1970s again

Onebadhawk
Shop deals on ebay
the rocketry show
The Rocketry Forum

Help Support The Rocketry Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
Sooner Boomer said:
No dumber? Challenge accepted!

0V6F64th.jpg
Click to expand...
As Albert Einstein once famously said: "Don't believe everything you see on the internet".

There is not much overlap between the folks who haven't figured out that baskets wont hold liquid and those that know how to operate a gas pump.

The lady with the plastic tote is maybe, and sadly, for real. The folks with laundry baskets and cardboard boxes are just having fun on social media.

Reinhard
 
H_Rocket said:
That's relatively easy. We had system controls in place that could detect an external mass storage device connected to a USB (or any other port) and would block transfers to and from them. We had the system option, though we did not use it, to tattle on you if you even tried. DLP software in enterprise environments is quite common.
Click to expand...

John Kemker said:
You do like Lowes and some other companies have done: You block USB drives in the OS. That doesn't stope someone from inserting a USB Killer, but it will stop malware from reaching the network.
Click to expand...

You can block USB, but so long as the system somewhere connects to the web, it is still susceptible to someone clicking on a phishing email which can install malicious software

Various areas (classified or main plant control) can be kept isolated but most businesses need to connect to the rest of the world - either to drive sales or find information. I'm an engineer and I am constantly searching for a part or product to use in a new design, or getting manuals for existing items....
 
Doug Holverson said:
Well, you had cheesy AM TOP 40 if you didn't know better, the Bicentennial, Estes at its bestest, Centuri, and Grandpa Skow with the world's best little Allis-Chalmers and New Holland dealership.....

Otherwise...

Wanna see my drawin of a cyclop gurl?

View attachment 464512
Click to expand...
Pinto, my Mom had one and I learned to Drive Stick shift in it at 15
 
Michael L said:
That sounds easy. How do you stop someone from bringing a USB stick or drive to the office? Make a policy? That works for people that follow policies to the letter.

If someone hasn't separated their business network from the control network by now they need a new IT department.

I will add that this incident increased my awareness and I will no longer check personal email at work. We all have the freedom to do that but this incident changes the way I see MY responsibility.
Click to expand...
Order workstations without exposed USB. Whitelist only HID, allow only a single bridge. I'm sure there's a bunch of other stuff you can do, these just popped into my head. Oh, and fire people who repeatedly violate datasec policies.
 
les said:
You can block USB, but so long as the system somewhere connects to the web, it is still susceptible to someone clicking on a phishing email which can install malicious software

Various areas (classified or main plant control) can be kept isolated but most businesses need to connect to the rest of the world - either to drive sales or find information. I'm an engineer and I am constantly searching for a part or product to use in a new design, or getting manuals for existing items....
Click to expand...
True. My point was that you can block USB. Email phishing is a social engineering hack and requires social engineering protection: Create a culture of "don't click on anything you're not sure of." Easier said than done.
 
les said:
I'm an engineer and I am constantly searching for a part or product to use in a new design, or getting manuals for existing items....
Click to expand...

Me too, and therein lies another issue: Some manuf. sites require you to create an account to get the info; a datasheet, catalogs, or a quote.. So, now you've given your 'work' credentials to another party, who may or may not have adequate security.. (and then soon an endless stream of 'marketing' from them..)
 
John Kemker said:
True. My point was that you can block USB. Email phishing is a social engineering hack and requires social engineering protection: Create a culture of "don't click on anything you're not sure of." Easier said than done.
Click to expand...

And as I pointed out earlier, the need to 'educate' the work populace. And, some of these 'fake e-mails' are pretty snazzy & look really legit..
 
As mentioned, I get a weekly 'be web safe' reminder from KnowBe4, So yo know what kind of weekly e-mail I get. This also kinda shows how sophisticated these things can be..

this weeks "Scam of the week":


Scam of the Week: Credential Scam With a Clever Twist

If you try logging in to an account, but get a “wrong password” error what do you do? You’ll probably try typing the same password again. But if that doesn’t work do you try another one of your passwords? Then another, and another? Cybercriminals have a clever new scam that takes advantage of this exact behavior.

You receive an email with a link to view an important document. If you click the link, the document looks blurred-out and is covered by a fake Adobe PDF login page. If you enter your email and password, you’ll get an error stating that your password is invalid. This page allows you to try a few more times before eventually blocking you from viewing the document. But the truth is, there was never a document to view. Instead, the cybercriminals saved your email address and every password you tried to use. They can use this information to try to log in as you on other websites.

