Shakedown Social

Erik van Straten<a href="https://social.wildeboer.net/@jwildeboer" class="u-url mention" rel="nofollow noopener" target="_blank">@jwildeboer</a> wrote: "Dear <a href="https://infosec.exchange/tags/Letsencrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#Letsencrypt</a>, you helped secure millions and millions of servers"They never did. Since Forward Secrecy is used (which is good), the one and only purpose of an X.509 certificate is to authenticate an entity, based on unique and *useful* identification of said entity.Have a look at <a href="https://crt.sh/?q=968717.com" rel="nofollow noopener" translate="no" target="_blank">https://crt.sh/?q=968717.com</a> for the "usefulness" of identification (and waste of resouces).Or what about <a href="https://crt.sh/?q=localbit.com" rel="nofollow noopener" translate="no" target="_blank">https://crt.sh/?q=localbit.com</a> which includes certificates for <a href="https://ww25.ww38.ww38.ww38.ww16.ww25.ww25.ww38.localbit.com" rel="nofollow noopener" translate="no" target="_blank">https://ww25.ww38.ww38.ww38.ww16.ww25.ww25.ww38.localbit.com</a>? (I can give you zillions of examples like this).Although a DV-cert may suffice for server to server communication (*), a domain name simply does not suffice for useful identification by humans.Fix: <a href="https://infosec.exchange/@ErikvanStraten/113079966331873386" rel="nofollow noopener" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113079966331873386</a>.(*) Certificate misissuances: <a href="https://infosec.exchange/@ErikvanStraten/112914050216821746" rel="nofollow noopener" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/112914050216821746</a>.<a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener" target="_blank">#DVcerts</a> <a href="https://infosec.exchange/tags/DomainValidation" class="mention hashtag" rel="nofollow noopener" target="_blank">#DomainValidation</a> <a href="https://infosec.exchange/tags/BrowsersSuck" class="mention hashtag" rel="nofollow noopener" target="_blank">#BrowsersSuck</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#LetsEncrypt</a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#GoogleIsEvil</a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#BigTechIsEvil</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudflareIsEvil</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a>

Erik van StratenVirussen en phishing(Een late reactie op een discussie tussen <a href="https://mastodon.nl/@EllyvA" class="u-url mention" rel="nofollow noopener" target="_blank">@EllyvA</a> en <a href="https://mastodon.nl/@ximaar" class="u-url mention" rel="nofollow noopener" target="_blank">@ximaar</a> eindigend met <a href="https://mastodon.nl/@EllyvA/114064535418745561" rel="nofollow noopener" translate="no" target="_blank">https://mastodon.nl/@EllyvA/114064535418745561</a>).Computervirussen, in de zin van malware (malicious software) die zichzelf verspreidt, zie ik nauwelijks nog - omdat mensen geen floppies meer gebruiken om gegevens uit te wisselen.Cybercriminelen gebruiken nu vooral social engineering om mensen te bestelen, of om aan vertrouwelijke gegevens te komen waarmee zij vervolgens mensen overtuigen dat zij een betrouwbare partij zijn.Als zij malware maken bestaat de kwaadaardige component uit een programma (of script in het een of andere document) dat zij bij elke verspreiding wijzigen, en eerst testen op alle gangbare virusscanners (waardoor de meeste scanners aanvankelijk kansloos zijn).In een steeds groter deel van de gevallen maakt malware misbruik van standaard onder Windows geïnstalleerde software ("lolbins" - Living Of the Land binaries) of installeert een legitieme driver waarmee verhoogde rechten (administrator privileges) worden verkregen.Ook zeer populair zijn RAT's, Remote Access Tools zoals Teamviewer en Anydesk (steeds vaker misbruikt ook op Android en iPhones). Mensen wordt vaak voorgelogen dat zij een virusscanner zouden moeten installeren - en dat is dus zo'n RAT, zie <a href="https://infosec.exchange/@ErikvanStraten/113987804370380156" rel="nofollow noopener" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113987804370380156</a>.En inderdaad is phishing een gigantisch probleem - waar virusscanners nauwelijks of niet tegen helpen, omdat criminelen steeds nieuwe domeinnamen gebruiken (vb: <a href="https://security.nl/posting/879531" rel="nofollow noopener" translate="no" target="_blank">https://security.nl/posting/879531</a>) voor hun websites, en vaak captcha's inzetten waar virusscanners niet "doorheen komen".Het komt ook voor dat automatisch door browsers verzonden gegevens, en/of IP-adressen, en/of tijdstip van de dag vaak aan specifieke criteria moeten voldoen wil de kwaadaardige versie van een website worden getoond (zie screenshot, druk Alt voor meer info).Het beste dat je kunt doen, na het openen van een webpagina, is niet op de inhoud letten maar op de DOMEINNAAM (in de adresbalk van de browser). Voor veel te veel mensen is het echter (nagenoeg) onmogelijk om vast te stellen dat een gegeven domeinnaam *niet* van de gesuggereerde organisatie is - en hier bestaat helaas geen SIMPEL en betrouwbaar recept voor.<a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/Virusscanners" class="mention hashtag" rel="nofollow noopener" target="_blank">#Virusscanners</a> <a href="https://infosec.exchange/tags/SocialEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#SocialEngineering</a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#BigTechIsEvil</a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#GoogleIsEvil</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudflareIsEvil</a>

