
Deconstructing a Sexploitation Attack - joebasirico
http://rethinksecurity.io/post/deconstructing-a-sexploitation-attack
======
newscracker
> Keep sensitive data off of shared systems, use a strong password and Two
> Factor Authentication, keep your systems up to date, and be thoughtful about
> the trust you put into where you upload your data.

Also be thoughtful about the trust you put into _who you share any data with_
(especially photos) and be conscious about who can see it (this is a big deal
on social media, where privacy and visibility permissions aren’t easily
understood or used by people). Unless you’re a celebrity (and sometimes even
if you’re a celebrity), sensitive information could leak from anyone you’ve
shared it with.

~~~
joebasirico
Absolutely, I should have made this clearer in the article. There have been
many breaches in the past and the more places you put your sensitive data the
more likely it is to be lost!

------
amanzi
Recent versions of Windows 10 have the Sandbox feature which gives you quick
and easy access to a temporary VM that would let you safely open the
attachment as described in this article. Obviously not as secure as Kali
Linux, but more usable to most people than spinning up a Kali VM.

------
systematical
So a whole lot of nothing. They pulled a list and loaded an email campaign. I
wonder who is actually paying up here. Nice to learn about some tools that I
was not familiar with though.

~~~
joebasirico
Yea, I'm glad it turned out to be nothing. I was pretty concerned to see my
valid credentials in the subject line. The PDF was reasonably convincing, and
very threatening. It got me thinking about things like "this can't be real,
right? but what if it is? Should I just pay it to make it go away?" I figured
if I was thinking those thoughts others might, so it was worth the
investigation. Thanks for reading!!

------
copperx
I didn't think PDF files could contain executable code.

Are PDFs as attack vectors common?

~~~
qtplatypus
PDF is postscript + other stuff. And postscript is turning complete.

~~~
adrianN
Brainfuck is also turing complete, but it's not Tetris complete. That's a very
important distinction for possible attack vectors.

PDFs on the other hand are tetris complete.

------
mlang23
There seems to be an accessibility issue with this link. I do get an
essentially empty page in Firefox and Chrome when I try to read this with a
screen reader. Opening the same page with lynx also gives me an empty page (no
surprise there), and skimming through the page source, the HTML/CSS/JS
contains far too much obscure stuff to actually trust this page.

------
zenit-mf-1
“international hacker negotiator” Seems an interesting and trendy job

------
yifanlu
tl;dr: they got one of these spam email that you’ll find a dozen of in your
spam box, made up a bunch of “potential” bad things that could happen but none
of that happened and the spammer just wanted bitcoins.

~~~
55555
TL;DR+= they put the message body in an encrypted PDF to evade keyword-based
spam filters

------
dickeytk
[https://share.icloud.com/photos/0fB49xX6FueVyXTFbo0my-
OEg](https://share.icloud.com/photos/0fB49xX6FueVyXTFbo0my-OEg)

This is literally the entire article on mobile safari

EDIT: purify ad-blocker caused the issue

