How To Recognize Social Engineering Scams

By Robert Siciliano, ID Theft Expert and Security Consultant to Intelius.com

While similar to a confidence trick or simple fraud, Social Engineering typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim. But in many cases the attacker certainly does come in contact with the victim. You may be doing all you can and should to protect yourself from hackers and scammers. But a response to a simple email that looks exactly like your expected monthly bank e-statement can completely drain your bank account.

Increase Your Information Security IQ

By Robert Siciliano, ID Theft Expert and Security Consultant to Intelius.com

People who generally have to much time on their hands read my posts. Or they simply enjoy my train wreck world view. Anyway there are some fantastic resources that I draw from that help me to break down the complicated issues revolving around how to keep the bad guy from draining your bank account. The following make me look good (not to insult them):

Cyber Security Week In Review: June 27th

From The Internet Security Alliance and Information Security Resources

Exploits of unpatched Windows bug will jump, says Symantec; Mozilla tackles XSS vulnerabilities with new technology; New Facebook blog: We can hack into your profile; Red Condor’s Spam Trip Wire detects new virus; Adobe Releases Update for Shockwave Player; Gates Creates Cyber-Defense Command; Google clamps down on ‘malvertising’; Hacked high-profile Twitter accounts still spreading malicious links; Spam, Phishing, and Malicious Code Related to Recent Celebrity Deaths.

ISR News: IRS On-Line Vulnerable

Excerpt from SANS.org

According to an audit report from the Treasury Inspector General for Tax Administration, the US Internal Revenue Service (IRS) launched an on-line tax filing system despite known security concerns. Although testing of the fourth release of the IRS Modernized e-File system revealed 13 security vulnerabilities, the system was launched in January 2007.

ISR News: ‘Downandup’ WORM Up

Excerpt by InformationWeek.com’s Thomas Claburn

In October, Microsoft took the unusual step of issuing an out-of-band Security Bulletin, MS08-067, for a vulnerability affecting its Server service. “Because the vulnerability is potentially wormable on those older versions of Windows [XP and earlier], we’re encouraging customers to test and deploy the update as soon as possible,” said Christopher Budd, a Microsoft Security Response Center security program manager, in a blog post.

ISR News: Recession Crimps Security

Excerpts from ZDNet Asia’s Vivian Yeo

Businesses in Asia that are driven by the recession to strive for leaner, meaner IT, need to consider how their cost-cutting impacts security, warn industry experts. Even as frugality is expected of IT departments this year, the move to options that support cost-cutting–including software-as-a-service (SaaS) and cloud computing–should be assessed for risk to the business, said Lawrence Ong, regional business manager for security at Datacraft Asia.

ISR News: Terrorists Aim for Online 9/11

Excerpt from Canada.com

Henry said terrorist groups aim for an online 9/11, “inflicting the same kind of damage on our country, on all our countries, on all our networks, as they did in 2001 by flying planes into buildings.”

ISR News: Top 10 Threats from 2008

Excerpts from InformationWeek.com’s Thomas Claburn

A municipal network held hostage, the hacking of a public official’s private e-mail account, court battles to gag security researchers, and dire warnings about the Internet’s Domain Name System were just a few of the highlights of the IT security landscape in 2008.

Consumer Reports Buys Consumerist.com

By Laura Wilson, JD, CISA Candidate, ♦ ISR Corporate Liability Editor

Combining the unimpeachable credibility and expertise of Consumers Union, the publishers of Consumer Reports since 1936, with the widely read, shoot-and-move Consumerist format that nets over 10 million pages views per month is a big win for the public and their advocates.

ISR News: Experts Hack VeriSign

Excerpt from Computerworld.com’s Robert McMillan

With the help of about 200 Sony Playstations, an international team of security researchers has devised a way to undermine one of the algorithms used to protect secure Web sites - a capability that the researchers said could be used to launch nearly undetectable phishing attacks.

