I just participated in a live web meeting with the author of this book
https://www.amazon.com/Social-Engineering-Science-Human-Hacking/dp/111943338X

He went through the four current vectors of hacking
phishing -> by email, old technology
SMishing -> by text message
Vishing -> by voice phone call spoofing
Impersonation -> dressing up and playing the part.

First, he claimed to have sent out over 91 M phishing emails in his hacking career
He recorded one of his live demonstations on unsuspecting targets, where he planted a remote access back door into a client's computer with the client on the phone.

His only recommendation is to use a cloud based password manager, with two factor authentication. that will save you when you are in a hurry, stressed, and forget to ignore the security rules you have in place. . . and the vault can be linked across multiple platforms. . . keepass, 1password are best from a researched point of view.

most SMishing text will take you to a fake webpage where you enter your information which the thief wants to harvest, and then when you hit enter, it takes you to the real page, as if nothing happened, other than you gave the hackers your information.

The optimal password is long, such as a sentence, you can easily remember, including capitals and numbers and special characters . . his sample was "On Oct 20 i gave a presentation to SECO Electric Company!"

Also, saving a password file in the icloud or google cloud is also not secure, as the recent case just settled in Tampa. . if your account info is phished, same with paris hilton, who used real answers to security questions, got hacked.

Man accused of hacking, selling login credentials of Tampa Bay residents, others (https://www.tampabay.com/news/crime/2021/09/13/man-accused-of-hacking-selling-login-credentials-of-tampa-bay-residents-others/)

good luck

IT guy

Another thing to keep in mind: the Cloud is not, in fact, in a cloud, but is a large array of computers in somebody's large room. Maybe a little more secure than old networking arrays, but still vulnerable.

Very interesting. Thanks!

Nightmare

Hacking gets worse and worse

I just participated in a live web meeting with the author of this book
https://www.amazon.com/Social-Engineering-Science-Human-Hacking/dp/111943338X

He went through the four current vectors of hacking
phishing -> by email, old technology
SMishing -> by text message
Vishing -> by voice phone call spoofing
Impersonation -> dressing up and playing the part.

First, he claimed to have sent out over 91 M phishing emails in his hacking career
He recorded one of his live demonstations on unsuspecting targets, where he planted a remote access back door into a client's computer with the client on the phone.

His only recommendation is to use a cloud based password manager, with two factor authentication. that will save you when you are in a hurry, stressed, and forget to ignore the security rules you have in place. . . and the vault can be linked across multiple platforms. . . keepass, 1password are best from a researched point of view.

most SMishing text will take you to a fake webpage where you enter your information which the thief wants to harvest, and then when you hit enter, it takes you to the real page, as if nothing happened, other than you gave the hackers your information.

The optimal password is long, such as a sentence, you can easily remember, including capitals and numbers and special characters . . his sample was "On Oct 20 i gave a presentation to SECO Electric Company!"

Also, saving a password file in the icloud or google cloud is also not secure, as the recent case just settled in Tampa. . if your account info is phished, same with paris hilton, who used real answers to security questions, got hacked.

Man accused of hacking, selling login credentials of Tampa Bay residents, others (https://www.tampabay.com/news/crime/2021/09/13/man-accused-of-hacking-selling-login-credentials-of-tampa-bay-residents-others/)

good luck

IT guy


Why isn’t the guy in jail. I thought scam runners was illegal? I would think there would be no status of limitations that?

I am so glad to be retired as the name of my computer store for thirty years was THE HACKERY. A long time ago a hacker was a person who had a lot of knowledge about computers which was positive. Now, my old store and I would probably be under 24hr surveillance by many government agencies.

Another thing to keep in mind: the Cloud is not, in fact, in a cloud, but is a large array of computers in somebody's large room. Maybe a little more secure than old networking arrays, but still vulnerable.


I like to make it more simple than that.

The cloud is simply a computer that someone else owns and has full access to.

I like to make it more simple than that.

The cloud is simply a computer that someone else owns and has full access to.
Still better than storing it in a real cloud. When it rained, you would be screwed.

Still better than storing it in a real cloud. When it rained, you would be screwed.

Then there's that pesky problem of keeping it suspended. I suppose helium or hydrogen balloons, but connectivity gets to be a problem.

Not only that, having been in a cloud before myself, it really is not a great environment for electronics. It's cold, clammy and humidity is very high.

Scary stuff. I wish law enforcement would allocate significant resources toward identifying those that commit cyber theft and prosecute them to the fullest extent allowable. The laws should also be updated to treat cyber theft criminals more severely than those who commit traditional crimes. I would much rather have someone break into our house and try to steal our stuff than have some faceless and spineless wimp try to steal our hard earned money through the World Wide Web. At least if they break into our house they have the stones to try to physically go through me rather than hide behind a keyboard. Whatever happened to the good old days when people had a strong work ethic and were proud to put in a good days work to legally EARN their money?