Posts

Showing posts from December, 2008

Even Phishing Emails warn of Phishing Emails

I received a Phishing Email targeting customers of a UK bank just moments ago. I wouldn't normal post such things up, but I found this one particularly amusing and a bit of a phishing Email first, because the email actually warns of suspicious Emails and phishing! I thought the phrase "A new Second Level Password" particularly funny. The scam email finishes with another warning about "suspicious e-mail appearing to be sent by Alliance & Leicester Commercial Bank - please ignore it and contact us now", it all rather like a 1970s Monty Python sketch! Phishing Emails always target one of two human emotions, Fear or Greed. This one is targeting Fear; its objective is to scare the receiver into thinking their bank account security (their money) has been compromised, so encouraging the user to click the link through to a bogus website impersonating the bank site, where the users banking credentials are harvested unknowingly.  "Greed" based phishing Em...

No such thing as a Secure Web Browser

Image
The big security story in the main stream news today, has of course been the security vulnerability with Microsoft's Internet Explorer web browser ( Serious security flaw found in IE) The vulnerability can be exploited by deliberately engineered or compromised regular websites, allowing the attacker to invisibly access the host PC system, from which point a whole series of further possible attacks can be run, such as stealing website usernames and passwords. At this time Microsoft aren't saying when they will be releasing a patch to fix this issue, which is really unfortunate, as this vulnerability has been known about for at least week from my own knowledge. The solution to problem being eagerly suggested on TV and radio news, is to download, install and then use different web browser, as they are not affected by this flaw (which is completely true), and are safe & secure. I have problem with the latter, which I heard said and implied on several occasions today, this i...

Recommended Business WiFi Encryption

I was forwarded an interesting wifi security tech question yesterday which resulted in a debate about whether hiding a WiFi SSID made you secure. I just couldn't resist answering the question, and as usual went off on a security mission with my answer. Lots of positive comments on my answers and my general advice around home and enterprise wifi security, so I'd thought I'd post it up on my blog for all to see.  Original Q. "I've been having an ongoing debate about the the practice of hiding SSIDs in a corporate environment.  I'm curious to know if hiding SSIDs is widely (emphasis on widely) considered a best practice or whether there are equal arguments on both sides.  My thoughts are that if you couple high grade encryption (WPA2) with some form of authentication (802.1x?) then hiding the SSID is unnecessary - and in fact makes it harder for valid users to find the network. " "Hiding the SSID can keep out the casual WiFi browsing neighbour, ...