Slack Won 39;t NEW! Download Files
Esmeralda Rusinski
Easily share files with your team directly in Slack or use your favorite tool like Google Drives, DropBox, Box and OneDrive. Files in Slack are not only searchable but also give your team context on the discussion about the document.
The url_private property points to a URL to the file contents. Editable-mode files will also have a url_private_downloadparameter, which includes headers to force a browser download. Both url_private and url_private_download requirean authorization header of the form:
Slack supports all major cloud-based file management systems, including Google Drive, Dropbox, Box, Microsoft OneDrive and Sharepoint Online. By using these apps with Slack, the files your team shares in channels are automatically indexed. This means that their names and contents are searchable, and you can find them in the channel or conversation details in the right sidebar. Our file management apps also unfurl files to give you a crisp file preview, rather than a gobbledygook URL.
When you work with files in Slack, you can have related discussions and make decisions in one place. For example, if someone posts a mockup from Google Drive into a relevant Slack channel, the team can comment in a thread below the document and approve it with emoji reactions. All the context around the document and next steps are right there in Slack.
I have installed Slack (Desktop App) and I had trouble uploading and downloading files from/to certain directories for months.More specifically, it seems that Slack don't have the permission to access directories in /mnt and /media (and various other directories outside of /home).
I don't upload files from USB sticks everyday, however I have a dual boot ubuntu+windows and my /Downloads is a symlink to /mnt/win10/.../Downloads, and downloading files or sending files I downloaded previously is really fastidious.
Looking through I understand I have to use a completely different OAuth based API, but creating more tokens just for the purpose of uploading a file seems odd when posting messages works well, is there no way to upload files to slack with the incoming webook?
To upload files you need to use the Slack Web API and the files.upload method. Yes, it requires a different authentication, but its not that complicated if you just use a test token for all API calls.
Computer forensics solves notorious criminal cases by utilizing file slack data to find missing information or clues. One of the most recent, high-profile cases was in the investigation of American Secretary of State Hillary Clinton and deleted emails. The investigators explained the task of retrieving data was potentially possible because of the extra space in deleted files. This is just one example, as it has been used in many different legal cases involving computers.
The only reason you can see the configuration.nix files in your store is (most probably) because you have your configuration in a flake, and the contents of a flake are copied to to the Nix Store before the flake is built. This was implemented originally to ensure remote flakes like github:NixOS/nixpkgs can be evaluated, but in the future (when this PR gets merged), local flakes will not be copied to the store anymore, only remote ones.
The only reason you can see the configuration.nix files in your store is (most probably) because you have your configuration in a flake, and the contents of a flake are copied to to the Nix Store before the flake is built.
It's inevitable that any productivity tool needs to give users the ability to share files. Files can be in the form of a link to a cloud storage account or a file uploaded directly to a Slack server. Slack provides features that make it easy for server users to share files. Files can be shared either privately in a direct message or in a channel where others can download them. Users can also set notifications that let them know when certain keywords are posted so that they know when files are shared in a Slack channel.
With so much technology available to individuals and corporations, you could have several different files uploaded to your Slack server. Slack supports several file types including standard images. Users can also link videos that can be viewed directly from the link displaying the video content and play buttons in Slack.
Slack supports any file that can be uploaded in a web browser. It does have a layer of security that triggers and disallows malicious content posted in a channel. However, simple file uploads are allowed including cloud content such as Dropbox or Google Drive documents. The following is a short list of files that can be uploaded to Slack:
Any file available from the "Open" dialog window can be uploaded to your Slack server. This means that files stored on a network drive and available from your local computer can also be uploaded to your Slack server. After you choose a file, a new configuration window opens. This configuration window sets up the way the file will display in the Slack channel.
The icon that displays under the summary text box at the top shows you the file's name. Taking a quick look at this file name ensures that the right file will be uploaded to Slack and avoids costly mistakes of uploading a sensitive or private document instead. Notice that under the chosen file is a link labeled "Add file." Clicking this link will again open a dialog window where you can choose an additional file to upload. Using this feature, you can upload several files at once instead of uploading them one by one.
