Posts Tagged ‘Phishing’

Even DHS Blindly Accepts Invalid SSL Certificates

Via Forbes: On page 37, DHS instructs analysts to accept invalid SSL certificates forever without verification. Although invalid SSL warnings often appear in benign situations, they can also signal a man-in-the-middle attack. Not a good practice for the security conscience. I think that’s grounds for termination by incompetence for whomever was behind that. DHS Phishing […]

How To Be More Secure With Your Data & Identity

It’s amazing how on a daily basis there’s a story about someone’s identity or data being stolen, personal info being misused, or just getting screwed via the Internet. Most of the time it’s due to a complete lack of standards regarding how people treat their digital property and identity. It’s the electronic equivalent of leaving […]

Googlefox Redux

Yes, it’s another Google/Firefox blog post. This time in response to a CNet blog post regarding Google’s relationship with Mozilla. It makes a few interesting points, but quite a bit of it is silly or outdated. It was edited at some point late this morning or early afternoon from it’s original form (as it mentions). […]

96.66% Fell For Phishing

Kiplinger has a great story on phishing and security. The bottom line: while progress has been made there’s still a long way to go. Here was a very concerning piece: When researchers at Harvard University and the Massachusetts Institute of Technology studied the anti-fraud image system used by Bank of America, they found that 58 […]

Norton 360

An interesting review of Norton 360 was posted by CNet. Overall the review was very positive, they seem to like it. Interesting to me was: We also found that Norton 360 is optimized for Internet Explorer only, and not Firefox and Opera browsers. It could be said that Symantec realizes that Internet Explorer users need […]

Phishing Unit Testing And Other Phishy Things

Seeing these results is pretty cool. I hope someone has/will come up with a way to have a test like this running periodically (at least weekly, if not daily or multiple times a day) which does an analysis on Phishing sites and how many are being blocked. I’d presume Google and other data services would […]

Is phishing the new spam?

I’m almost convinced now that the majority of stuff SpamAssassin misses isn’t really spam, but phishing messages. I think it’s time for SpamAssassin to start considering detecting it. Perhaps take a look at mscott’s good work for Mozilla Thunderbird. Odds are lots of that detection stuff, will also detect spam slipping through by other means.