Social Engineering
Facebook introduces Trusted Contacts, makes you ask, "How much do I trust my friends?"
Losing access to your Facebook account is a big deal.
So Facebook has introduced "Trusted Contacts," where you combine recovery codes from three different friends to get yourself back in.
Paul Ducklin asks how well it's going to work...
"G'day, the Queen speaking" - socially engineering the Duchess of Cambridge's hospital
Pranksters at a Sydney radio station called the Duchess of Cambridge's hospital in London, pretending to be Her Majesty the Queen and Prince Charles.
To their astonishment, their social engineering succeeded. How would your organisation fare?
SSCC 97 - Black Hat and DEF CON review, broken crypto, Frak, smart meters and hacking transit
Peter Szabo from SophosLabs joins Chet to chat about 4 more talks from this year's Black Hat and DEF CON conferences. Topics include MS-CHAPv2, Frak, smart meters and hacking public transit.
Targeted emails exploit new Acrobat Reader vulnerability
Attackers are taking advantage of the latest zero-day vulnerability in Adobe's Reader software sending malicious attachments to specific targets. Adobe promises a fix is coming by the week of December 12 at the latest and Reader X users are protected already.
Kevin Mitnick - ghost in the wires, or scourge of the internet?
Duck has just finished reading Kevin Mitnick's autobiography, Ghost in the Wires.
He decided to review it for Naked Security.
Will you enjoy it? Should you buy it?
How hackers tried to break into my wife's 1&1 account - via the phone
Sophos senior security engineer David Schwartzberg describes how scammers tried to break into his wife's online account at web-hosting firm 1&1 - via the telephone.
Fake iTunes receipt spam
A rather poorly crafted email campaign is making the rounds today. People around the world are receiving messages that appear to be iTunes receipts from Apple. On closer inspection however there are several oddities. The message arrives as an iTunes Read more…
Are signed files safer than others?
Mike Wood of SophosLabs Vancouver presented "Want my autograph? The use and abuse of digital signatures by malware" at the 2010 Virus Bulletin conference. Mike's talk was focused on the trust that people and technology put into certificates and how Read more…
MS Patch Tuesday, Adobe Vulns and Firefox 3.6.10 - Sept 2010
What a busy week! Aside from not having time to blog, there were a lot of stories about new vulnerabilities and patches for recent vulnerabilities. Microsoft, Adobe, and Mozilla all had news. Microsoft released nine patches addressing 14 vulnerabilities, four Read more…
Sophos Security Chet Chat 25 & 26
Sophos Security Chet Chat episode 25 is now live in the Sophos podcast archive. Last week Michael Argast and I discussed this weeks social media news as well as Google's new adoption of OpenID with Yahoo! allowing federated login to Read more…
If I had a nickel for every Facebook scam. . .
I'd be rich! Not to have my blog turn into the 24/7 social-media-scam network, but another Facebook scam is on the loose. This one is called "OMG! Look What this Kid did to his School after being Expelled!" and follows Read more…
Filet-O-Phish - Thieves target McDonald's
I ran across an interesting and improbable phish today while looking through our spam feeds. The attackers in this case decided that enough people in the world eat at McDonald's that it was worth having a go at convincing people Read more…
Spam roundup - Am I getting Google's spam?
I spent some time today scouring the massive spam queues in SophosLabs and thought I would share some information on the latest email threats. I had a chuckle thinking I had accidentally received mail destined for Google. The subject of Read more…
Hot chick on Twitter? Bet it's a spammer
A new Twitter follower whose profile picture is a hot girl is usually a clue that you may be led to a spam. Especially if they are following hundreds of people and don't have a lot of followers. Fortunately this Read more…
Evolution of spam: Explained
Spammers are taking advantage of all this cloud computing nonsense to get past our best defenses. I presented at Infosec Europe on how Russian affiliate networks (Partnerka) have eased up on spamming via email and have migrated to the web, Read more…
Mac users need to wake up to the social engineering threat
Clu-blog reader Peter directed my attention to a letter in this week's edition of "Computing" (a popular British IT magazine) earlier today. The letter from Jamie Forder is in response to an article written in a previous edition by Laurent Read more…
Google Talk used to distribute Fake AV
When speaking in public and delivering presentations, I am often asked "Why would they want my Google/Yahoo!/MSN/Facebook credentials? It's only a throw-away email address." These services have transformed from simple webmail and messaging experiences into fully integrated platforms for video, Read more…
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
