Peruse Muse Infuse
Home | Site Map | Site Index
Subscribe To This Blog
Atom Feed
RSS 2.0 Feed
Tags
Agile (9)  Architecture (24)  ASP.NET MVC (1)  Aspiring Architects (12)  Bio-Diversity (1)  Business (4)  Business Architecture (1)  Cheat Sheets (7)  CodePlex (3)  Dalek (1)  Data Architecture (1)  Enterprise Architecture (3)  Formula One (1)  Garfield (1)  Ghostbuster (1)  Hello Cruel World (1)  History (2)  iGovt (1)  Inter-Personal (1)  Modeling (4)  Morphfolia (1)  Off Topic (3)  open source (6)  podcast (3)  Political Architecture (1)  Politics (1)  Security (7)  Solution Architecture (1)  SqlAzure (1)  Strategy (4)  Tech-Ed 2009 (3)  The Cloud (4)  Thinking (6)  Web Development (6)  Wellington (12)  WSAF (12) 
Recent Posts
Hitchhikers Guide to NFRs - the System Quality Attributes Map
Backlog Depression
At the Coal-Face - Solution Architecture in the Public Sector
Security Guidance - Practical Non-Functional Requirements
Career Direction - What and How
10 Years in IT - 6 Lessons Learnt
I Blame the Superficialites
Free Un-Evil Options Analysis Template
Browser Wars - Agile Strikes Back
WSAF Session 7 - Practical Hacking
Available Blogs
Morphfolia Code Log
Peruse Muse Infuse
Exploiting Trust
Posted at 24/09/2009 10:29:41 a.m. by AdrianK (310 days, 23 hours and 35 minutes ago)
Tagged under: Security

Michael Kassner recently posted on Tech Republic about "Trusted Web sites: Exploit tool of choice" based on the latest Websense Security Labs twice-yearly Web-based malware report (PDF): http://www.websense.com/site/docs/whitepapers/en/WSL_Q1_Q2_2009_FNL.PDF

There is always a fine line between being aware (and making others aware) of security threats and FUD; I think this is safely in the former.

  • 233 percent growth in the number of malicious sites in the last six months (671 percent growth during the last year).
  • 77 percent of Web sites with malicious code are legitimate sites that have been compromised.
  • 95 percent of comments to blogs, chat rooms and message boards are spam or malicious.
  • 57 percent of data-stealing attacks are conducted over the Web.
  • 85 percent of all unwanted emails in circulation contained links to spam sites and/or malicious Web sites.

The last point is timely, and is also relevant to the idea of exploiting trust - in this case email from a known source.  I've just received an email from a family member (who shall remain name-less - for now):

  • Subject: FW: Fw: Never, ever answer a cell phone while it is being RECHARGED!!
  • Attachment: Mobile Phone recharge.pps (173 KB)

Hmmm - would you open this? 

Firstly, I would be exceedingly wary of stuff like this - why do people need to send this sort of thing in a PowerPoint?  (or at all?)  Any sort of complex file-type like this (Word, excel, etc) is simply a more capable platform for evil. 

Secondly, assuming from the file name that there is an eminent danger here, I would strongly urge you to validate that kind of thing; Snopes (http://www.snopes.com) is a good site for this.

For more general info see:
http://en.wikipedia.org/wiki/Urban_Legends_Reference_Pages

In the specific case of the phone recharging, see:
http://www.snopes.com/horrors/techno/cellcharge.asp

Lastly, I would suggest you make anyone who sends this sort of stuff out to you aware of these issues, prevention is always better than the cure.
 Some rights reserved.
Last Modified 15/04/2010 11:34:08 a.m. by AdrianK (adriank [at] morphological [dot] geek [dot] nz)