Wondering

[vince_]

Hi Today I was wondering do sites such as MBAM's forum get attacked and probed a lot by people?

By this I mean script kiddies, black hat's, with a grudge, even other anti virus companies.

One thought was that some people might not like you helping people who they have infected to try and extract money from.

 

 

A curious Vince 

[CWB]

why am i reminded of a saying i first heard maaannny years ago : "deny the enemy information in all quarters" .

[vince_]

Am I the enemy?

If so why?

I don't hack to be nasty or anything like that, the closest I've come to that is running attacks against my own system using backtrack in order to harden it.

 

Vince_ is puzzled by your anwser?......................................................

[CWB]

vince , no accusations were made nor intended .

i simply was reminded of something called OPSEC and similar practices .

there were "reminders" of these in the form of posters and other devices .

[David H. Lipman]

As  a White Hat site that deals with malware mitigation, Yes... Malwarebytes' web sites are a target.

 

However, as CWB pointed out, good OPSEC practices dictate that the extent, type, duration and other information should not be made available.

[vince_]

I googled opsec and found a Wikipedia article on military security, now I know what it means I do see, loose lips sink ships and that..

For a min CWB I thought I had been mistaken for the enemy and was gearing up to be slaughtered LMAO. PHEW

Thanks CWB and David for your replies.

 

You learn something new everyday, well I do cause I don't know much anyway lol.

 

Thanks again guy's

Vince_

[David H. Lipman]

OPSEC - OPerational SECurity is not just about Military security.  It goes well beyond that to;  Government, Corporate, Law Enforcement (LE) and Personal security.
 
Whether we realize it or not, we all have adversaries that are known or that are unknown.  People like to gab and they, more often then not, release information that can benefit the adversary.

• Corporations have adversaries which can be competitors or other nations.
• Law Enforcement have the criminal element which is always trying to get the upper hand over LE.
• Governments always have adversaries which can be criminal, other nations, other forms of government and even domestic terrorists and anarchists.
• People have adversaries too.  They can be people who you have wronged in the past or people who perceive that you have wronged them in the past.  They can be unfriendly neighbours or they can be the criminal element.

To put this into context, one should not get into granular details of the information of Malwarebytes' security posture.  However the rule is... Exaggerate your strengths and deny your weaknesses.  On can state Malwarebytes is a target of malicious actors but should never state what they are doing, what they have accomplished or denied, etc.
 
Now I am going to give your two cases where one violates Personal OPSEC.
 
Case 1:
A woman has a Facebook page and communicates with friends and family regularly. One day she posts on Facebook that her husband is taking her out to dinner that night.  When she and her husband return from dinner, they see that their house has been burglarized.

 
Case 2:
An octogenarian woman has a Facebook page and communicates with friends and family regularly.  She posts family pictures, posts their names and discusses where they live, where they go to school, what grades they are in and so on.
 
One day the woman gets a phone call.  A man on the other end tells her he is Samuel and is her grandson Johnny's best buddy at the University of Toledo.  He relates how Johnny was in an accident with his Chevy Tahoe and the police arrested him for DUI.  He says Johnny needs $5,000 for bale and makes excuses why Johnny can't call her directly and Johnny asked Samuel to call her "Nana Gertie" (as Johhny always calls her) relating how Johnny told him she can help.

 

In both those cases the people in the stories violated Personal OPSEC and thus became the targets of malicious activity.  The Malicious Actors used Social Engineering and performed research on the adversary (victim) so they can exploit their weaknesses.

 

 

BTW:  The above scenarios are based upon real events.

[vince_]

Thanks David for the reply, I've seen social engineering in action and have even had it aimed a few times at me each time I gave them fake info, god knows what they try and do with it. 

I get the fake Microsoft you have a virus calls and I must admit to having a lot of fun with them, I actually look forward to them calling and miss them when they don't ring how sad's that, note to self get out more lol. I figure if I can keep them on the phone it's time they wont be conning other vulnerable people, my best time for keeping them busy is 2 hours 7 mins, It took some doing. I should have recorded some of the phone calls as there have been some memorable moments, like when I had there whole fake Microsoft team called over to listen to me in there little set up, I can never repeat what I said to them that time on hear I would be banned in a flash lol.

 

Thanks again David for your reply and time taken. 

 

Vince_ 

[David H. Lipman]