病毒式传播ip_病毒式传播后网络安全实践的简单指南-CSDN博客

病毒式传播ip

当世界在注视时该怎么做： (What to do when the world is watching:)

You can't predict or plan on going viral so when it does happen, are you aware of the cyber implications that come along with it? This post will highlight things you should know and the ways businesses and individuals can protect themselves after going viral. Often, becoming viral means there’s now a much larger audience out of your control with a spotlight on you, for a business this can be positive, it means more engagement in content, potential sales and expansion into more digital spaces. But there’s a dark side to this viral rise, more attention isn’t always positive as this now means you’re on the radar of malicious attackers. In recent times, we have seen Black businesses who have gone viral, now also see a flurry of negative reviews to try ‘bring them down a peg or two.’ Do we all remember when The Honeypot founder Bea Dixon went viral and Trust Pilot had to stop reviews on their platform after people who had never used her products, took offence to Bea wanting to build a platform for black girls?

Ÿ欧无法预测或要去病毒，所以当它发生，你知道，与它一起到来的网络影响的计划？这篇文章将重点介绍您应该了解的事情，以及企业和个人在病毒式传播后如何保护自己。通常，变得风靡一时意味着现在您将无法控制更多的观众，而对您来说却是焦点。对于企业而言，这可能是积极的，这意味着更多地参与内容，潜在的销售并扩展到更多的数字空间。但是这种病毒式增长有一个阴暗的一面，更多的关注并不总是那么积极，因为这现在意味着您已经受到恶意攻击者的注意。最近，我们看到黑人企业风靡一时，现在也看到了一系列负面评论，试图“压制一两个钉子”。 我们是否还记得，当Honeypot的创始人Bea Dixon广为传播时，Trust Pilot在从未使用过她的产品的人冒犯了Bea想要为黑人女孩建立平台的人之后停止了对其平台的评论？

混蛋… (Doxing…)

Doxing, is the Internet-based practice of researching and publicly broadcasting private or identifying information about an individual or organization. The methods employed to acquire this information include searching publicly available databases and social media websites, hacking, and social engineering.

Doxing是一种基于Internet的实践，用于研究和公开广播私人或标识有关个人或组织的信息。用来获取此信息的方法包括搜索公共可用的数据库和社交媒体网站，黑客和社会工程学。

Doxing can affect anyone. Nobody is outside the possibility of being doxed. Being able to control what information is out there can often be difficult but knowing what’s out there about you can help stop any damage.

Doxing可以影响任何人。没有人会感到困惑。能够控制外面的信息通常很困难，但是了解外面的信息可以帮助阻止任何损失。

避免混血 (Staying safe from doxing)

Make sure your profiles are private and do not reveal too much personal identifiable information (i.e your name, address, and email/mobile number)
确保您的个人资料是私人的，并且不会泄露过多的个人身份信息(即您的姓名，地址和电子邮件/手机号码)
Maximize your social media privacy settings!
最大化您的社交媒体隐私设置！
Delete accounts you no longer use. There’s no reason to still have that Bebo account with the information you shared years ago before you were aware of cybersecurity
删除不再使用的帐户。 在您了解网络安全之前，没有理由让Bebo帐户拥有您几年前共享的信息

您知道Google对您的评价吗？ (Do you know what Google says about you?)

I recently wrote an article on Open Source Intelligence Gathering, the ‘art’ of finding out information using just search engines. Knowing what comes back when you search for your name is important as the first thing malicious actors will do, is search for your name. If you have a business and it’s listed on Companies House, unfortunately, this means potentially your business address (which may be your home address) and your D.O.B will be easily searchable. There are also websites which utilize the open Electoral Roll and openly publish addresses + names of people living at that address. Malicious actors aren’t always a creep hiding in a bush, unfortunately, journalists can prove to be problematic. Let’s take a look at Marcus Hutchins, the cybersecurity professional deemed to have saved the NHS from the Wannacry Ransomware attack. Well, British tabloids repaid him by camping outside his parents' house, attempting to bribe friends for ‘juicy stories’ about him and forced him to move due to the constant invasion of privacy. Understanding what is out there about you should be the first step in managing your online profile.

