This has all but one of the hallmarks of a great PaulDotCom story. We have nudity? Check. We have malware? Check. We have privacy issues? Check. We have beer? Dang!
Apparently, this PC repair person would install malware on people’s computers and send them periodic messages that a sensor was dirty and one way to clean it was to get it near steam - Because electronics love water.
I really have a feeling that the industry has abandoned home users. Many of the home anti-malware programs are sub-par at best. Why would they be anything more than that? Look, home users run all kinds of vile programs. Those games where you have to whack Justin Bieber to win a prize? Yeah, they actually play that. A nice program where they change their desktop background to a new picture of a cat every 15 minutes? They think it is the greatest thing next to Farmville. So why should you care? You can just buy a shirt that says, "No, I will not fix your computer" and be done with it. Right?
Well, no. See, we are in the middle of a pen test where the company has given their customers an allowance to buy a computer that they are responsible to maintain. Then, the company moved all of their data and email to the cloud. I am sure you see where this is going.
How do you test this? There is no way we will get authorization to exploit home users’ systems... And therein lies the problem. Un-ethical hackers (or Black Hats) will attack home users. We need to find a way to model this risk. One thought is to track the attacks against home users to see if there is a risk for the company environment. The problem I have is that if your organization asks about home PC security are you somehow responsible?
Just a thought.
Brought to you by Larry, Paul, John and Duff Beer.
PaulDotCom will be teaching Offensive Countermeasures at Black Hat July 30-31