 |
- for a FREE 30-Day Trial of VMTN Subscription Products |
WebProWorld IT Forum |
Javascript
Countdown
I have been looking for a Javascript countdown, but I haven't had much luck. There
are heaps online, but not like the one I need. I need a countdown that lasts 24
hours. After 24 hours, it should restart again.
ASP
500:100 error pages
Ive recently bought a new home PC with XP pro. got it all nicely set up as a webserver
and running a couple of sites for local testing. I know i have done this before
because my work PC is set up fine but for the life of me...
301
redirect
Plz keep in mind i'm a noob at this. I need to 301 redirect and i'm on IIS. I
went from html to .asp. I read around and noticed the following solution everywhere:
* In internet services manager, right click on the file or folder you wish to
redirect * Select the radio titled "a redirection to a URL".
|
 |
| Recent
Articles |
Hackers Saw Plank, Microsoft Ship Drops
Within hours of the release of Microsoft's Windows Genuine Advantage (WGA), hackers decided to flip off Microsoft with a single, simple line of javascript that promptly turned off the WGA and turned on laughter in hacker circles around the globe.
Network Forensics is Affordable for Most Businesses
Regulatory requirements such as Sarbanes Oxley or HIPPA along with cyber crime have heightened the interest in computer security.
Key Benefits of a Single Intranet or Public Website
A single website is more connected and credible. It is more consistent and cost effective. It is easier to manage and measure.
PassMark's SiteKey - Answering The Wrong Question
In my article "Spear-Phishing - New Angles On An Old Game" (http://www.cafeid.com/art-spear.shtml), I wrote about a variation on "traditional" e-mail phishing that has proved to be more effective than random casting of stink-bait into a vast pool of random e-mail addresses.
IT Career Error! Click Here to Repair
Two years ago Jeff was a discontented software developer. His work left him frustrated and mentally drained each day.
Microsoft Getting FrontBridge Hookup: Secure Messaging
Microsoft announced yesterday they will acquire FrontBridge Technologies Inc., a company that provides managed services for corporate email security, compliance and availability requirements. This adds another set of features to Microsoft's ongoing war against security problems through archiving, minimizing spam and viruses, and ensuring email availability in case of a disaster.
Remote Reboot Power Management Guide
Implementing a remote reboot power management solution is a required procedure for assembling a true lights-out data center or co-location facility.
Environmental Monitoring Reference Guide
Creating a safe and secure lights-out co-location or remote data center facility ensues by incorporating environmental monitoring devices to remotely detect and resolve unwarranted server room conditions.
What is a Matrix KVM Switch Solution?
Enterprise KVM switches, such as the Raritan Paragon II, will often include the word Matrix in part descriptions or throughout promotional means such as in features and benefits sections on websites.
Top 5 Reasons Why CAT5 KVM Switches Solve Common KVM Switch Limitations
Simplifying server rack environments by introducing a CAT5 KVM to help ease server cabinet clutter is an example of how beneficial UTP cabling can be.
|
|
08.10.05
Spear-Phishing - New Angles
On An Old Game
 By Trevor
Bauknight
It usually doesn't take long for emerging trends in business IT security to reach
the point at which a new name for a given phenomenon is required to set it apart.
A relatively recent variation on the familiar e-mail phishing scams that targets
small cells within a particular enterprise rather than millions of random people
has reached that point. Last week, BusinessWeek reported on the growing phenomenon
of "spear-phishing" and, while they charge for that information, we don't think
you should have to pay to keep your sensitive information private.
A New Scam?
...Not really. If you know how phishing works, you already know how spear-phishing
works. The difference lies only, as you might have guessed, in the skill and more
focused target of the scammer. "Regular" phishing relies on casting a wide net
knowing that, out of the millions of people who receive the e-mails, only a few
will invariably respond. But spear-phishing relies more on the ability of the
scammer to win the trust of a small group of people for at least long enough to
grab all the sensitive information she can.
Different groups may be targeted, but the scheme seems to be most effective at
targeting small groups within some large business enterprise network, and so this
form of phishing has some characteristics that set it apart. Spear-phishing e-mail
can be more difficult to catch because Subject and From headers are going to carry
familiar text and because its circulation doesn't attract the attention of large
clearinghouses of known scam information. Target e-mail addresses may be gathered
from corporate directories, web sites and telephone conversations rather than
from spammers dealing in huge lists of working addresses.