Don’t be fooled! Remember these tips:
• Remember that any site, brand, or service can be spoofed.
• Never click a link in an email that you were not expecting. If you’re not sure, reach out to the sender by phone to confirm the legitimacy of the email.
• Always use a password that is unique to that specific account. This way, if your credentials are stolen, the cybercriminals can’t access your accounts on other websites.

Stop, Look, and Think. Don't be fooled.
The KnowBe4 Security Team
KnowBe4.com
 
les said:
You can block USB, but so long as the system somewhere connects to the web, it is still susceptible to someone clicking on a phishing email which can install malicious software
Click to expand...

Our DLP would strip links and attachments off any incoming mail and store them in a file for further examination. Our Kiosk machines had epoxy squirted into the open USB ports and you needed a tamper resistant screwdriver to disconnect the ports for the keyboard and mouse. Yes, security made life very inconvenient. If you were authorized to have a USB drive, you had to use ones provided by IT (Iron Key or similar).

les said:
Various areas (classified or main plant control) can be kept isolated but most businesses need to connect to the rest of the world - either to drive sales or find information. I'm an engineer and I am constantly searching for a part or product to use in a new design, or getting manuals for existing items....
Click to expand...

I had the same situation. We used dead drop accounts to control inbound attachments. It was a PITA , but I had to often call for information or have my VAR provide it.

You can't fix stupid users, but you can make them work for it.
 
Growing up, my parents taught me to not trust any phone call you get from a stranger. When I was going off to college, dad sat me down and gave some logical life lessons. One was (paraphrased) "If you get a phone call from the power company or similar saying you need to pay this or that and they want any information, ask for the person's name, ID number and any other information related to their call (ticket number or similar). Then politely end the call, then go to the power company bill, look at the number printed on that and call that number and give them the information. If it is legit, you know you're talking to the real people." (Dad was in his 60's at that point, so he wouldn't use a word like legit. . . hence the paraphrase).

Anyway, I do the same thing with any email I receive that comes from a questionable source. Look at what they are claiming and then launch your own browser, navigate to the known address (i.e. adobe.com etc) and look for what the email is stating. If the email says 'call this number' and you still think it is legit, call the number on the real site, not whatever number they claim.

I don't get a huge amount of spam (amazingly) but one I got today was about a '$500 Walmart card I purchased, call this number if you didn't order it.' Those get completely ignored, obviously, and most others are easily debunked without other research.

The one or two I get per month that seem mildly possible either pass or fail the "I'll call you back" test. I don't click on links, hence the reason I get little spam, I assume.

Sandy.
 
Sandy H. said:
Growing up, my parents taught me to not trust any phone call you get from a stranger. When I was going off to college, dad sat me down and gave some logical life lessons. One was (paraphrased) "If you get a phone call from the power company or similar saying you need to pay this or that and they want any information, ask for the person's name, ID number and any other information related to their call (ticket number or similar). Then politely end the call, then go to the power company bill, look at the number printed on that and call that number and give them the information. If it is legit, you know you're talking to the real people." (Dad was in his 60's at that point, so he wouldn't use a word like legit. . . hence the paraphrase).

Anyway, I do the same thing with any email I receive that comes from a questionable source. Look at what they are claiming and then launch your own browser, navigate to the known address (i.e. adobe.com etc) and look for what the email is stating. If the email says 'call this number' and you still think it is legit, call the number on the real site, not whatever number they claim.

I don't get a huge amount of spam (amazingly) but one I got today was about a '$500 Walmart card I purchased, call this number if you didn't order it.' Those get completely ignored, obviously, and most others are easily debunked without other research.

The one or two I get per month that seem mildly possible either pass or fail the "I'll call you back" test. I don't click on links, hence the reason I get little spam, I assume.

Sandy.
Click to expand...
I got one of those recently from Google. I kept getting pop-ups on my phone (but not my laptop) that said Google Play needed my birthdate to comply with some law. I wouldn't click on the link. But whenever I opened the Google Play app, I couldn't find any such request. Today, after the umteenth time, I finally opened the personal part of my Google account instead of Google Play. There, they were asking for my birth date. I always go directly to Chase, Google, Firefox, State Farm, or whatever and NEVER click on a link. Most reputable places tell you flat out that they will never send such a request in an email anyway.
 

Similar threads

That Rocket Man
Built my first alpha in 1977
Replies
4
Views
189
tsmith1315
tsmith1315
tsmmiller
On the other foot, The car from your past you miss the least!
2
Replies
54
Views
1K
icyclops
icyclops
g.pitts
Composite Warehouse, er, Wildman
2
Replies
47
Views
2K
Popflyer
Popflyer
techrat
The Game of Life
2
Replies
43
Views
1K
Antares JS
Antares JS
B
Interesting Reading
Replies
7
Views
491
cls
C

Latest posts

Back
Top