15d ago (edited) in 💻 Tech
Email is stupid/broken/unmanageable
I was today years old when this first penny dropped for me.
Email Link-following. Cool term, what does it mean?
In hindsight, it's obvious. In order to protect you from bad guys including bad links in the email they send to you, your email server is most likely... wait for it... waaaaaiiit...
"clicking" on every link, in every inbound email, to check it, before sending it on to you.
Once more, in case the significance of that went skating past you, like it has me...
The tactic works, and is pretty much the only way it can be done, but gracious, there are some privacy issues, right there!
And, while we're stirring this *particular "email is stupid"* pot.... here's another GEM.
"Microsoft says that Midnight Blizzard, a cyber unit inside Russia's SVR Foreign Intelligence Service, has begun using a clever new technique to compromise victims and deploy malware on their systems. The technique involves sending malicious RDP configuration files to victims via email."
Translation: This version of Ivan has stopped trying to break into your computer. Now, he'd like you to click on this file that he's sent to you via email, which will connect you to him! With every administrator privelege that Windows can give, and then some.
Read every byte on every hard drive. Install any software on your computer.
Terrifying as it is, you just have to say, this.is.brilliant!
"I won't call you, I'll just give you my number. You'll call me."
It's also absurdly stupid.
Configuration files are common and necessary. Almost every application has one. Most of them are text files. Or they should be.
Text files are pretty harmless. Buuuut... *sinister voice* what happens when you make a configuration file executable?
Believe it or not, this is not the first time Microsoft has done this. They used to have a ... feature ... where if you downloaded a file like a .doc for example, if it was associated with an application in Windows, IT WOULD RUN THAT APPLICATION! And before you think "Well, that's quite useful and convenient?" I'll just remind you that .py and .bat and .vbs and .cmd and .js are ALSO examples of text files that are associated with an application. (python3.exe, cmd.exe, vb.exe etc).
So. *that* had to get fixed.
RDP files however, have not benefitted from that little dose of sanity.
Clickety-click.
"Oh yay! I know what application to execute! REMOTE DESKTOP!!"
"Midnight Blizzard sent phishing emails to thousands of users in over 100 organizations. The emails were highly targeted, using social engineering lures relating to Microsoft, Amazon Web Services (AWS), and the concept of Zero Trust. The emails contained a Remote Desktop Protocol (RDP)
configuration file signed with a LetsEncrypt certificate. RDP configuration (.RDP) files summarize automatic settings and resource mappings that are established when a successful connection to an RDP server occurs. These configurations extend features and resources of the local system to a remote server, controlled by the actor."
"Noah, it's time to get the boat."
Stay sharp, stay safe, kids. Don't click links in email, pretty-please.
3
2 comments
Andre van Rooyen
3
Email is stupid/broken/unmanageable
Rocking
skool.com/rocking
A community for people interested in tech
Leaderboard (30-day)
powered by