Archive for the ‘Social Engineering / Phishing’ Category

APT Or Not APT? Depends upon how clear the patterns are!

November 26, 2011

Rober Lemos / Dark Reading

Separating persistent threats from more opportunistic cybercrime-focused attacks is not easy, but can help inform defense, according to security experts. Block an opportunistic attack and the crisis is averted; block a persistent attacker and they will come back tomorrow…

…..

In many cases, the patterns are not clear. Even “advanced” attackers will only use, for example, the minimum force necessary to compromise a network. In some cases, attackers have rented botnets; in others, they’ve used standard cybercrime tools.

Posted in Application Security, Information Security, Social Engineering / Phishing, Training / Awareness | Leave a Comment »

A tool to identify malicious insiders

November 24, 2011

William Jackson / GCN

The system, which is being tested in a lab environment, uses a host-based agent to “learn” a user’s behavior and to look for anomalous behavior or other signatures, said computer scientist and project leader Justin Beaver.

……….

Among the characteristic information leveraged by the system are system call sequences. Each function on a computer initiates a series of calls for services. This occurs at a low level in the operating system, out of the user’s view, and creates a characteristic pattern for each user over time. Researchers found that normal patterns remain surprisingly consistent for individuals as they switch between computers and jobs.

Posted in Risk Management, Secure Coding, Social Engineering / Phishing, Training / Awareness | Leave a Comment »

Life Logging Risk Assessment

November 21, 2011

ENISA’s Report

The top risk for individuals utilising life-logging devices and scenarios is the threat to privacy that accompany using them. Loss of control over this data might result in individuals being subjected to financial fraud or unauthorised access might result in reputational harm or discrimination and exclusion. This risk is compounded by the nature of life-logging in that apart from privacy threat to individuals coming from commercial entities and governmental agencies, there is also a threat of deliberate or accidental data collection about one person by other individuals.

Dependency on the availability of certain devices or services is also increasing the risks for individuals, as the mobile devices, sensors or services become more attractive targets for attackers. In this direction, it is particularly important the link between tangible and intangible assets, as we can also see in Future Internet scenarios; a related risk is the loss of autonomy.

Finally, we should consider risks such as psychological damage, related to discrimination, exclusion, harassing, cyberstalking, child grooming, feeling of being continuously under surveillance (paranoid behaviour), pressures related to work performance, peering into other peoples life etc.

Posted in Consumer Information Protection, Risk Management, Social Engineering / Phishing, Tech and Laws | Leave a Comment »

Kevin Mitnick’s New Book: Ghost in the Wires

October 1, 2011

Ghost in the Wires is a thrilling true story of intrigue, suspense, and unbelievable escape, and a portrait of a visionary whose creativity, skills, and persistence forced the authorities to rethink the way they pursued him, inspiring ripples that brought permanent changes in the way people and companies protect their most sensitive information.

Posted in Report / Paper, Social Engineering / Phishing | Leave a Comment »

Follow

Get every new post delivered to your Inbox.

Join 993 other followers