A recent ethical phishing experiment shows a surprising 100% success rate on bypassing anti-spam filters. The experiment highlights how simple, small-scale spear-phishing campaigns easily bypass corporate security filters and that users continue to take the bait.

This scenario was an invitation from Linkedin, posing as an invitation from Bill Gates to join his network. Linkedin was selected due to availability, and the fact that it is a social network recognized by most executives. This selection of Linkedin was also based on the fact that linked-in email should be already identified by most existing email system(s), and this may have helped delivery through into the mailbox.

Read the rest of this entry »

The Wired blog ‘Epicenter’ reports on a study commissioned by the IT staffing company Robert Half, which found that 54% of US companies have banned the use of social networking sites such as Twitter, Facebook, MySpace and LinkedIn sites at work. Apparently, the primary concern is loss of worker productivity, but fears over unknown legal and brand exposure may also play a role in this.

“Using social networking sites may divert employees’ attention away from more pressing priorities, so it’s understandable that some companies limit access,” said Dave Willmer, executive director of Robert Half Technology, in a statement.

Another study conducted by Nucleus Research also indicated that employees who use social networking sites at work do so up to 2 hours a day. 87% of employees admitted they weren’t using the sites for business, but for personal purposes instead.

Does your company have a social networking use policy in place? Perhaps a good time to check before HR comes knocking.

Update: I just found this short presentation on slideshare…

Neowin reports that passwords of 20,000 hotmail, live and msn accounts have been compromised. It is unclear whether the passwords were obtained through a hack or phishing scheme. A list containing the account credentials was posted by an anonymous user on a public forum at pastebin.com.

It appears that currently only accounts starting with the letters A-B are affected, but other lists could exist.

I suggest that you change your password on your msn, hotmail or live account just to be safe.

Even if you have not fallen victim to a phishing scam yourself, it is good to know that the FBI is taken the threat seriously. Last Wednesday, the Federal Bureau of Investigation pulled in the net on the largest cyber fraud phishing case to date, aptly named “Operation Phish Phry“.  The FBI case started back in 2007 and resulted in a multinational sting with almost 100 people being charged.

“The FBI said it uncovered a sophisticated phishing operation that was designed to swipe personal information and then use the data to defraud banks. On Wednesday, authorities arrested 33 of the 53 defendants named in an indictment. Egyptian authorities charged another 47 alleged cybercrooks.”

Each of the defendants indicted in the US, is charged with conspiracy to commit bank and wire fraud, with a statutory maximum penalty of 20 years in federal prison. Hopefully this case will result in convictions with stiff sentences, sending a strong signal to other aspiring cyber crooks.

Email is undoubtedly the most heavily used electronic communication medium today. We use email to communicate in business, to stay in touch with friends and family, get shipment notifications, bill reminders, statements from the utility or cable company and on and on…

This convenience comes at a price.  Not only do our our inboxes become increasingly cluttered, but the more often we share our primary address on the Internet the greater the chance of getting onto spammers distribution lists as well.

Read the rest of this entry »

Hosted email has been available for quite some time, but the arrival of new “cloud-based” solutions offered by technology heavyweights such as Google (GoogleApps), Microsoft (Microsoft Online Service), Apple (MobileMe) and even IBM (Bluehouse) are stirring up a renewed debate of the pros and cons of using these services at an enterprise level.

Last week’s outage at Google, recent repeat problems at Amazon’s S3 storage services and Apple’s “insanely grating” MobileMe launch highlight the need to carefully consider all aspects when weighing hosted vs. on-premise solutions.

Read the rest of this entry »