[colug-432] "Interesting" Phone Call

Rick Troth rmt at casita.net
Fri Jun 22 16:03:31 EDT 2012


May I quote you on this?

I'm giving a talk next week on SSL.  It will include "trust models"
and will lead to PGP and SSH and stuff like that.

One of the points will be "water cooler leaks", ie: that the biggest
security holes are human.

This story is just too juicy to pass up!

-- Rick; <><


On Fri, Jun 22, 2012 at 3:55 PM,  <jep200404 at columbus.rr.com> wrote:
> I got an "interesting" phone this afternoon from someone who
> claimed that my Microsoft Windows computer was sending them
> messages with passwords and other nifty secrets, and that they
> were calling to help me remove the bad software that sending
> the secrets. He asked if I was in front my computer. I asked
> if the problem was due specifically to MS Windows, and he
> confirmed yes. When I said that I did not have a Windows
> computer, he said he must have the wrong number and hung up.
> He had a south asian accent.
>
> When he asked if I was in front of my computer, I think he was
> going to have me go to some web site that would take over
> my computer under the guise of "helping me".
>
> If I had been thinking quicker, I would have booted Knoppix on
> a computer with no hard drive, then play along. With more
> preparation, wireshark, honeypots, and friends would be fun.
> A fun question _before_ visiting the sucker web site would
> be to ask what my IP address is (since they are getting
> messages from my computer) and how they got from my IP address
> to my phone number.
>
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432



-- 
-- R;   <><
'::1, sweet ::1'



More information about the colug-432 mailing list