The e-mails themselves
may appear to be actual corporate documents but often carry trojan-horse keystroke-logging
programs or links to fake websites set up to look like the real thing. The scammers
could well be disgruntled former employees, vendors or others who have had access
to the physical premises. And while some are using such techniques to target non-corporate
groups like participants in eBay auctions, the goal of most spear-phishing scams
is to collect sensitive commercial data.
|
- for a FREE 30-Day Trial of VMTN Subscription Products |
|
Central to the success of a spear-phishing scheme is the artful use of what has
come to be called "social engineering". Kevin Mitnick, notorious hacker turned
security consultant (http://www.mitnicksecurity.com),
made the term famous with his seminal book on the subject _The Art of Deception:
Controlling the Human Element of Security_. Briefly, social engineering is the
art of winning the trust of a mark through familiarity, charm, feigned exasperation,
the use of proper jargon and so on. Once convinced that the scammer is who he
is pretending to be, the mark will reveal some useful bit of information that
can then be exploited.
The textbook example of spear-phishing goes like this: A group or an individual
obtains, through social engineering or physical or electronic access, some corporate
document that can be used to convince even knowledgeable insiders to enter usernames
and passwords at a faked extranet site or to open an attachment that contains
a keylogging trojan-horse program.
The e-mail goes to a small group within the
corporate network and a much higher percentage of recipients respond because the
source appears to be legitimate internal corporate communication. Armed with a
few working logins, the spear-phisher accesses corporate intellectual property,
personnel files or other sensitive data, which can fetch a high price on the black
market.
Avoiding the Spear
It's probably true that no institution or enterprise is secured against all the
possible variations on the phishing scheme, but there are several steps you and
your business can take to guard against becoming a victim.
Business data security starts at the top and should permeate all levels of your
IT structure. Establish policies of information exchange that preclude the ability
of a spear-phisher to obtain key bits of data, such as internal documents, to
which she is not entitled and don't veer from those policies under any circumstances.
Eliminate unnecessary traces of former employees and turn off their electronic
and physical access to your business properties. Above all, don't attempt to communicate
with employees the same way the spear-phishers will try, such as through e-mail
bearing links to internal websites or attached documents.
The most effective thing you can do to prevent your business from turning into
a shallow pond is to keep informed and pay attention to things like abnormally
slow computers, strange entries in e-mail logs (especially source-IP addresses
that don't match those on your internal networks) and unusual patterns of website
traffic.
Several groups have set up shop on the Web to provide you with as much up-to-date
information as possible. We recommend, especially, the website of the Anti-Phishing
Working Group (http://www.antiphishing.org)
and the Trusted Electronic Communications Forum (http://www.tecf.org/).
Here at Cafe ID (http://www.cafeid.com), we
maintain a one-stop shop of up-to-date resources and information on every aspect
of Internet security and identity protection.
If you think you've already been a victim of some form of phishing attack, a great
place to start undoing the damage is at the Internet Fraud Complaint Center (http://www.ifccfbi.gov/index.asp).
Local law enforcement is another excellent place to turn. If your customers' or
employees' personal information is compromised, by all means notify them immediately
of the potential trouble so that they can take the steps necessary to keep themselves
safe from exploitation.
As businesses become more and more dependent upon the Internet and its protocols
for both public and internal communications, it becomes more and more important
to keep an eye on emerging trends like spear-phishing. But the best thing to keep
in mind is that these sorts of problems aren't new and they rely on some of the
oldest forms of deception known to man. Social engineering is as old as bureaucracy,
and there's little reason to suggest that we're getting any better at dealing
with it.
About
the Author:
Trevor Bauknight is a web designer and writer with over 15 years of experience
on the Internet. He specializes in the creation and maintenance of business and
personal identity online and can be reached at trevor@tryid.com.
Stop by http://www.cafeid.com for a free tryout
of the revolutionary SiteBuildingSystem and check out our Flash-based website
and IMAP e-mail hosting solutions, complete with live support. |
|
