GCHQ used LinkedIn to deliver malware
2013-11-11 22:06:28.946892+01 by Dan Lyke 0 comments
Britain's GCHQ targets engineers with fake LinkedIn pages, doing an MiTM attack to deliver malware with altered content.
Simultaneously, I was reading Erotic Scribes.com: Forbes Reports Google’s Illegal Revenue Over $1 Billion which felt a little axe-grindy, but did take on this CNN article that breathlessly talked about how malware via porn sites was a thing, when we all know that church websites are far more likely to be exploit vectors.
But it has gotten me to thinking about man-in-the-middle attacks, and it's made me even more sure that we need to be building personal public key web-of-trust mechanisms to be sure that the packets are actually coming from where we think we're getting them.