For large files, it might take a few minutes to upload them to the Slack server. When you upload a file, you store a copy of it on your Slack server cloud space. If you don't have enough space to store the file, you will not be able to successfully upload it to the server. In this case, you can upgrade your server account to allow more cloud storage capacity for uploaded files.
Notice in the channel that the message configured is shown at the top of the file link. The file's title is displayed to the right of an icon that indicates what type of file has been shared in the channel. In this example, a Microsoft Word document was uploaded to the server. The icon indicates that the file is a Microsoft Word document, so users know what type of file they will be downloading should they click the link. Users need the appropriate software to open shared Slack documents unlike reading files in a cloud environment.
Google Drive asks for permission to see, edit, create and delete files on Google Drive, and the application can see your history and records of changes to files. Should you change your mind due to the level of access needed by the Slackbot account, you can always click the "Cancel" button and reverse the installation and stop Slack from having access to your Google Drive account.
If you decide to give Slack access to your Google Drive account, click the "Allow" button to allow the link between Slack and Google Drive. By giving permission to Slack, you can get preview information about the document link anyone posts in a Slack channel. This information also helps you search files posted in a Slack channel. Any content posted to a channel helps you archive and search it should you need to return to it later.
Working with files and Slack is the perfect way to streamline your productivity when users must share numerous file types from various locations. Slack supports many different file types, so users are free to copy and paste any number of files to a Slack channel. Once a file is shared, it's available to any user who has access to the Slack channel, which means instead of emailing dozens of users, you can share a file with only a few clicks of the mouse to hundreds of users with access to the Slack channel. Just like many other productivity features, sharing files is another convenient way for users to quickly keep up with communication and share important documents without any hassles or hurdles.
Slack, the ubiquitous communication and collaboration platform, has been getting more and more attention over the past few months as a potential phishing platform and target for malicious actors. Most of this attention has settled on various methods to phish users within Slack itself, and the concerns range from DMs to Slackbot reminders and public Slack channels or workspaces.
Much of that ongoing discussion is focused on the use of publicly leaked Webhooks to inject malicious messages into Slack channels. And, unsurprisingly, we already have reports of this method being used in Slack workspaces, esp. those with with public channels devoted to crypto-currency-related topics and discussions.
Slack can be used for phishing users outside of Slack, though. One reported scheme, for example, involves using Slack's "referral URL" domain, slack-redir.net, to launder malicious links, allowing them to sail past multiple layers of security given that Slack domains will generally be trusted.
Indeed, we began receiving reports from customers using the Phish Alert Button (PAB) of malicious emails using this method back in late November of 2019.
Emails exploiting the domain slack-redir.net have tended to land users at credentials phishing landing pages hosted on third-party web sites.
In late June of this year, however, customers starting reporting malicious emails using Slack in quite another way: as a host for malicious files used as part of phishing attacks.
Let's take a look at how this works.
The Attack
The attack method involved is a fairly familiar one in which the bad guys find a legitimate site or service that can be abused to host malicious files that can then be deployed to facilitate email-based phishing attacks.
The bad guys clearly, and for obvious reasons, prefer sites and services that can be used for free (whether legitimately or not). To that end, they prefer sites and services that allow unknown users to create free accounts, though they are perfectly happy to use compromised pay accounts at online services if such accounts offer key benefits like, say, the ability to blast large volumes of malicious emails out to potential victims. And if the domain being used is recognized and trusted by your average cubicle dweller within businesses and organizations across the country or around the world, so much the better.
In this case, the target is Slack's file storage domain, slack-files.com, which is typically used to host files uploaded by users within Slack itself. Indeed, Slack freely advertises Slack's robust file management and collaboration features, which include integration with third-party apps.
