Welcome to AppFail
You last visited: never
Cataloguing the Web's Failures.
Breaking Security news
- IBM Cognos Business Intelligence Input Validation Flaw Lets Remote Conduct Cross-Site Scripting Attacks
- IBM Tivoli Storage Manager Symlink Archive Flaw Lets Users View Privileged Files on the Target System
- IBM WebSphere Commerce Access Control Input Validation Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks
- HPE Service Manager TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections
Welcome to AppFail
Posted on 2009-06-28The US-CERT (read United States Computer Emergency Readiness Team) has released an update on the 26th about new phishing scams on the internet.
The marked increase in Spam, Phishing, and Malicious Code attacks related to recent celebrity deaths has sparked growing concerns that many users are still overly susceptible to social engineering and other human attack vectors.
Quoted from US-CERT
"Spam, Phishing, and Malicious Code Related to Recent Celebrity Deaths
added June 26, 2009 at 10:44 am
US-CERT is aware of public reports of an increased number of spam campaigns, phishing attacks, and malicious code targeting the recent deaths of Michael Jackson and Farrah Fawcett. These email messages may attempt to gain user information through phishing attacks or by recording email addresses if the user replies to the message. Additionally, email messages may contain malicious code or may contain a link to a seemingly legitimate website containing malicious code.
US-CERT would like to remind users to remain cautious when receiving unsolicited email. Users are encouraged to take the following measures to protect themselves from these types of attacks:
Do not follow unsolicited web links received in email messages.
Install and maintain up-to-date antivirus software.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks. "
On the internet you are never really safe, there is always some exposed attack vector, whether it be a 0 day exploit or a human factor. There are many pieces of software who marketing material would make it seem that they are the be all and end all of the security issue, but seeing as that is impossible, they should be taken with a grain of salt. Security is best provided in layers, the military term for this is "Defense In Depth". A combination of a good server side email filter such as Spamassassin, which uses Bayesian analysis, network tests and blacklists to block or flag emails that are unsafe. Additional client side software, such as the anti-phishing warnings built into most modern email clients, the typical virus scan / anti-malware solutions, and proper training for the weakest link in the security chain, the protein robot (you).
If you have any questions please let us know.
By: Michael Spencer and Allan Jude
Cuiusvis hominis est errare; nullius nisi insipientis in errore perseverare - Any man can make a mistake; only a fool keeps making the same one.
Digg Proof Hosting
The key to surviving Digg and Slashdot is Infrastructure. You can't get it from a regular web host, it requires experience. The High Load Hosting Experts at ScaleEngine can make your site thrive, and avoid having your site featured on AppFail.
Cyber Security Alerts