| (This article is not intended to teach people how to | | | | remote internet server to use your computer for |
| hack, but rather to teach the ordinary person how to | | | | sending spam or DDOS attacks. I could search your |
| "stay safe" on the internet) | | | | machine for confidential info like login info, credit card |
| I'm going to talk about the pros and cons of 2 of the | | | | #s, contacts and other personal info; I'm sure everyone |
| most visited sites on the internet; LinkedIn and LinkedIn | | | | gets the idea. So what could be done to protect |
| is a great site to quickly expand your "business | | | | yourselves? Well if its not against your companies |
| affiliates"; many people simply post their email address | | | | security policy to surf random sites, and you have your |
| for anyone to contact them to "join their network". You | | | | own personal computer, I wouldn't be going to this site, |
| could definitely establish some good contacts at | | | | amongst other sites like Myspace or MegaUpload. At |
| specific companies or even find out about open jobs; | | | | a minimum, log into LinkedIn and accept your invitations |
| many people even refer others or vouch for their | | | | to join peoples network from here; DO NOT accept a |
| experience, which pretty much means that they owe | | | | request from an email to your personal email address |
| you a favor later on - like in the Godfather ; ) But the | | | | that you gave on LinkedIn to add them to your |
| problem with leaving your internet address like that, is | | | | network. |
| anyone can make a fake Linked In "Join my Network" | | | | Ever heard of MegaUpload? It's in the top 100 most |
| request (that looks like the same request the victim | | | | visited sites on the internet. You can upload as much |
| has seen 300 other times), and pretty much trick the | | | | stuff to their servers as you want (like files too big to |
| user into clicking on a link that can do really any | | | | be sent via email), and other people can download it |
| number of things, by sending out an email that looks | | | | when they want (just send them a link), and the |
| like it actually came from a valid LinkedIn user. To give | | | | service is free. Could also be used for a public ftp |
| you a scenario - If I was to do this, that link would | | | | server (unlimited bandwidth courtesy of MegaUpload). |
| automatically look for exploits or vulnerabilities in your | | | | It also circumvents users from sending attachments |
| browser (basic users probably using Internet Explorer, | | | | via email (corporate users can easily violate their email |
| right?) and then exploit them with some new 0 day | | | | security policy by simply sending someone a link to |
| (new exploit with no patches yet) or some other | | | | download their multimedia). Security managers must be |
| exploit thats been floating around for awhile. | | | | pacing around like caged animals; but at least there's a |
| This exploit will then allow me further control over your | | | | signature for this activity if your using a good Intrusion |
| computer; I could even download more code from a | | | | Detection System like Secnap's Hackertrap. |