• Categories

  • Anthony M. Freed (26)
  • Bill Brenner (2)
  • Bob Violino (1)
  • Bozidar Spirovski (23)
  • Breach (540)
  • Britt Womelsdorf (5)
  • By Dr. InfoSec (2)
  • Cara Garretson (7)
  • CCCNews (1)
  • Chorey Taylor & Feil (8)
  • Christophe Veltsos (2)
  • Christopher Burgess (7)
  • CIOZone (26)
  • Class Action Lawsuit (111)
  • Cloud computing (106)
  • Coby Royer (5)
  • CTO Forum (9)
  • D&O Liability (594)
  • Daniel Wallace (5)
  • Danny Lieberman (11)
  • DataLine (10)
  • David Alexander (2)
  • Derek Crawford (1)
  • Doug Pollack (7)
  • due diligence (303)
  • Fame Foundry (1)
  • FEATURE ARTICLE (428)
  • Financial (580)
  • Fred Leland (7)
  • Gene Kim (3)
  • Government (366)
  • Greg George (5)
  • H1N1 (15)
  • hackers (532)
  • healthcare (127)
  • Heather Bourgoin (1)
  • HomeATM (8)
  • identity-theft (528)
  • IDExperts (17)
  • Ike Z. Devji (1)
  • Infosec Island Network (31)
  • Insider Threat (483)
  • Internet Crime Complaint Center (1)
  • Internet Security Alliance (64)
  • ISR News (321)
  • Jacqueline Herships (2)
  • Jenni Hesterman (3)
  • John M. Salomon (2)
  • John Watkins (7)
  • John-Patrick Skaar (2)
  • Kaliber Data Security and Compliance Consultants (3)
  • Kat Sanders (2)
  • Ken Leeser (3)
  • Kevin L. Jackson (10)
  • Kevin M. Nixon (21)
  • Larry Ketchersid (1)
  • Laton McCartney (7)
  • Lauren Taylor (1)
  • Linda McGlasson (1)
  • malware (494)
  • Mark Smail (1)
  • Mark Wright (1)
  • Mel Duvall (3)
  • Michael Eggebrecht (3)
  • Michael Lohr (1)
  • Michael O'Conner (4)
  • MicroSolved (1)
  • Mike Duncan (3)
  • Mike Meikle (4)
  • Mike Spinney (1)
  • Military (204)
  • national security (446)
  • PCI (301)
  • PCI Security Standards Council (32)
  • Physical Security (11)
  • privacy (545)
  • Rachel James (10)
  • reach (4)
  • Rebecca Herold (16)
  • Richard Stiennon (44)
  • Robert Siciliano (34)
  • Sarbanes-Oxley (495)
  • ScamStop (2)
  • Sean Wilkins (2)
  • Semyon Dukach (1)
  • Simon Heron (14)
  • Software Associates (11)
  • Steven Fox (19)
  • SUPERAntiSpyware (3)
  • Sybase (6)
  • Symplified (5)
  • The Jester (8)
  • The Privacy Professor (16)
  • Thomas R. Fox (8)
  • Tom Groenfeldt (2)
  • Tom McLain (2)
  • Trefis (14)
  • Tripwire (18)
  • Uncategorized (621)
  • virtualization (94)
  • Webcast (49)

• ISR Headline Index

  • Quick Tips for Using Secure Shell
  • Consolidate Compliance With Open Source
  • DoS Attack Reveals Widespread Vulnerabilities
  • Study Shows Employees Put Data at Risk
  • Tracking Google’s Script Kiddie Hackers
  • Newbie Introduction to Digital Forensics Part 2
  • Simple Log Review Checklist Released
  • Press F1 for Help? Microsoft Zero Day Threat!
  • A Newbie’s Introduction to Digital Forensics
  • Security Best Practice: Trust But Verify…
  • Google, Adobe, and Big Oil Under Attack!
  • Building your OWN Malware Lab (Part 2)
  • How Twitter Spam Steals From Google, Yahoo!
  • Tech Stocks Week in Review Featuring iPad
  • DoD Endorses Certification for Hackers

• Recent Comments

  • Ryan Aslett on Data Loss Prevention Has Jumped the Shark
  • Tom on (Lack Of) Encryption and The HITECH Act
  • ADMIN on Patriot Hacker Hits Jihad With DDoS Attacks
  • Robert Siciliano on Data Loss Prevention Has Jumped the Shark
  • Karen J. Cox on Data Loss Prevention Has Jumped the Shark
  • Scot McLeod on Outsourcing Breach Response Lowers Costs
  • John Marke on Gartner Tells CIOs to Embrace Social Media
  • Social Engineering and Enterprise Security | CIO – Blogs and … | Enterprise Engineering Addict on Gartner Tells CIOs to Embrace Social Media
  • From Russia, With Smartphones on Top 8 Social Media Security Threats
  • Judith Hoffman on Scam Alert: Rogue Gmail Account Phishing
• 
  

  Information Security Resources

  Top network security blogs