每次在乌云看到社工帖子,都有点心惊肉跳。
1910 年,法国警官艾德蒙罗卡建立了一套黄金定律,那就是人类无论做过何种接触,一定会留下微迹证。这一报告奠定了现代刑事鉴识科学的基石。
“ Wherever he steps, whatever he touches, whatever he leaves, even unconsciously, will serve as a silent witness against him. Not only his fingerprints or his footprints, but his hair, the fibers from his clothes, the glass he breaks, the tool mark he leaves, the paint he scratches, the blood or semen he deposits or collects. All of these and more, bear mute witness against him. This is evidence that does not forget. It is not confused by the excitement of the moment. It is not absent because human witnesses are. It is factual evidence. Physical evidence cannot be wrong, it cannot perjure itself, it cannot be wholly absent. Only human failure to find it, study and understand it, can diminish its value. ”
—Professor Edmond Locard
这条法政科的黄金定律,如今同样适用于网络。所谓网络社工,攻击者可以从互联网浩如烟海的数据中寻找有关个人或组织的痕迹,在此痕迹的基础上对目标起刺探、欺骗等定向攻击。
我们来看三天前的一个例子(长图,截取了主要部分,内容来自乌云网)
这些数据和记录是怎么来的呢?我翻了一下微信群找了个例子:
以上漏洞每天都会出现,大多是以白帽子提交漏洞的形式公开,不一定会被黑色产业利用。
黑客盗取数据背后的利益关系,一图胜千言(图片引自->长亭科技):
流出的数据到哪了?给大家一个网站看下,好的社工库库都匿了:)
https://www.findmima.com/info/list.html
该网站其他功能需翻墙
各位假期愉快!
欢迎交流
原文始发于微信公众号(乐枕迭代日志):浅谈个人隐私、黑色产业与社会工程学
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论