我最近写了一篇有关开源情报收集的文章，这是仅使用搜索引擎查找信息的“艺术”。正如恶意行为者所做的第一件事一样，知道搜索名称时返回的内容很重要，这就是搜索您的名字。不幸的是，如果您有一家公司并在Companies House上列出，则意味着您的公司地址( 可能是您的家庭住址 )和DOB都将很容易被搜索到。也有一些网站利用公开选举名单并公开发布地址和居住在该地址的人的名字。恶意演员并不总是躲在灌木丛中，不幸的是，记者可能会出问题。让我们看一下网络安全专家马库斯·哈钦斯(Marcus Hutchins)，该专家被认为已经从Wannacry Ransomware攻击中拯救了NHS。嗯，英国的小报通过在他父母的房子外面露营来偿还他，试图贿赂朋友关于他的“多汁的故事”，并由于不断侵犯隐私而迫使他搬家。了解您的状况应该是管理在线个人资料的第一步。

您的个人电子邮件应该与公司电子邮件相同吗？ (Should your personal email be the same as your business email?)

Your email is often the key to the kingdom. Most services you have to sign up via email. With lockdown and the rise of e-commerce sites, people have been operating businesses via the likes of Instagram, Twitter and Facebook (and of course Shopify etc). A common mistake people make is to use their personal email as the source of contact for all their businesses, newsletter signups, service sign-ups and social media platforms. This is not to say you can’t safely run a business via an Outlook or Gmail account, but unfortunately in this day and age, your email will have most likely been leaked in a data breach. You can check on services like HaveIBeenPwned to see if such has happened.

您的电子邮件通常是进入王国的钥匙。您必须通过电子邮件注册大多数服务。随着封锁和电子商务网站的兴起，人们通过Instagram，Twitter和Facebook(当然还有Shopify等)开展业务。人们常犯的一个错误是将个人电子邮件用作所有业务，新闻简报注册，服务注册和社交媒体平台的联系源。这并不是说您无法通过Outlook或Gmail帐户安全地开展业务，但是不幸的是，在这一时代，您的电子邮件很可能因数据泄露而泄露。您可以检查诸如HaveIBeenPwned之类的服务，以查看是否发生了这种情况。

Image for post — An old email I opened in 2005 is still being leaked in breaches. — HaveIBeenPwned

If you are to go viral, attackers will be looking for this kind of data. So let’s say you have added your email to your Instagram using an innocent feature such as the Contact Us box. If you have used a personal email that has previously appeared in a breach. It’s not that difficult to find a paste bin of Leaked Information containing your username and password. Whilst you may have changed the password by then, it gives the attacker an insight on what they are dealing with. If your name is Gloria Nokthula Moyo, and your password is “Nokthula1234” chances are, you’ve most likely opted for another guessable password. And in fact, all the attacker now has to do is use the combination on various sites, and chances are, you may have missed one.

如果要传播病毒，攻击者将寻找这种数据。假设您使用诸如“联系我们”框之类的无害功能将电子邮件添加到了Instagram。如果您使用的个人电子邮件以前曾出现在漏洞中。找到包含您的用户名和密码的泄漏信息的粘贴箱并不难。尽管此时您可能已经更改了密码，但它使攻击者可以洞悉他们正在处理的内容。如果您的名字是Gloria Nokthula Moyo ，并且密码是“ Nokthula1234 ”，那么您很可能选择了另一个可猜测的密码。实际上，攻击者现在所要做的就是在各种站点上使用组合，很可能您会错过其中一种。

Don’t let the email to your Stripe be the same email to your Paypal where I can find it on Instagram and use it to log into your Shopify after finding a leaked password from a data breach you didn’t investigate 🙃

不要让发送到Stripe的电子邮件与发送到Paypal的电子邮件相同，我可以在Instagram上找到它，并在发现您未调查的数据泄露密码后将其用于登录Shopify🙃

您如何保护自己？ (How can you protect yourself?)

