9 Jul
2023
9 Jul
'23
7:51 p.m.
Be aware that clicking on a malicious url can result on malware or spyware being installed
on your machine without any further action on your part. All browsers have
vulnerabilities. The most famous of these was the older version of Pegasus by NSO back in
the 2014-2016 timeframe. These so called 1-click exploits are well known to bad actors.
It’s a continuous cat and mouse game between exploit writers and infosec. For the
interested, look at this report regarding Apple and the “Trident” series of exploits from
2016.
https://info.lookout.com/rs/051-ESQ-475/images/pegasus-exploits-technical-d…
—-Todd
P.S. Exploits have evolved considerably since Trident and now include 0-click exploits.
See Google’s Project Zero for instance.
9 Jul
9 Jul
8:12 p.m.
On 7/9/23 12:51, Todd Pisek via cctalk wrote:
Be aware that clicking on a malicious url can result
on malware or spyware being installed on your machine without any further action on your
part. All browsers have vulnerabilities. The most famous of these was the older version of
Pegasus by NSO back in the 2014-2016 timeframe. These so called 1-click exploits are well
known to bad actors. It’s a continuous cat and mouse game between exploit writers and
infosec. For the interested, look at this report regarding Apple and the “Trident” series
of exploits from 2016.
https://info.lookout.com/rs/051-ESQ-475/images/pegasus-exploits-technical-d…
—-Todd
It helps if you're running a version of *nix....and not fenestrae.
--Chuck
10 Jul
10 Jul
12:10 a.m.
On 7/9/23 3:12 PM, Chuck Guzis wrote:
It helps if you're running a version of
*nix....and not fenestrae.
Not as much as one would hope.
Android (Linux) and iOS (BSD derivative thus probably has a better clain
to Unix) have had 1-click or the dreaded 0-click vulnerabilities (bugs)
repeatedly throughout their life cycle.
It's not just desktop software.
*nix isn't and end-all be-all cure.
Grant. . . .
11:50 a.m.
On Sun, 9 Jul 2023, Todd Pisek via cctalk wrote:
Be aware that clicking on a malicious url can result
on malware or spyware being installed on your machine without any further action on your
part. All browsers have vulnerabilities. The most famous of these was the older version of
Pegasus by NSO back in the 2014-2016 timeframe. These so called 1-click exploits are well
known to bad actors. It?s a continuous cat and mouse game between exploit writers and
infosec. For the interested, look at this report regarding Apple and the ?Trident? series
of exploits from 2016.
https://info.lookout.com/rs/051-ESQ-475/images/pegasus-exploits-technical-d…
Excellent advice. I'd also point out that malware can be served up by ad
networks, so it's also in your best interests to install the Privacy
Badger and U-Block Origin plugins to whatever browser you use.
If you're /really/ paranoid, read email with Alpine. You'll never get
phished when it's painfully obvious where a link *really* goes. ;)
g.
--
Proud owner of F-15C 80-0007
http://www.f15sim.com - The only one of its kind.
http://www.diy-cockpits.org/coll - Go Collimated or Go Home.
Some people collect things for a hobby. Geeks collect hobbies.
ScarletDME - The red hot Data Management Environment
A Multi-Value database for the masses, not the classes.
http://scarlet.deltasoft.com - Get it _today_!
28 Jul
28 Jul
10:36 p.m.
TLDR:
“your computer can be infected by clicking on a single link … please click on this single
link.”
Is this an IQ test?
Did I pass?
On Jul 9, 2023, at 2:51 PM, Todd Pisek via cctalk <cctalk(a)classiccmp.org> wrote:
[EXTERNAL EMAIL]
Be aware that clicking on a malicious url can result on malware or spyware being installed
on your machine without any further action on your part. All browsers have
vulnerabilities. The most famous of these was the older version of Pegasus by NSO back in
the 2014-2016 timeframe. These so called 1-click exploits are well known to bad actors.
It’s a continuous cat and mouse game between exploit writers and infosec. For the
interested, look at this report regarding Apple and the “Trident” series of exploits from
2016.
https://info.lookout.com/rs/051-ESQ-475/images/pegasus-exploits-technical-d…
—-Todd
P.S. Exploits have evolved considerably since Trident and now include 0-click exploits.
See Google’s Project Zero for instance.
29 Jul
29 Jul
4:31 a.m.
On 7/28/23 17:36, Tapley, Mark B. via cctalk wrote:
TLDR:
“your computer can be infected by clicking on a single link … please click on this single
link.”
Is this an IQ test?
Did I pass?
Yes. A three letter company I worked for and another large company in
San Diego would send out less obvious emails and if you clicked on
them, would get remedial invites to training.
BTW, these are pretty simple to navigate with lynx. I downloaded a
pretty subtle one some time ago and unpacked the payload. Fun things I
didn't follow, mostly sucking in other stuff from other sites.
thanks
Jim
On Jul 9, 2023, at 2:51 PM, Todd Pisek via cctalk
<cctalk(a)classiccmp.org> wrote:
[EXTERNAL EMAIL]
Be aware that clicking on a malicious url can result on malware or spyware being
installed on your machine without any further action on your part. All browsers have
vulnerabilities. The most famous of these was the older version of Pegasus by NSO back in
the 2014-2016 timeframe. These so called 1-click exploits are well known to bad actors.
It’s a continuous cat and mouse game between exploit writers and infosec. For the
interested, look at this report regarding Apple and the “Trident” series of exploits from
2016.
https://info.lookout.com/rs/051-ESQ-475/images/ pegasus-exploits-technical-details.pdf
—-Todd
P.S. Exploits have evolved considerably since Trident and now include 0-click exploits.
See Google’s Project Zero for instance.
481
days inactive
501
days old
6 comments
7 participants
participants (7)
-
Chuck Guzis -
geneb -
Grant Taylor -
jim stephens -
Jonathan Chapman -
Tapley, Mark B. -
Todd Pisek