There are all kinds of naughty things that can take place to our individual hosts within our infrastructure. So in this episode, what I want to do is kind of talk about all of the different types of threats that take place to our individual hosts. Now in other episodes, we're going to talk about how to deal with it. Right now, in this episode, I want to go through these very quickly, make sure you recognize them. Now, hopefully, some of these are going to be really obvious to you and well known spam. And there's also a pretty good chance we're gonna have a lot of stuff in here that you aren't aware of.
So let's run through them all starting with Spam. Spam is nothing more than unsolicited email. Now, spam can be considered a threat, but normally, pure spam isn't anything more than an irritant. I've got one of my many accounts up here. Let me see I've got a spam folder full of things like tinnitus, restore your sight, lose weight, fix your vision. Stop eating this and regrow my hair.
Anyway, spam usually comes from relatively legitimate sources, I probably join some website or something to lose a couple of pounds. And that website then sold my email address to a third party. And if I'd paid attention, when I joined that website, they probably clearly said it in their terms of service. So spam in and of itself, other than filling up mailboxes can't really cause any damage, but it can be a great irritant. There is another form of email, though, that I want to talk about that can be an issue and that's phishing. Phishing is simply spam.
But it's trying to get some kind of information out of you. So taking a look over here by email, here's an example of a classic phishing email that's trying to get some information out of me. Now, phishing in and of itself is still a huge problem, even here. As we get closer to 2020. It's that big of an issue, but even worse is something called spearfishing spear phishing is also phishing, but the big difference is, is that somehow they get my name or some kind of information, or an account or something that tries to get personal information out of me. So here's an example of a much scarier spear phishing type email.
Now fishing and spearfishing, usually apply that we're talking about email. However, it can be from other sources, but at least for the exam, make sure when we talk about fishing and spearfishing that we're simply within the realm of email. Okay, great. Let's take the technology up a little bit. And let's talk about stim. Spin simply means to receive spam via instant messaging.
Now, I don't know about you, but I use all kinds of instant messaging tools from Google to Facebook that I can't even keep track of them all. What? Hang on a minute. I'm lonely. Perfect. Meet me at lonely.
Okay. Now there is a perfect example right there of spin somebody who's using my Skype account to message me. And that's actually my editor, Scott Jernigan. He's not lonely, but he gave me a great example of that. So Spam is a bit of an issue, but the problem is, is spam like regular spam, it doesn't really cause any pain. Other than taking up your time.
However, the next thing I want to talk about is very dangerous, and that is fishing. Fishing means the unsolicited use of voice to try to get information out of you. Vision is a big problem today and it's something that we hang on a minute I got a message here, let me get this real quick. This is Tim Smith and Wells Fargo lost control, call us immediately at 800-555-1212. This is in regards to potentially unauthorized purchases on your account. Alright, get Sorry guys.
I gotta take this would give me just a second here. lost control ask Who am I speaking with? This is Mike Myers you guys called me? Oh yes, thank you Mr. Myers. Could you confirm the following three purchases? $356 from balloons galore?
I don't think so. 1400 dollars from Hair Club for men? Definitely not me. 20 $700 from skinny jeans for nerds. Oh, good. I didn't authorize any of this stuff.
I didn't do this. What do we do? I think we need to cancel these transactions quickly. Yeah. Could I have the last four digits of your social security number and the last two digits of your PIN code, please? Absolutely.
For the social it's 9416. And for my PIN code, it is no way. I'm going to tell you guys on this video, even a part of my PIN code. Vision is a huge problem today. any organization is not going to ask for these types of bits of information. Hopefully we think all of us are well trained on these types of issues.
But we've all got horror stories about these. And I'm sure you've probably yourself received these types of phishing calls. So there are big problem and a serious threat out there. Okay, the next thing I want to talk about is a classic and that's clickjacking. Click jacking is when you go onto a website and you're trying to click on something and it does something tricky to you to make you click someplace else. Now, I'm sure all of us have been on clickbait type sites where you're trying to see something and number 15 will drive you crazy and you try to click on something and that keeps moving the ads and all that.
Now these types of clickbait sites, there's no real evil, they're just trying to get you to click an ad and those types of situations. Usually though, when we're talking about click jacking is that we're making you do something really bad, authorizing something, downloading a piece of malware something really ugly like that. So that's what we concentrate on when we say click jacking. Okay, let's go ahead and talk about my next favorite type of squatting. type of squatting simply means to take advantage of the fact that people miss type URLs when they're typing stuff in. So if somebody typed in www.ogl.com, but what if they typed accidentally www.gl.com I hope that's not a scary site, guys.
I'm pulling that one off the top of my head. So simply what they're doing is other people are buying up domains and loading up websites, in the hopes that somebody is going to make a typo and then they can go ahead and have them come to their website. similar to this, but Not at all identical is what we call domain hijacking. I've personally been a victim of this, I have lots of domains that I use for all kinds of stuff, mainly experimental things. So I throw up a website or something, it would be honest with you, I forget about a lot of them, I've probably got 1415 websites, then I have my own registered domains on those. And a couple of times I've left a domain slip.
And when people see this, they will grab it real quick. And they'll often put something really offensive in there. And the idea being that you will then pay them a lot of money to get your domain back. So both of these can be very big issues. Make sure you're comfortable with the idea of typo squatting and domain hijacking. Alright, so we've gone through a lot of these.
Let's go through one more and that is privilege elevation. So the last one I want to talk about is privilege, elevation, privilege escalation. It's the same word. And Willie to me. This isn't a threat, but the test says it is. So we'll go with that.
The whole goal of a lot of situations where we're trying to get into a system is to get enough power to get enough privilege within that system to do whatever naughtiness it is that we want to do. So while escalation, elevation, whatever you want to call it, of privilege is a problem. It's not really the threat. The threat is the evil that people do as a result of it. So, you know, we'll make it easy and call that one a threat is all. Now folks, we've just gone through a bunch of host threats.
You need to take some time and make sure you got these memorized cause you're going to see it on the exam.