Security Basics mailing list archives

RE: HOW TO PREVENT FHISHING ATTACKS

From: "Craig S Wright" <craig.wright () information-defense com>
Date: Fri, 4 Feb 2011 07:50:06 +1100

Security in general is a user function.

Technology is an aid and can make some of the process simpler and more
efficient, but like ALL aspects of security, it is a people issue.

Regards,
Craig

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Adam Pal
Sent: Thursday, 3 February 2011 8:35 AM
To: mzcohen2682 () aim com
Cc: security-basics () securityfocus com
Subject: Re: HOW TO PREVENT FHISHING ATTACKS

Hello Mzcohen2682,

Phishing is a social engineering technique, so the only proficient way to
protect against is: training, security awareness, training...

If we take the scenario of withdraw administrator rights - whats the benefit
for phishing attack? Having no administrator privileges wont stop the user
entering whatever credentials the Email is asking for.

The weakest member member of the chain is the user.



Best regards,
 Adam Pal   

Friday, January 28, 2011, 12:44:06 AM, you wrote:

<==============Original message text===============
mac> Hi Guys,

mac> I am preparing a set of recommendation for a client of mine which 
mac> is a bank , a set of controls against fhisging attacks, besides of 
mac> telling the bank to teach there customers how to protect against 
mac> those attacks ( not opening suspicious mails etc etc) what other 
mac> recommendations are good? are there some technological tools to 
mac> prevent those attacks that the bank can implement? I heard 
mac> something about imperva radar service which should protect against 
mac> fishing attack, some one has experience with that tool? what about
other tools that the bank can implement?

mac> many thanks!

mac> Marco

mac> -------------------------------------------------------------------
mac> ----- Securing Apache Web Server with thawte Digital Certificate In 
mac> this guide we examine the importance of Apache-SSL and who needs an 
mac> SSL certificate.  We look at how SSL works, how it benefits your 
mac> company and how your customers can tell if a site is secure. You 
mac> will find out how to test, purchase, install and use a thawte 
mac> Digital Certificate on your Apache web server.
mac> Throughout, best practices for set-up are highlighted to help you 
mac> ensure efficient ongoing management of your encryption keys and digital
certificates.

mac> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6
mac> be442f727d1
mac> -------------------------------------------------------------------
mac> -----


<===========End of original message text===========



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we
examine the importance of Apache-SSL and who needs an SSL certificate.  We
look at how SSL works, how it benefits your company and how your customers
can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server.
Throughout, best practices for set-up are highlighted to help you ensure
efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

RE: HOW TO PREVENT FHISHING ATTACKS Filiberto Moreno (Feb 02)
- Re: HOW TO PREVENT FHISHING ATTACKS John Renne (Feb 03)
  - Message not available
    - Message not available
    - Re: HOW TO PREVENT FHISHING ATTACKS Nikhil Manampady (Feb 07)
    - RE: HOW TO PREVENT FHISHING ATTACKS Jon Davis (Feb 08)
    - Re: HOW TO PREVENT FHISHING ATTACKS Paul Johnston (Feb 10)
    - RE: HOW TO PREVENT FHISHING ATTACKS Gadi Naveh (Feb 15)
  - Message not available
    - Re: HOW TO PREVENT FHISHING ATTACKS Nikhil Manampady (Feb 07)
- <Possible follow-ups>
- Re: HOW TO PREVENT FHISHING ATTACKS Adam Pal (Feb 03)
  - RE: HOW TO PREVENT FHISHING ATTACKS Lynch, Gordon CTR NHRC (Feb 03)
  - RE: HOW TO PREVENT FHISHING ATTACKS Eggleston, Mark (Feb 03)
  - RE: HOW TO PREVENT FHISHING ATTACKS Craig S Wright (Feb 03)
- Re: HOW TO PREVENT FHISHING ATTACKS Patrick Kobly (Feb 03)
- RE: HOW TO PREVENT FHISHING ATTACKS Sacks, Cailan C (Feb 03)