Monthly Archives: September 2007
Time to Phish your Customers?
Building employee awareness to social engineering attacks, like Phishing, is clawing its way up the CISO’s priority ladder; and rightly so. But, what good are aware employees if your customers can be directly targeted by such attacks? A month ago, monster.com had to deal with a phishing attack that targeted their clients and did so [...]
Embassy “hacker” – Reading between the lines
There was an interesting update yesterday about last month’s story about a Swedish security researcher who released the password and login information for 100+ embassy and government workers. (I’m going to take some liberties summarizing this) A Swedish researcher released 100+ passwords claiming he wanted to expose that the practice of using pop3, imap, etc [...]
Phishing for User Awareness
A recent survey of over 279 IT Executives indicated that the greatest security challenge they faced was building an effective security awareness program and encouraging their employees to embrace it. Employees, albeit unaware, oblivious or unconcerned, continue to fall prey to conniving social engineers compromising sensitive data protected by millions of dollars worth of technology. [...]
CSRF is not XSS!!!
There seems to be a problem with Cross-Site Request Forgeries. It seems like a large majority of people have this type of attack confused and I am not just talking about developers or end users. Security professionals still don’t know what this attack vector is (and I’m not talking about higB’s tongue-in-cheek Balls post.) The [...]
