google, Firefox, State Farm, or whatever and NEVER click on a link. Most reputable places tell you flat out that they will never send such a request in an email anyway.
 
Top