Erik van Straten<a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener" target="_blank">@aral</a> : most Let's Encrypt (and other Domain Validated) certificates are issued to junk- or plain criminal websites.They're the ultimate manifestation of evil big tech.They were introduced to encrypt the "last mile" because Internet Service Providers were replacing ads in webpages and, in the other direction, inserting fake clicks.DV has destroyed the internet. People loose their ebank savings and companies get ransomwared; phishing is dead simple. EDIW/EUDIW will become an identity fraud disaster (because of AitM phishing atracks).Even the name "Let's Encrypt" is wrong for a CSP: nobody needs a certificate to encrypt a connection. The primary purpose of a certificate is AUTHENTICATION (of the owner of the private key, in this case the website).However, for human beings, just a domain name simply does not provide reliable identification information. It renders impersonation a peace of cake.Decent online authentication is HARD. Get used to it instead of denying it.REASONS/EXAMPLES🔹 Troy Hunt fell in the DV trap: <a href="https://infosec.exchange/@ErikvanStraten/114222237036021070" rel="nofollow noopener" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/114222237036021070</a>🔹 Google (and Troy Hunt!) killed non-DV certs (for profit) because of the stripe.com PoC. Now Chrome does not give you any more info than what Google argumented: <a href="https://infosec.exchange/@ErikvanStraten/114224682101772569" rel="nofollow noopener" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/114224682101772569</a>🔹 https:⧸⧸cancel-google.com/captcha was live yesterday: <a href="https://infosec.exchange/@ErikvanStraten/114224264440704546" rel="nofollow noopener" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/114224264440704546</a>🔹 Stop phishing proposal: <a href="https://infosec.exchange/@ErikvanStraten/113079966331873386" rel="nofollow noopener" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113079966331873386</a>🔹 Lots of reasons why LE sucks: <a href="https://infosec.exchange/@ErikvanStraten/112914047006977222" rel="nofollow noopener" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/112914047006977222</a> (corrected link 09:20 UTC)🔹 This website stopped registering junk .bond domain names, probably because there were too many every day (the last page I found): <a href="https://newly-registered-domains.abtdomain.com/2024-08-15-bond-newly-registered-domains-part-1/" rel="nofollow noopener" translate="no" target="_blank">https://newly-registered-domains.abtdomain.com/2024-08-15-bond-newly-registered-domains-part-1/</a>. However, this gang is still active, open the RELATIONS tab in <a href="https://www.virustotal.com/gui/ip-address/13.248.197.209/relations" rel="nofollow noopener" translate="no" target="_blank">https://www.virustotal.com/gui/ip-address/13.248.197.209/relations</a>. You have to multiply the number of LE certs by approx. 5 because they also register subdomains and don't use wildcard certs. Source: <a href="https://www.bleepingcomputer.com/news/security/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/" rel="nofollow noopener" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/</a><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener" target="_blank">@EUCommission</a> <a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener" target="_blank">@letsencrypt</a> <a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener" target="_blank">@nlnet</a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#Authentication</a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener" target="_blank">#Impersonation</a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Spoofing</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#GoogleIsEvil</a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#BigTechIsEvil</a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener" target="_blank">#Certificates</a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener" target="_blank">#httpsVShttp</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener" target="_blank">#FakeWebsites</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudflareIsEvil</a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener" target="_blank">#bond</a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener" target="_blank">#dotBond</a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener" target="_blank">#Spam</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ransomware</a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener" target="_blank">#Banks</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudflareIsEvil</a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener" target="_blank">#FakeWebsites</a>

Erik van Straten<a href="https://troet.cafe/@rohare" class="u-url mention" rel="nofollow noopener" target="_blank">@rohare</a> : phishing can and should be mitigated.See <a href="https://infosec.exchange/@ErikvanStraten/114222237036021070" rel="nofollow noopener" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/114222237036021070</a>.<a href="https://infosec.exchange/@haveibeenpwned" class="u-url mention" rel="nofollow noopener" target="_blank">@haveibeenpwned</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/Browsers" class="mention hashtag" rel="nofollow noopener" target="_blank">#Browsers</a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#BigTechIsEvil</a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#GoogleIsEvil</a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudflareIsEvil</a>

Recent searches

Search options

Administered by:

Server stats:

#bigtechisevil