At the beginning of Smash Bros Ultimate, some people jokingly tried to make “Smush” a thing (since the previous, fourth game, officially Super Smash Bros for 3DS/for Wii U, was often referred to as Sm4sh for short).
martin@lemmy.caliban.io
on 17 Jun 2024 07:40
collapse
We were smishing in the shid!
downpunxx@fedia.io
on 16 Jun 2024 14:15
nextcollapse
never heard that term before, but just like all other logical things i learn about, it checks out, and i accept it
Ledivin@lemmy.world
on 16 Jun 2024 14:16
nextcollapse
Yup, those are both the industry terms
Zachariah@lemmy.world
on 16 Jun 2024 14:43
nextcollapse
Not just UK. It’s a stupid term that organizations use in cybersecurity trainings but no one else uses.
Fisk400@feddit.nu
on 16 Jun 2024 14:53
nextcollapse
It feels like one of those where the people that have expertise enough to name new things are not experts in naming things.
PhobosAnomaly@feddit.uk
on 16 Jun 2024 15:26
nextcollapse
I encountered Quishing the other day - the inadvertent scanning of QR codes that take a browser to a malformed URL or site with malware embedded.
Back in my day, it was just called “being a bit dense”, especially as most cameras/QR readers will offer you a prompt to go to a website first.
Developers are notoriously bad at naming anything. Cybersecurity experts are generally developers.
FalseMyrmidon@kbin.run
on 16 Jun 2024 18:23
collapse
Yeah, I had to do a security cert last year and it had a bunch of made up sounding crap like that.
bassomitron@lemmy.world
on 16 Jun 2024 15:07
nextcollapse
I’ve worked in IT for 15 years and it’s the first time I’ve heard SMS phishing condensed to smishing. But I specialize in servers and server security, so I’m not too surprised it’s a thing.
sugar_in_your_tea@sh.itjust.works
on 17 Jun 2024 02:52
nextcollapse
We’re forced to take a cybersecurity online course every year, and I’m constantly confused at what the terms are supposed to mean. Like why is spear phishing a thing? Why do we need specialized terms for every conceivable variation of a concept?
Let’s just stick with basic terms:
malware - malicious software
social engineering - covers calls, texts, emails, etc designed to get access to something they shouldn’t
cracking - breaking cryptography
security hacking - breaking secure systems by exploiting bugs, such as zero-days or unpatched systems, usually to get privilege escalation
I may be missing a couple, but I think most cybersecurity concepts can fit in one of those categories.
bassomitron@lemmy.world
on 17 Jun 2024 03:22
collapse
Well, I’m not a cybersec specialist, but my job requires us to comply with NIST cyber security frameworks, including going through external audits every year. In my opinion, your basic generalities are fine for those not working in that field specifically.
However, for cyber security analysts and other specialists, I think specific subcategories are necessary. The reason being, IT is an absolutely massive field that contains a ton of specialties. As such, that means there are roughly an equal variety of malicious actors in the same field.
There’s no such thing really as a general “hacker” anymore. Especially when you take into consideration the rapid expansion of state sponsored cyber attacks/warfare. You’ll have specialists for various types of:
phishing (e.g. targeting general pop/employees, or those going for specific people)
cryptography (e.g. those who try to compromise an org’s PKI, or people finding vulns to exploit expired certs like what happened with Azure last year)
vuln hunters/exploiters (e.g. people that monitor known vulnerabilities and probe orgs’ defenses to see if those vulns are present/unpatched/unmitigated, or even people who try to discover new ones)
malware engineers (e.g. fairly self explanatory, but malware is a very broad term and can come in numerous shapes and sizes, like even using infected images on a website to conduct RCE on mobile devices like what happened a year or two ago)
Sorry, tangent is getting a bit long-winded now. Anyway, tldr; general terms are fine for laymen or non-specialists, but more precise terms are beneficial for experts in that field.
sugar_in_your_tea@sh.itjust.works
on 17 Jun 2024 03:29
collapse
Sure, specialists can and should use specialized terms. But that’s not what articles like this are targeting. Keep that to symposiums and whatnot, and keep the general public vernacular simple to avoid confusion. That’s all I’m saying.
bassomitron@lemmy.world
on 17 Jun 2024 04:28
collapse
Fair point. Though, the source is data center dynamics, which does seem a bit niche.
sugar_in_your_tea@sh.itjust.works
on 17 Jun 2024 04:35
collapse
I suppose, but the article has nothing to do with data centers and is written like any other news article on regular news sites. It’s a little more tech focused, but still very accessible.
Open Source Security Podcast with Josh Bresher and Kurt Sigfried. It’s a pretty good source of news and discussion from a sysadmin perspective.
Imgonnatrythis@sh.itjust.works
on 16 Jun 2024 15:26
nextcollapse
When I first read they were sending smishing texts I thought hey this is neat, some kind of kink that I can spend the day learning about, but then I read about the sms phising thing and was disappointed.
paysrenttobirds@sh.itjust.works
on 16 Jun 2024 15:31
collapse
So is original phishing supposed to be over the phone? Like it’s the email game called emishing or something?
