[FRIAM] "Drop box" phishing
glen ☣
gepropella at gmail.com
Wed Mar 22 16:25:45 EDT 2017
It seems like someone could make it sufficiently easy to isolate the highest risk interfaces in a VM or container. E.g. rather than double-clicking on a native email app (or web browser) to read your email, you'd double-click on a native host program that launches a container for the email app (or web browser). Then you contain the infection (or ransomable content) within the container. Of course, that assumes two things: 1) a staged backup of the container image and 2) an easy path to purposefully move valid data out of the container and into the rest of your work environment.
Sure, data that looks valid could still creep out. But it would help with those "uh-oh, I clicked on the wrong thing" episodes. Here are several containers one could use:
http://linoxide.com/how-tos/20-docker-containers-desktop-user/
It seems so obvious, either I'm missing something significant or such a convenience already exists somewhere. Perhaps here:
https://bufferzonesecurity.com/product/how-it-works/
But that seems very "enterprisy" or "sledgehammery". I'd think one could do a personal version merely with a little clever scripting.
On 03/22/2017 12:44 PM, Barry MacKichan wrote:
> No, but the phishermen are getting better and better all the time. In some cases, I have to look at the message source, for email, to check what the real URLs are for the links. I see a lot from the .ru domains. I don’t really see how people can avoid these scams without a trove of knowledge that we used to consider ‘geeky’.
--
☣ glen
More information about the Friam
mailing list