Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Cyber Security Awareness Tip #1: Penetrating the This Does Not Apply To Me Attitude - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cyber Security Awareness Tip #1: Penetrating the This Does Not Apply To Me Attitude

As you are hopefully aware, October is the Cyber Security Awareness month. We will focus on one security awareness subject per day. Marc published the agenda at http://isc.sans.org/diary.html?storyid=3429 so let’s start with the first tip.

What are your tips for system administrators and others trying to get the word out to user? How did you get past the “This Does Not Apply To Me” attitude? Submit your ideas and stories here.

You might have heard this from your managers and CEOs multiple times – that they are not the target and that certain vulnerabilities don’t apply to them. An example of security not taking personally hit the news couple of days ago when Francis Ford Coppola’s laptop got stolen (http://www.nydailynews.com/gossip/2007/09/28/2007-09-28_francis_ford_coppolas_laptop_stolen.html). The laptop’s value in the whole story is negligible – the main issue here is that it contained the script for his upcoming movie and that there was no backup (at least it appears like so since Coppola pleaded for the return of the laptop).

Alan M. sent us another real story:

“I was called to help remove a phishing site from an ISP's apache server. It was not an easy offsite fix as the hacker was no script-kiddie and very actively fought from many countries' ips to retain "his" server.
One digi-macho guy let the hacker have a major advantage over me...
I setup a new linux machine offline to replace the bad server then put it online on an unused address of the ISP. I ssh'ed into it. While I was working, I noticed something odd in an lsattr directory listing. I ran "who" and found another me on the machine as root. Time from my login until hacked  <10 minutes. The hacker was playing man in the middle.
I fired up Nesus and ran a scan on the ISP staff machines and found one was infected. I went to that computer and its user and found the ANTIVIRUS program removed from the machine. I asked why? The reply, "I don't keep anything important on this machine. It doesn't need to be Fort Knox. I can reformat it if it gets infected."
I had to explain to him that his machine wasn't "Fort Knox" but the hacker had stolen his machine and used it as a bulldozer to break into the ISP.
"Well I didn't know that could happen. I thought the viruses just sent spam."

I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Munich July 2019

Bojan

376 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!