The weakest link (in security) - A funny story!

in hive-175254 •  8 months ago 

A few days ago I received an email from a former colleague who was writing some articles at one of my websites a long time ago. Suddenly, she had started to receive spam emails from the website, and she told me to fix it (nobody likes spam and junk).

I decided to take a look, and at first, I didn't see anything suspicious. But, I decided to delete the user from the interface, since she didn't write or work for me anymore... so what would be the harm?

Yesterday I discovered more spam...

Yesterday I just wanted to check something on the same website, and that is when I noticed that the spam came to her email address for a reason. Do you know why?

Strengthen the security in your network. Source: Pixabay

She was using a weak password connected to her email address, and probably due to some security breach, that combination was well known. Somebody took this information and managed to log in with the user info to the website, and suddenly they started to publish quite a lot of blog posts. I didn't discover this at once (because it has to do with tourism and tourism is dead at the moment, so I do not really pay attention to the page currently).

She received all those emails because someone was using her user to publish junk on my website, and she received notifications about this (and she thought it was just some virus at my website or spam).

The weakest link needs to be strong!

Thinking about the event made me realize once again how important it is to teach security to everyone who uses the Internet. You might have a super tight network, but if one of your employees working from home has sloppy security, then a hacker can attack that person and use their computer to log in to your super secure network.

Do you get it? Security is a community issue as well, not just a personal issue!

Watch out as you surf the Internet!

I, therefore, recommend that you take care of yourself as you surf the Internet. But, as you sit down with your family to eat, why don't you chat about security issues as well. It is important, not only for adults but also for teenagers growing up who spend lots of time online on computers and phones!

Take care, and have a beautiful weekend!

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

hello @unbiasedwriter,
one of the things to bear in mind when thinking about security is that "if something looks suspicious, then it is suspicious", the web is not a safe place and you have to be careful and suspicious of anything that draw our attention or arouses suspicion.

This is very true :) But, I guess the lesson also has got to be that if something doesn't look suspicious, it might still be dangerous :)

That's why some people prefer older people or children not to use their phones as much as they should because they aren't always aware of their own security and can be an easy target for any hacker, and if they are hacked and don't realize it until later, it will be a bigger problem for anyone who can help them because it's too late.

That is totally true! Kids using a phone is dangerous, especially Android devices, because there is so much crap in Google Play Store that they can download, and before you know about it, you have something installed on your device that shouldn't be there!

My favorite security flaw is still Ubuntu by default not requiring password when logging in using ssh with custom command, instead of interactive shell.

On my own server, I deleted the PAM module for local login, and disabled password login, so no-one can't enter any password. I can still login using Pageant as it doesn't use passwords for logging in to servers.

Well, Ubuntu has its own flaws, that's for sure... but I am not really using it frequently, except for running some Ethereum nodes and so! :) Sure sounds like you understand what you are talking about here!

Ubuntu is pretty much "default" distribution on a lot of VPS providers.

Ubuntu 16.04 is last LTS version that doesn't have any issues on VPS servers. Later Ubuntu versions crash when running on virtual servers based on qemu due to off-by-one error that affects for example gcc 7.5 that is default compiler version.

I downgraded the compiler to gcc 6.5 on my VPS so that I could run cryptocurrency daemons without getting constant crashes or corrupted data.

I haven't yet tried newer versions of Ubuntu inside qemu, because recent ones don't support gcc 6.5 anymore and if later versions of gcc are bootstrapped with gcc 7 they might trigger the same bug.

Because VPS servers run 24/7, they are unlikely to update to a qemu version that eventually fixes the off-by-one error.

Security is something we should treat very seriously. I have seen a lot of complications and issues since the birth of the web.

I had never thought that someone else's weak password could have a negative impact on me, from now on I will talk about it, especially to seniors who use very obvious passwords. Thanks for sharing.

It doesn't have to impact you, but in a family network of computers, you are also at danger if someone should hack the computer of another family member, because through their computer, they can access yours as well if they are connected to one another on a local network!

In other words, security isn't only about yourself, but also about the rest of the people in the network!

So true I will try to apply that at home.gacias...