So wrapping up: I wouldn't advise posting the report for the general public, but you probably don't need to worry too much. On the other hand, if the link will expire, if it's a private chat room, if the chat messages get deleted automatically (or aren't easy to search), or if the computer is one you're going to replace soon anyway, then that would diminish the likelihood. For example, if you published this report on Twitter, that's higher visibility and thus higher likelihood of attack. I could use that to figure out what websites you look at, and prepare a very convincing link.īut with risks, you have to look at likelihoods. Here is where I need to point out those TCP connections. If I were just evil, I could contact you in the chat and "helpfully" post a link to a malicious website and hope you click on it. A lot of people accidentally share more than they realize, especially if you have accounts that are traceable to other platforms like Twitter or Facebook. I could do OSINT on the account you posted from (Reddit or Stack Exchange). These details could be used to refine OSINT, though. The time zone and language (assuming they are correct) point to an area of the world that has quite a lot of people. In this particular case, those names didn't appear very useful, but they could be. And also there are a few crazy people wandering around (don't make eye contact with them, please). But this is the Internet, so it's hard to be completely anonymous. Privacy/anonymity is important, because you need a way to attack somebody, and usually a motivation. Now, on the topic of privacy/anonymity, I found these things in the report: I could use that to figure out exactly the sort of attack that would be most likely to succeed.
Those are things that would be immensely helpful if I were attacking you. Here are a few things I see in the report:
I don't think you need to worry too much about the information you already shared, but proceed with caution and don't let them connect in or run any software that you don't understand.
It gives them the ability to say, "oh no, your report says you have explorer.exe running that's a virus! I better remote in right away to fix it!" or "looks like you have Microsoft Word installed lucky you, just download this document and it has all the steps to fix your computer! Just make sure you enable macros first." Is the person friend or foe? Obtaining basic system information could be a legitimate request, but it could also be used maliciously by a social engineer to demonstrate their credibility and/or learn more about your machine.If you were running anything vulnerable or unpatched, this could be an issue.