{"id":407,"date":"2018-05-30T22:27:58","date_gmt":"2018-05-30T22:27:58","guid":{"rendered":"http:\/\/mipython.magwebdesigns.net\/WP\/?p=407"},"modified":"2018-05-30T22:40:44","modified_gmt":"2018-05-30T22:40:44","slug":"mcdonalds-black-hat-honey-pot-operation-with-duck-tape-and-a-cell-phone","status":"publish","type":"post","link":"http:\/\/mipython.magwebdesigns.net\/WP\/2018\/05\/30\/mcdonalds-black-hat-honey-pot-operation-with-duck-tape-and-a-cell-phone\/","title":{"rendered":"Mcdonalds Black Hat HoneyPot Operation With Duck Tape and a Cell Phone?"},"content":{"rendered":"<div class=\"article_head\">\n<h1>Watch Out For the Black Hat\u00a0 Mcdonalds Honey Pot Operation With Duck Tape and a Cell Phone?<\/h1>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"article_img\" src=\"https:\/\/regmedia.co.uk\/2015\/04\/22\/fries.jpg?x=442&amp;y=293&amp;crop=1\" alt=\"fries\" width=\"442\" height=\"293\" \/><\/p>\n<\/div>\n<div>Well first lets look at <a href=\"https:\/\/www.theregister.co.uk\/2017\/03\/19\/mcdonalds_india_data_leak\/\">Mcdonalds latest honeypot<\/a> leak.<\/div>\n<div id=\"body\">\n<p>McDonald&#8217;s got Black Hatted. India has &#8216;fessed up that its app spaffed personal data to all and sundry and has urged users to install an update.<\/p>\n<p>https:\/\/www.theregister.co.uk\/2017\/03\/19\/mcdonalds_india_data_leak\/<\/p>\n<p>Over the weekend, a post at Medium <a href=\"https:\/\/hackernoon.com\/mcdonalds-india-is-leaking-2-2-million-users-data-d5758b2eb3f8#.uo5gdqdd6\" target=\"_blank\" rel=\"noopener\">said the company&#8217;s McDelivery<\/a> app in India was leaking user data through a misconfigured server.<\/p>\n<p>The leaks, disclosed by payment security company Fallible.co, \u201cincludes name, email address, phone number, home address, accurate home co-ordinates and social profile links\u201d.<\/p>\n<p>Fallible reckons as many as 2.2 million users&#8217; accounts were at risk.<\/p>\n<p>The post explains that a<\/p>\n<div class=\"codecolorer-container text blackboard\" style=\"overflow:auto;white-space:nowrap;width:800px;\"><table cellspacing=\"0\" cellpadding=\"0\"><tbody><tr><td class=\"line-numbers\"><div>1<br \/><\/div><\/td><td><div class=\"text codecolorer\">curl<\/div><\/td><\/tr><\/tbody><\/table><\/div>\n<p>request to the http:\/\/services.mcdelivery.co.in\/ProcessUser.svc\/GetUserProfile API endpoint served up user data without authentication.<\/p>\n<p>Nice black hat HoneyPot Mcdonalds.\u00a0 What is a honeypot?<\/p>\n<\/div>\n<p>https:\/\/en.wikipedia.org\/wiki\/Honeypot_(computing)<\/p>\n<div id=\"body\">\n<h2><span id=\"Types\" class=\"mw-headline\">Types<\/span><\/h2>\n<p>Honeypots can be classified based on their deployment (use\/action) fro black hat tactics and based on their level of involvement. Based on deployment, honeypots may be classified as<\/p>\n<ul>\n<li>production honeypots<\/li>\n<li>research honeypots<\/li>\n<\/ul>\n<p><b>Production honeypots<\/b> are easy to use, capture only limited information from the black hats, and are used primarily by corporations. Production honeypots are placed inside the production network with other production servers by an organization to improve their overall state of security. Normally, production honeypots are low-interaction honeypots, which are easier to deploy. They give less information about the attacks or attackers than research honeypots.<\/p>\n<p><b>Research honeypots<\/b> are run to gather information about the motives and tactics of the <a title=\"Black hat\" href=\"https:\/\/en.wikipedia.org\/wiki\/Black_hat\">black hat<\/a> community targeting different networks. These honeypots do not add direct value to a specific organization; instead, they are used to research the threats that organizations face and to learn how to better protect against those threats.<sup id=\"cite_ref-2\" class=\"reference\"><a href=\"https:\/\/en.wikipedia.org\/wiki\/Honeypot_(computing)#cite_note-2\">[2]<\/a><\/sup> Research honeypots are complex to deploy and maintain, capture extensive information, and are used primarily by research, military, or government organizations.<sup id=\"cite_ref-Attacks_Landscape_in_the_Dark_Side_of_the_Web_3-0\" class=\"reference\"><a href=\"https:\/\/en.wikipedia.org\/wiki\/Honeypot_(computing)#cite_note-Attacks_Landscape_in_the_Dark_Side_of_the_Web-3\">[3]<\/a><\/sup><\/p>\n<p>Based on design criteria, honeypots can be classified as:<\/p>\n<ul>\n<li>pure honeypots<\/li>\n<li>high-interaction honeypots<\/li>\n<li>low-interaction honeypots<\/li>\n<\/ul>\n<p><b>Pure honeypots<\/b> are full-fledged production systems. The activities of the attacker are monitored by using a bug tap that has been installed on the honeypot&#8217;s link to the network. No other software needs to be installed. Even though a pure honeypot is useful, stealthiness of the defense mechanisms can be ensured by a more controlled mechanism to insure no black hattery.