Cybersecurity

5277 readers

249 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 1 year ago

MODERATORS

[email protected]

IT pros targeted with malicious Google ads for PuTTY, FileZilla - Help Net Security (www.helpnetsecurity.com)

submitted 4 months ago by [email protected] to c/[email protected]

14 comments fedilink hide all child comments

top 14 comments

sorted by: hot top controversial new old

[–] [email protected] 24 points 4 months ago (2 children)

Surely actual IT pros use uBlock origin?

[–] [email protected] 18 points 4 months ago

How I wish that was true... "Pro" and "competence" aren't as closely linked as people like to think.

[–] [email protected] 6 points 4 months ago* (last edited 4 months ago)

It's actually surprising how a lot of people in tech aren't really aware of the security and privacy side of things, especially in their personal lives. They may be more secure at work because the infosec team has oversight, but outside of that I know a lot of very technical people who don't apply basic security/privacy measures outside of work.

[–] [email protected] 18 points 4 months ago (1 children)

Real IT "pros" don't see ads.

[–] [email protected] 7 points 4 months ago

They do however see Sponsored search results on google.com and that's how this attack chain starts. You search for one those tools, get a sponsored result and click it. You're then whisked away to a spoofed site.

[–] [email protected] 2 points 4 months ago

Software comes from a repository, even on Windows these days, who is bothering to download exes when there is winget

[–] [email protected] 2 points 4 months ago

I mean ssh is built into Windows 11 and has been a part of Mac for like the OG Mac release: I can’t remember downloading a Mac ssh client since OS9 and windows has had WSL so chose your flavor of Linux to run and ssh into you jumpbox

[–] [email protected] 0 points 4 months ago (1 children)

Real IT pros don't use either of those in the first place.

[–] [email protected] 11 points 4 months ago (2 children)

Putty? Tell me you know nothing about IT...

[–] [email protected] 6 points 4 months ago* (last edited 4 months ago) (1 children)

Even windoze has native openssh built in now. Most people who don't like pain will simply use wsl instead.

Tell me you've never properly managed enterprise equipment at scale....

[–] [email protected] 4 points 4 months ago (1 children)

Seems a bit excessive to install WSL just to get an SSH client.

[–] [email protected] 6 points 4 months ago (1 children)

You don't have to. There's an openssh client available in powershell. Maybe when cmd, though I haven't tried it.

[–] [email protected] 2 points 4 months ago

Ah, cool. I do have WSL installed on every Windows box I use regularly, but it's good to know for when I run into a more locked down machine.

[–] [email protected] 4 points 4 months ago

How is this upvoted? PuTTY is legacy software at this point and it even neglects the fact that a lot of IT people have been using Linux for ages.