My point with this story is that while it is extremely unlikely that people try to do this to regular people, there are plenty of people that do try to do these type of creepy things.Īs such my argument isn't that this story is happening everywhere but that exposing data that can be used by malicious people is not recommended. Bingo an address popped on the ISPs invoice. But now William listens in to all she does while also having access to her network to further compromise devices.Ī series of oversimplified steps down the line gives William access to Kate's PC to go through her data, and finds her ID and other documents. Kate has no idea this happened other than a short hiccup in the connection and goes about her day doing things on the internet. Now imagine, William finds out that Kate has a router which has not been updated in years and is vulnerable to privilege escalation to the point that he can turn on the built-in VPN to redirect all network traffic to his own sniffing box. He performs the neccesary scans and uses tools to quickly try and see if there is a vulnerable device. William has options now to see if he can find additional clues from their conversation or, if he is truly malicious, could start doing his recon on the IP to see if there is a vulnerable device. Depending on the size of the ISP, this can give a first indicator of geographic location but is not enough to dox someone. That won't do for William and he goes on a hunt.īy using the IP address he is able to generically determine which ISP is offering the service to Kate. Kate is taken aback and refuses him, shortly after leaving the call. He finds her cute and asks if she is open for a date. ![]() ![]() So Kate and William match on Omegle and William is instantly interested in her. ![]() ![]() The user device, like 95% of devices, is not actively monitored beyond an anti virus application. The user, like 95% of the world, is not a security professional. So, let me paint a hypothetical situation with two users, Kate as victim and William as perpetrator.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |