Security » Social Engineering

'Whaling' threats target the big fish of the corporate world

The proliferation and popularity of collaborative Web 2.0 sites – there are around 250,000 new registrations to Facebook everyday – has changed the threat landscape and the way businesses need to think about security. Each year, newer technologies and weapons are being unleashed to leave Web users surprised, annoyed and at greater risk.‘Whaling’ or ‘spear phishing’, is one such threat and refers to phishing scams which specifically target high-worth individuals.

By Pete Simpson | 10 September, 2008 14:50

Tags: whaling

New Ways to Approach Security in a Web 2.0 World

Business isn't what it used to be.

By Brian Foster | 08 September, 2008 09:32

Tags: web 2.0

The best ways to protect your identity online

With identity theft on the rise and personal information at a premium, it's never been more important to be cautious about what you reveal online.

Notes from AusCERT 2008

I've had the pleasure of speaking and attending this year's AusCERT 2008 security conference held in Gold Coast, Australia. If you've never been to Australia, you're missing some of the best that life has to offer, and I feel the same way about the conference. Although a bit smaller than most US security conferences, it's intentionally kept small (around 1,000 participants) and makes up in quality speaker presentations and vendor participation what it lacks in headcount. One of the great attributes of the typical Aussie is their aversion to marketing hype, along with their ability to "cut the fat off a chicken" (as my grandmother used to say) and pull out the salient points. If a vendor tries to push marketing fluff about their product too much, they are likely to get verbally assailed rugby-style. Here are some of my favorite notes and quotes from selected speakers:

Attackers are thinking outside the box

In the adversarial environment of information security, new types of attacks emerge constantly. Just recently, a very highly targeted phishing attack against CEOs used the pretext of a federal grand jury subpoena to lure executives to a site hosting malware. Let's face it: Most of the innovation in this industry is on the other side, the "dark" side. We are unfortunately forced to keep reacting to new ingenious attacks every few years.

Phishing in the backyard

The best phishing e-mail I've seen recently purported to come from none other than the head of the FBI. "Robert Mueller" was offering to ensure the safety of a money transfer from a confidential third party, if only the recipient would provide her or his bank information in an official-looking form.