Here's a typical malicious email we've seen using slack-files.com to execute what amounts to a three-stage phishing attack.
Most of the emails we've seen using slack-files.com are formatted in a similar fashion, suggesting this scheme is being used by only a small number of malicious groups at present.
The link in the email takes users to a PDF file hosted on slack-files.com...
...which users must download and open:
The link in that email shuffles users on to yet another site, which is usually hosting a credentials phish of one sort or another:
Occasionally we see emails exploiting slack-files.com use a strikingly different format:
The second and third stages of the attack tend to follow the same pattern as the first email documented above, though.
This three-stage attack using files hosed at a legitimate online service or site is hardly new or unique. It is, in fact, the same pattern we've seen used to exploit and abuse plenty of other perfectly legitimate brands and services, including Dropbox, Sendgrid, Sharepoint, and OneDrive (to name but a few).
Indeed, just a few weeks ago we blogged about Canva, an online graphic design platform being used and abused in a very similar fashion. And Sendgrid, the popular email service provider used widely in Corporate America, recently reported that it had been battling a concerted credentials-stuffing attack that has compromised large numbers of accounts that have then been used to distribute large volumes of spam and phishing emails.
So, Slack is hardly alone in finding its service being misused by malicious actors. It has plenty of company these days, unfortunately.
So far we've seen relatively small numbers of malicious emails exploiting slack-files.com in phishing attacks. Moreover, these emails have been reported only in fits and starts since late June by customers using the Phish Alert Button (PAB), suggesting that the bad guys, at this stage, may still be experimenting with slack-files.com.
How It's Being Done
While Slack offers a variety of methods for uploading files to slack-files.com and sharing them publicly within Slack as well as externally, we're assuming that malicious actors are using a simple and obvious method for converting Slack into a malicious file repo.
In the method we suspect is being used, malicious actors would simply download Slack's client application, create their own private workspace, upload files within their instance of Slack, then create external links for those files that could then be re-used in phishing emails.
Although it's certainly possible that the bad guys are using compromised accounts of individual users within organizations already penetrated through phishing emails, we tend to doubt that compromised accounts lie behind what we're seeing for several reasons.
First, such accounts would have to be compromised in the first place, and these accounts could probably not be relied upon for extended periods of time. Second, any files uploaded with a compromised account would likely be visible to the user as well as the larger organization, raising the risk of discovery. Third, we expect that many if not most organizations (at least the ones that were minimally security conscious) would disable the option to create external links for files in order to prevent Slack from being abused to exfiltrate sensitive, proprietary data.
The method we've described above has the advantage of not being dependent on any other organization (beyond Slack itself). Moreover, it's not unknown for individuals not connected with businesses and organizations to download and use Slack to connect to public Slack channels or even create their own private workspaces. The method we suspect is being exploited would simply be a logical extension of the way Slack is already being used by countless individuals.
To be clear, we cannot verify that the method described above is in fact what lies behind the low volume of phishing emails exploiting slack-files.com reported to us by customers. It has enough advantages, though, to suggest that it may very well be how the bad guys are doing it.
Conclusion
You could be forgiven if your response to this was to shrug. But of course slack-files.com is being abused like this. If nothing else, that's an indication of the current state of phishing. It can seem an inevitable and almost unstoppable feature of everyday digital communication and life on the internet.
It does illustrate -- yet again -- just how determined and relentless malicious actors have become in sniffing out new means and methods for attacking the weakest link in your organization's security posture: its users.
Would your users even blink if they saw a file in a phishing email being offered up by a domain like slack-files.com? How many of them would even bother to check the link? By turns, how many would just blindly click and end up being led by the nose into a potentially devastating credentials phish?
If you're not quite sure (and if that uncertainty leaves you with a sinking feeling of dread in the pit of your stomach), then now is the time to step your users through New-school Security Awareness Training and begin testing them regularly with high-quality simulated phishing so that you find out just how bad your security problem is with the end users in your organizations and start to do something about it.