Facebook ID Probe

A good read here, “Sophos Facebook ID probe shows 41% of users happy to reveal all to potential identity thieves“.

Sophos Facebook ID Probe findings:

 

• 87 of the 200 Facebook users contacted responded to Freddi, with 82 leaking personal information (41% of those approached)
• 72% of respondents divulged one or more email address
• 84% of respondents listed their full date of birth
• 87% of respondents provided details about their education or workplace
• 78% of respondents listed their current address or location
• 23% of respondents listed their current phone number
• 26% of respondents provided their instant messaging screenname

Talk about an opportunity to educate our members. This type of information could also be used in Spear Phishing attacks.

 

Web server log review

I have had numerous conversations with people on the reviewing of web server logs and with that comes many different ideas on the importance of web server logs. For marketing staff it is of course web analytics, for network/system staff it is for determining why the site is not displaying images, and of course for security persons it is much more.

What do you review your web server logs for.

BBB Phishing

According to Secureworks and others, SANS and SunBelt, there are two different phishing scams making their way around email.

While both of them are extremely dangerous in their own respects, one of them I find very interesting. It is a highly targeted attack against executive level managers at companies. It uses an email with which claims to link you to documents pertaining to your case. Here are some of the highlights from Secureworks.

Highlights

• Highly-targeted attack – aimed at specific executive-level company managers
• Steals all interactive data sent from victim’s IE browser to remote websites
• Uses browser helper object to access form data before it is SSL-encrypted
• One stolen data repository located. As of Friday, May 25, there are 1, 400 victims and 145 megabytes of data in the repository. Approximately 70 megabytes of data is being collected daily.

The other email contains an attachment (RTF Document) when executed installs several pieces of malware onto the computer opening to attachment. The problem with this one is that for some reason it is easier to get virus through email content scanners with RTF documents.

For more information click on one of the reports above.

What a month for Phishing

The Antiphishing working group in it’s activity trends report that the number of unique phishing websites rose by nearly 35,000 compared to the month of March.

In the report they indicate that this is due to the phishers placing thousands of Phishing urls on one domain. Here is the report.

Another site www.phishtank.com show between the month of April compared to the month of March showed a 100% increase.

Another good read on this topic is the Security Fix blog posting located here.

In the eyes of a Phiser

In a post recently from RSnake at ha.ckers.org, he had a chance to discuss items from a Phishers perspective. The phisher he spoke to calls himself “lithium”.

In the post there were two questions asked that caught my eye:

“Are there any anti-phishing deterrents (tools or technology) that make life as a phisher harder?

Oh sure, There are many things that make pishing harder. But since Internet Explorer 7 and firefox 2 have implemented an antiphishing protection, Those two cause the most irritation.”

and

“Do you forsee any changes to the phishing industry that are worthy of note?

No.”

With those thoughts in mind what will a .bank TLD do to help the Anti-Phishing efforts. I still believe that education of members and staff are the best way’s to combat Phishing.