Websense’s Operation SpearPhish

Today I received an email from Websense that asked “how good are you at caching a “phish”.   It was promoting their email security products and had a link to “take the Operation Spear Phish Challenge”. As I clicked on the link I realized that I had just failed. Fortunately, the link actually was for a “spot the …

Continue reading ‘Websense’s Operation SpearPhish’ »

Symantec Report on Chemical Industry Phishing

Symantec published a report earlier this week about an attack on the Chemical Industry.   They call this attack Nitro. In one example of the attack, an encrypted 7zip file is used.   Encryption prevents scanners from examining the contents of the file. Some SMTP gateways, block encrypted files by default.   Most places find that hurts productivity more than …

Continue reading ‘Symantec Report on Chemical Industry Phishing’ »

Epsilon Breach will Lead to Phishing Season Security Companies Predict

Over the weekend, email marketing firm Epsilon revealed that it had been hacked and that some of their client customer lists had been stolen. Names and email addresses were stolen.  With the link between your email address and the particular client of Epsilon, it is now much easier to create a targeted phishing email. Phishing emails …

Continue reading ‘Epsilon Breach will Lead to Phishing Season Security Companies Predict’ »

Magazine Publisher Phished for Millions

Magazine publisher Conde Nast received a email from a company with a name similar to their regular printers asking them to update their payment information.   Conde Nast dutifully began sending their monthly payments electronically to a bank account in Houston Texas. $8 million was collected before the printers contacted the publisher to ask why they hadn’t been paid.  Surprisingly the …

Continue reading ‘Magazine Publisher Phished for Millions’ »

Firefox to Suggest Flash Updates

Firefox recently announced that a soon to be released version will check for Flash updates in addition to updating Firefox. That should be helpful for end users. As with any news people of course have their own axe to grind and put their own spin on things. Wolfgang Kandek writes about this development in a …

Continue reading ‘Firefox to Suggest Flash Updates’ »

BlueCoat ProxyClient

I’ve been interested in extending HTTP security out to our remote users. When users are in the office their HTTP traffic is antivirus scanned and URL filtered. When remote, they only have desktop antivirus to protect them. As more and more users are mobile, I think it is important to address this. BlueCoat offers a …

Continue reading ‘BlueCoat ProxyClient’ »

Shmoocon 2009 Day 1

The next three posts will contain my notes from Shmoocon. This post contains notes from each session I attended on day 1. I’m not trying to necessarily reconstruct the notes into a coherent thought. Hopefully it will be somewhat readable. Opening Remarks by Bruce Potter People are getting owned a lot. Trends Increased success in …

Continue reading ‘Shmoocon 2009 Day 1’ »