Login
or
Sign Up

KO-PHISHING

The possibility of someone falling into error and clicking on a malicious link is endless. Despite all the attempts to train company employees it is too simple to click, and even the best schools have always had the donkeys, who maybe fiddled during the lesson.
The solution is to parameterize our computers. Regarding the possibility that there is malware inside the attachments, it is enough to hijack the automatic opening of an attachment based on the file extension. Currently a pdf can be opened automatically by Adobe Reader, while a docx by Microsoft Word. If we set an empty text file as the default application for documents that have the most risk of hosting malware, a window is automatically presented in which there is a list of applications compatible with the document, window in which you can choose. The choice time allows to eventually understand that a check must be done, maybe have the document analyzed by the antivirus installed on your computer.
But the most complicated case is to prevent the opening of an internet link. In this case, proceed as follows:
1) Activate a “secure” site where the link of the main internet search browsers, such as Google, is proposed. In WordPress cms it is very easy to set up a link to access another site. Both this site www.MY_SITE .eu
2) Set the Internet access parameters on the browser according to the Parental Control setting, but instead set a black list of sites to set the reference proxy as “none” and set My Site as the site to access independently of the proxy, then You can access MY_SITE .eu.
3) In these conditions, when I click on the Google.it link on MySite.eu, I get the answer “I can’t access the internet”
4) To remedy the aforementioned problem on the site MY_SITE .eu there is script code on the server side in PHP that sets an appropriate proxy, so that, when I click on the link “Google.it”, the internet connection is activated and all are accessed the sites
5) Advantageously, a cblack list of sites to be avoided can be added.

The problem of the hacker attack is then moved from the internal defense to the company to the defense of MY_SITE .eu. I did tests on my sites written in WordPress but the process must be industrialized, as WordPress itself is a source of vulnerability and therefore MY_SITE .eu could in turn become a gateway to malware, an increasingly treacherous gateway. depending on how many users consider it appropriate to follow these guidelines.
THEN:
A) Create a site MY_SITE .okay in pure HTML5 language, without using cms tools like WordPress or others. The site is quite simple and therefore it could cost from 3,000 to 5,000 euros.
B) Verify that the company that builds the site has the necessary sensitivity to computer security, both in terms of password management and users and in software construction.
C) Use our VULNER product to verify the correctness of the developer not to put known or potential vulnerabilities on the site The problem of the hacker attack is then moved from the internal defense to the company to the defense of MY_SITE .eu. I did tests on my sites written in WordPress but the process must be industrialized, as WordPress itself is a source of vulnerability and therefore MY_SITE .eu could in turn become a gateway to malware, an increasingly treacherous gateway. depending on how many users consider it appropriate to follow these guidelines.
D) Check that the company that builds the site MY_SITE .okay is certified as a Cyber Security manufacturer.
E) Choose a provider that has a proxy that has the characteristics to respect point D
F) Do not allow others to make updates on MY_SITE .okay, except for the certified company referred to in point D
G) Have the aforementioned company enter the PHP code on the server side that sets the proxy as described in points 4 and D.
H) Use our KEY-PSW-LOCK product to more securely change the MY_SITR .okay passwords, all passwords must be encrypted.
I) Check the correct use of the site MY_SITE .okay with appropriate network traffic analysis software.
identifying possible fraudulent accesses.
CONCLUSIONS:

It is not possible to do security without spending a euro, but you can spend a few thousand euros instead of millions of euros and you become independent of the human factor, which many identify as the weak point of the chain of defense against cyber attacks. If there are hundreds of MY_SITE .okays you can create defensive “forts” against PHISHING, as in our RAMSES software you create defense forts against the RANSOMWARE that can even lead to protecting the entire national territory.
NOTE: DO NOT DOWNLOAD THIS DOCUMENT, if necessary make a series of PRINT SCREEN that you can compose in one of your documents, so that there is no possibility of infection. It is better not to trust anyone. ZERO TRUST. The devil bathes in a pool of holy water in the morning …
TO THIS POINT: to the friends of the big companies that deal with cyber security, as you can see we were able to climb the mountain on paths that others considered impractical; at this point we need to bring the troops to the top of the mountain, the effort is to bring the elephants like Hannibal to the Alps, elephants that can be hundreds of vendors that until now have been busy selling the fruits of their backyard ignoring the need to make synergies that exceed also the advantages of your business. Of course, millions of euros have been invested in solutions that seemed good but that show their flaws of self-centeredness, it is hard to admit that so much money has been spent in the wrong way, but in these last 10 years I have thrown away tons of Kbytes of written software, because I was not satisfied with the result achieved. At this point, ignoring these solutions could lead one to suspect a connivance with “the enemy”, there are always opportune articles of the Italian Penal Code that heavily punish those who cleverly do not realize how cyberwarfare is.
okay passwords, all passwords must be encrypted.

Comments are closed.

  • About US

    ROBIONICA S.R.L.S.
    VIA NAZIONALE 185
    SESTRI LEVANTE (GE)
    alfa@robionica.net
    beta@robionica.net
    robionica@pec.it