posted January 21, 2022 02:35 PM            

I wanted to give a warning to those who either never had it occur or anyone unaware how common it is. Phishing on Windows machines is a huge issue, I read it is an every day thing now. I'm relieved it was more a scam than a *r ansom* attack. It's unbelievable how these system exploits keep coming, still that Co. has nothing safe to block this for the customers .. and ppl trust they can't be hacked if they take a fancy cocktail? Crazy world today.

This happened in my family - My mother got phished yesterday, they are harassing her. Moved her money out of her savings to get access to it too. How it started, the screen she clicked on was what appears MS (to her) but I think she was given a dummy site or it was loaded on her new PC. I read through a blog awhile back they create mimick search results (dummy sites) so anyone is easily caught in this trap.

She's filed a police report, got her bank locked dn. Everything has been stressful for her. This is not her fault, they are convincing. I think they are masterful to play upon emotions too. He told her "my boss will be mad if you don't do my instructions, I'll lose my job". When she wanted to resist the decimal he was directing her to. This is sad people can be given these dilemmas *on top* of everything else.

Her email, phone numbers are getting changed and she's contacting the soc security people, he got her last 4digits. What a mess.

Be careful. I'm personally not someone who trusted/bought MS for about 10years now.
I had a nice Win10 All in one flat screen. I quit using so long ago. Stored it because I hoped to someday get a savvy person help strip Win out and use Linux. Idk .. but my only way online is via hand held droids in the last decade.

posted January 26, 2022 08:22 AM            

quote:

---

Originally posted by MoonMystic:
.. wanted to give a warning to those who either never had it occur or anyone unaware how common it is. Phishing on Windows machines is a huge issue, 🏴‍☠️

---

Normally I whouldn't get involve and offer any suggestions on this topic.

I belive both you and Teasel have a good heart so I will offer some tips here.

It does sound like a phishing attack, however phishing attacks are not isolated to windows machines only.

This is because this type of attack is commonly run through your web browser and web browsers are multiplatform..they run on every operating system even mobile OS.

Currently it's the browser that is the weakest link in the OSI (Internet Model) because your browser just interprets the data being sent/received as web packets and displays them.

So anything that appears on your browser can be manipulated, altered and changed.

Don't believe me see the tutorial and try it yourself:

https://blog.devmountain.com/how-to-use-inspect-element-jump-into-what-makes-a-web-page-tick/

To defend against this there are two things

1) only access a website that uses https://
this makes it 90% safe since it will now use TLS.

The TLS process goes as follows,
the extra S in https means secure meaning that the website will first need to have a digital certificate which at least validates that the website is comming from a trusted source.

Next a one to one encryption exchange between the website your viewing and the server occurs, typically RSA, SHA-256..which works on a public and private key exchange.

This makes it difficult for somewhat to host a fake site because they might get the public keys for the encryption but won't have access to the private keys, you need both.

lindaland is not a secure site for that reason and could be a gateway for phishing!!!.

2)The next option is never click a link your not familar with, always manually type in the website.

Typically phising sites will have a URL address that doesn't match the actually website.

For exampe I could create a fake website that looks like google, but I can't use www.google.com.

I could try something like www.ggoogle.com and hope nobody notices.

This is because once the domain name for a website is taken, it's taken.

A lot of phishing website will not display the URL for this reason.

Other tips:

Opera has a free VPN built into it if you use the browser, it says a VPN but it's techinically just a proxy.

https://www.myce.com/wp-content/images_posts/2016/04/opera-vpn-enabled-popup.png

MoonMystic,

If you want to feel more secure..i'm sure you must still be feeling shaken about it.

Since your using linux, try to see if you can install Virtual Machine too and run linux from virtual box.

https://www.virtualbox.org

A lot of security is moving towards virtualization. basically it's simulating another computer inside a computer.

If someone tries to attack you then they get traped..because the computer you were using techinically doesn't exist.

I will have to find the article a couple of Russian intrusions were defeated using a virtualization server.

If you use virtualization, then a VPN or Opera which has a free VPN..be it a bit slow because its free...followed by safe web browsing practices.

You should be well protected, a layered defense is best.

FYI. I have a BSc In Computer Science with a focus in networking.

I will most likely edit out this post in a couple days.

posted January 26, 2022 09:11 AM            

quote:

---

Originally posted by Randall:
Great information. However, let me correct yo on one thing. The only reason LL is "not a secure site" is because we don't have a security certificate for https protocol. That scrambles your credit card info. We do not ever ask for that info, so we don't need https. Phishing can't occur more easily here than anywhere else. I would also add that the NSA created https so that they can easily hack those sites. Facts.

---

Not entirely correct, netscape created https in 1994 with it's SSL protocol, not NSA.
Just took time for widespread implementation.

However it is true that NSA can break https.

There is a thing called https striping, that downgrades a site from https to http..
For a normal user that wants to do it, it works 50% of the time.

NSA whould have much much higher success rate. But I'm not going to get into that.

FACTS!!.

posted February 05, 2022 11:35 AM            

quote:

---

Originally posted by Randall:
Wrong. The NSA used Netscape as a private company to introduce https for credibility. This all came out in the news when Snowden ratted them out.

---

To the best of my knowledge it was a funded project by NSA.

I don't agree with you with the NSA needing Netscape to make HTTPS creditable.

From a technical perspective...have you actually seen or performed the classic man-in-middle-attack (MITM) or eavesdropper type attack in action on http?

Get a Penetration Tester and see for yourself.

Once you've seen it you'll realize how vulnerable all browsers not just the old netscape browser and why HTTPS and TLS is important to prevent both the client/server from being poisoned.

If it wasn't netscape someone else whould have come up with some other scheme simmilar to HTTPS.

My Planets
=========================================
☉‘ ♊, ☽ ♈, ASC ♑, ☿ ♊, ¡÷ ♉, ¡ö ♋ , ♃ ♒, ♄ ♏, ♅ ♐, ♆ ♑

posted February 07, 2022 12:07 AM            

If one goes to CREST and looks up the freedom of information act released, previously classified, CIA files (funnily enough, often still highly redacted), one can find at least a few files that talk about how the CIA has infiltrated and uses corporate media to influence public perception and the like. Also believe there are some references to doing similar in relation to Universities.

These folks are playing the long game, and their intentions and agendas are not fundamentally positive. These essentially work for the psychopathic plutocrats of the world i.e. the wealthiest folks and families, and I don't mean folks like Bezos, Musk, Zuckerburg, and the like who are the new money and publicly "wealthiest" folks. Sure, they are part of the "game" too, but I'm talking the old money--the folks that have been playing this game literally for centuries and own so many things and have so much money invested in so many different ventures that it would be impossible to trace/track it all (especially since so much of it is behind shell companies), but suffice it to say, probability is that if one could do so, these would be trillionaires.

These are the folks behind the starting of wars and who make or break nations based on their power mad whims. And the CIA, NSA, DIA, etc works for these folks and not for the publicly elected government. One big rotting mess of psychopathy, plutocracy, and global control/influence.

(And this is why the Creative Forces, via nature and more specifically the Sun, will be intervening in human affairs in drastic ways, because there is no other way to stop this juggernaut machine. It will take a total collapse of it all.)