Set up 2FA (Two Factor Authentication) where ever possible. You can either use 2FA by SMS, Google Authenticator or Microsoft Authenticator. This is an added layer of protection, plus if malicious actors are trying to log into your account, often you will get geo information from the login attempts.
尽可能设置2FA(两因素身份验证) 。您可以通过SMS， Google Authenticator或Microsoft Authenticator使用2FA。这是一个额外的保护层，如果恶意行为者试图登录到您的帐户，通常您会从登录尝试中获取地理信息。
Set up business emails — This includes purchasing a domain for your business, if you’re trading via a Hotmail and don’t own a domain, with the added notion of going viral, what’s stopping someone from buying up your domain name and then cybersquatting?
设置企业电子邮件 -包括为您的企业购买域名，如果您通过Hotmail进行交易且不拥有域名，并带有病毒式传播的概念，那么是什么导致某人无法购买您的域名然后进行域名抢注？
Password management — Utilize the suggested passwords by Apple/Chrome/Password managers like LastPass. Whilst it can seem like an inconvenience, losing access to your email because you had a weak password can be so damaging.
密码管理 -利用Apple / Chrome /密码管理器(例如LastPass)建议的密码。尽管这似乎带来了不便，但由于您的密码太弱而无法访问您的电子邮件可能会造成很大的破坏。

了解您的流量！ (Know your traffic!)

Companies have reported an increase in DDoS attacks during the lockdown. Distributed Denial of Service attacks is targetted traffic with the intention to bring down a website. It is a form of sabotage and often when people go viral, a mixture of genuine traffic and malicious traffic can be a cause of concern for website owners.

公司报告了锁定期间DDoS攻击的增加。分布式拒绝服务攻击是旨在关闭网站的目标流量。这是破坏活动的一种形式，通常当人们病毒传播时，真正的流量和恶意流量的混合可能会引起网站所有者的关注。

如何停止呢？ (How do I stop this?)

DDoS Mitigation tools like Cloudflare ensure your website can manage traffic. By utilizing machine learning and blacklists of already known malicious actors, they are able to separate your traffic and ensure your website is always up. Platforms such as Wix, Squarespace and Shopify already utilize similar technologies in the background of your website, but sometimes this may not be enough.
诸如Cloudflare之类的DDoS缓解工具可确保您的网站可以管理流量。通过利用机器学习和已知恶意行为者的黑名单，他们可以分隔您的访问量，并确保您的网站始终处于运行状态。 Wix，Squarespace和Shopify等平台已经在您的网站后台使用了类似的技术，但是有时这还不够。

如果我没有生意？ (And if I don’t have a business?)

If you don’t have a business but would still like to monitor search traffic, tools such as Ahrefs exist to help you understand when traffic around a certain word (your name) increases.

如果您没有业务，但仍想监视搜索流量，则可以使用诸如Ahrefs之类的工具来帮助您了解某个单词(您的名字)周围的流量何时增加。

Virality isn’t always a positive experience, and for the average person, they are not prepared. The invasion of privacy, be it digitally or physical means we need to do a lot more to protect our information. Practises such as doxing has unfortunately led to ‘swatting.’ This is where a malicious actor using your personal information, makes a hoax call to the emergency services in an attempt to bring about the dispatch of a large number of armed police officers to a particular address. Recently in America, there has been a rise in Neo-Nazi groups attempting to use this tactic to target Black churches and spaces. Our information online must be protected, as sadly, our lives can now depend on it. Virality goes beyond a tweet being popular, in this current climate, unfortunately, many activists in the Black Lives Matter movement have been identified by personal identifiable information available on the internet. Often throwing them into a spotlight where they have been targeted by neo-nazi groups.

病毒式传播并不总是一种积极的经历，对于普通人来说，他们没有做好准备。无论是数字方式还是物理方式，隐私的入侵都意味着我们需要做更多的事情来保护我们的信息。不幸的是，诸如doxing之类的做法导致了“殴打”。在这里，恶意行为者会使用您的个人信息致电紧急服务部门，以试图将大量武装警察派遣到特定地址。最近在美国，新纳粹团体试图使用这种策略瞄准黑人教堂和空间的现象有所增加。我们的在线信息必须受到保护，可悲的是，我们的生活现在可以依靠它。病毒式传播已超越了一条流行的推文，不幸的是，在当前的气候下，“黑人生活问题”运动中的许多积极分子已经从互联网上获得的个人身份信息中找到了身份。新纳粹组织经常将它们作为关注的焦点。

I leave you with the story about the Philadelphia protestor who was identified via purchases on Etsy, tattoos on her massage business website and LinkedIn as a reminder that often when information is put together, it paints a bigger picture.

我留下有关费城示威者的故事，该事件通过在Etsy上的购买，在其按摩业务网站上的纹身和LinkedIn来确定的，以提醒人们，通常将信息汇总在一起，可以描绘出更大的图景。

By Stephen Chapendama

斯蒂芬·查彭达玛(Stephen Chapendama)