Nah phishing is a 90s term though probably coined in reference to phreaking. That started up in the 60s and by the 80s even the US had mostly switched to out of band signalling for their telephone system so none of the stuff worked any more.
downpunxx@fedia.io
on 16 Jun 2024 14:15
nextcollapse
fuckin smishers, comin over here, textin our mobiles
KingThrillgore@lemmy.ml
on 17 Jun 2024 05:14
nextcollapse
Eintelefonmast!
Peter_Arbeitslos@discuss.tchncs.de
on 17 Jun 2024 19:56
collapse
c/randomGerman
AstroTechie@lemdro.id
on 17 Jun 2024 11:43
nextcollapse
He installed a fake antenna? like a fake cellular radio tower? how is it possible that phones just randomly trust this antenna? they explain very little in the article.
threaded - newest
I had never heard that term before. Is it just a UKism, or am I one of today’s lucky 10,000?
Always wonder if this is a state actor
Huayong Xu Is the name listed
“Smishing” sounds like kiwi slang for playing Smash Bros
At the beginning of Smash Bros Ultimate, some people jokingly tried to make “Smush” a thing (since the previous, fourth game, officially Super Smash Bros for 3DS/for Wii U, was often referred to as Sm4sh for short).
We were smishing in the shid!
never heard that term before, but just like all other logical things i learn about, it checks out, and i accept it
Yup, those are both the industry terms
Not just UK. It’s a stupid term that organizations use in cybersecurity trainings but no one else uses.
It feels like one of those where the people that have expertise enough to name new things are not experts in naming things.
I encountered Quishing the other day - the inadvertent scanning of QR codes that take a browser to a malformed URL or site with malware embedded.
Back in my day, it was just called “being a bit dense”, especially as most cameras/QR readers will offer you a prompt to go to a website first.
Developers are notoriously bad at naming anything. Cybersecurity experts are generally developers.
Yeah, I had to do a security cert last year and it had a bunch of made up sounding crap like that.
I’ve worked in IT for 15 years and it’s the first time I’ve heard SMS phishing condensed to smishing. But I specialize in servers and server security, so I’m not too surprised it’s a thing.
We’re forced to take a cybersecurity online course every year, and I’m constantly confused at what the terms are supposed to mean. Like why is spear phishing a thing? Why do we need specialized terms for every conceivable variation of a concept?
Let’s just stick with basic terms:
I may be missing a couple, but I think most cybersecurity concepts can fit in one of those categories.
Well, I’m not a cybersec specialist, but my job requires us to comply with NIST cyber security frameworks, including going through external audits every year. In my opinion, your basic generalities are fine for those not working in that field specifically.
However, for cyber security analysts and other specialists, I think specific subcategories are necessary. The reason being, IT is an absolutely massive field that contains a ton of specialties. As such, that means there are roughly an equal variety of malicious actors in the same field.
There’s no such thing really as a general “hacker” anymore. Especially when you take into consideration the rapid expansion of state sponsored cyber attacks/warfare. You’ll have specialists for various types of:
Sorry, tangent is getting a bit long-winded now. Anyway, tldr; general terms are fine for laymen or non-specialists, but more precise terms are beneficial for experts in that field.
Sure, specialists can and should use specialized terms. But that’s not what articles like this are targeting. Keep that to symposiums and whatnot, and keep the general public vernacular simple to avoid confusion. That’s all I’m saying.
Fair point. Though, the source is data center dynamics, which does seem a bit niche.
I suppose, but the article has nothing to do with data centers and is written like any other news article on regular news sites. It’s a little more tech focused, but still very accessible.
Open Source Security Podcast with Josh Bresher and Kurt Sigfried. It’s a pretty good source of news and discussion from a sysadmin perspective.
When I first read they were sending smishing texts I thought hey this is neat, some kind of kink that I can spend the day learning about, but then I read about the sms phising thing and was disappointed.
So is original phishing supposed to be over the phone? Like it’s the email game called emishing or something?
No, phone phishing is phphishing.
When they send the emails at night, it’s called nocturnal emishing. It’s a serious problem that affects thousands of people each night.
They were arrested for baiting people with their mast.
Nah phishing is a 90s term though probably coined in reference to phreaking. That started up in the 60s and by the 80s even the US had mostly switched to out of band signalling for their telephone system so none of the stuff worked any more.
fuckin smishers, comin over here, textin our mobiles
Eintelefonmast!
c/randomGerman
He installed a fake antenna? like a fake cellular radio tower? how is it possible that phones just randomly trust this antenna? they explain very little in the article.
en.m.wikipedia.org/wiki/IMSI-catcher
lovely, and my phone won’t let me block 2G.
Short answer: security through obscurity
I’ve always wanted to broadcast encrypted signals from a ham radio out of the back of a van parked next to a nuclear power station.