<\/p>\n<p><b>High-interaction honeypots<\/b> imitate the activities of the production systems that host a variety of services and, therefore, an attacker may be allowed a lot of services to waste his time. By employing <a title=\"Virtual machine\" href=\"https:\/\/en.wikipedia.org\/wiki\/Virtual_machine\">virtual machines<\/a>, multiple honeypots can be hosted on a single physical machine. Therefore, even if the honeypot is compromised by black hat tech, it can be restored more quickly. In general, high-interaction honeypots provide more security by being difficult to detect, but they are expensive to maintain. If virtual machines are not available, one physical computer must be maintained for each honeypot, which can be exorbitantly expensive fighting black hat tactics. Example: <a title=\"Honeynet Project\" href=\"https:\/\/en.wikipedia.org\/wiki\/Honeynet_Project\">Honeynet<\/a>.<\/p>\n<p><b>Low-interaction honeypots<\/b> simulate only the services frequently requested by attackers. Since they consume relatively few resources, multiple virtual machines can easily be hosted on one physical system, the virtual systems have a short response time, and less code is required, reducing the complexity of the virtual system&#8217;s security. Example: <a title=\"Honeyd\" href=\"https:\/\/en.wikipedia.org\/wiki\/Honeyd\">Honeyd<\/a>.<\/p>\n<\/div>\n<p>What is to stop some black hat mcdonalds hacker from duck taping a cell phone under the table at a mcdonalds and spoofing the net work in a sort of honeypot type scenario?\u00a0 Should we as security professionals be concerned about automatic network scanning for open networks?\u00a0 Of course!\u00a0 Most of us just go to the local mcdonalds and log into anything that sounds even remotely close to &#8220;mcdonalds&#8221; not even suspecting any black hats to be there.\u00a0 What is to stop a black hatter from exploiting the naming conventions of the wifi network at mcdonalds?\u00a0 This would be a mcdonalds honeypot of sorts I suppose.<\/p>\n<p>So theoretically you could be logging on to some ones black hat\u00a0 honeypot network when ever going to the local mcdonalds.\u00a0 Be careful out there we as professionals in the industry must be wary of open black hat mcdonalds honeypot networks.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Watch Out For the Black Hat\u00a0 Mcdonalds Honey Pot Operation With Duck Tape and a Cell Phone? Well first lets look at Mcdonalds latest honeypot leak. McDonald&#8217;s got Black Hatted. India has &#8216;fessed up that its app spaffed personal data to all and sundry and has urged users to install an update. https:\/\/www.theregister.co.uk\/2017\/03\/19\/mcdonalds_india_data_leak\/ Over the weekend, a post at Medium said the company&#8217;s McDelivery app in India was leaking user data through a misconfigured server. The leaks, disclosed by payment security company Fallible.co, \u201cincludes name, email address, phone number, home&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-407","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"http:\/\/mipython.magwebdesigns.net\/WP\/wp-json\/wp\/v2\/posts\/407","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/mipython.magwebdesigns.net\/WP\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/mipython.magwebdesigns.net\/WP\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/mipython.magwebdesigns.net\/WP\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/mipython.magwebdesigns.net\/WP\/wp-json\/wp\/v2\/comments?post=407"}],"version-history":[{"count":5,"href":"http:\/\/mipython.magwebdesigns.net\/WP\/wp-json\/wp\/v2\/posts\/407\/revisions"}],"predecessor-version":[{"id":413,"href":"http:\/\/mipython.magwebdesigns.net\/WP\/wp-json\/wp\/v2\/posts\/407\/revisions\/413"}],"wp:attachment":[{"href":"http:\/\/mipython.magwebdesigns.net\/WP\/wp-json\/wp\/v2\/media?parent=407"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/mipython.magwebdesigns.net\/WP\/wp-json\/wp\/v2\/categories?post=407"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/mipython.magwebdesigns.net\/WP\/wp-json\/wp\/v2\/tags?post=407"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}