Re: phishing threatJul 27 2006 05:58AM Tim (pand0ra usa gmail com) (1 replies)
Let them know that from now on in order to log in they will be
required to submit a hair and blood sample to a biometric device
attached to the computer. Additionally their passwords are to be
replaced with passphrases that are a minimum of 32 characters and are
required to use Alt character sets in addition to upper and lowercase,
numbers and special characters. Finally, they are required to have an
RSA token surgically embedded into the underside of their forearm.
Technology is not a panacea. Phishing is a form of social engineering
so you need to figure out what staff is doing to compromise the system
and show then what they are doing wrong (don't just tell them). I have
done quite a few social engineering attacks against people and they
had no idea what was going on. Once you show them (not tell them) they
should have a better idea on what to do. You know what phishing is and
what the impact is but since there are some users that 'don't get it'
the challenge is to figure out how to make them care (make it personal
to them).
That's my 2 bits.
On 7/26/06, shakti velu <shaktivelu88 (at) gmail (dot) com [email concealed]> wrote:
> We spent lot of time educating users - please use two-factor, it will
> solve your phishing problems.
>
> Now we tell them Sorry, Two factor is of little use ! what next ?
> three factor , biometric !
>
> On 7/27/06, mohamed.siddiqu (at) wipro (dot) com [email concealed] <mohamed.siddiqu (at) wipro (dot) com [email concealed]> wrote:
>
> Shakti Velu,
> > >
> > > End user awareness is the key ... Keep them informed the latest phishing
> > > threats...
> > >
> > > Thanks
> > > Siddiqu.T
> > >
> > > -----Original Message-----
> > > From: shakti velu [mailto:shaktivelu88 (at) gmail (dot) com [email concealed]]
> > > Sent: Thursday, July 27, 2006 10:23 AM
> > > To: bs7799 (at) securityfocus (dot) com [email concealed]
> > > Subject: phishing threat
> > >
> > > We have implemented two-factor authentication a year back.
> > >
> > > Recently came to know that it has been defeated by latest phishing
> > > attacks?
> > >
> > > What are the other measures to mitigate the phishing threat?
> > >
> > > The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com
> > >
> >
>
required to submit a hair and blood sample to a biometric device
attached to the computer. Additionally their passwords are to be
replaced with passphrases that are a minimum of 32 characters and are
required to use Alt character sets in addition to upper and lowercase,
numbers and special characters. Finally, they are required to have an
RSA token surgically embedded into the underside of their forearm.
Technology is not a panacea. Phishing is a form of social engineering
so you need to figure out what staff is doing to compromise the system
and show then what they are doing wrong (don't just tell them). I have
done quite a few social engineering attacks against people and they
had no idea what was going on. Once you show them (not tell them) they
should have a better idea on what to do. You know what phishing is and
what the impact is but since there are some users that 'don't get it'
the challenge is to figure out how to make them care (make it personal
to them).
That's my 2 bits.
On 7/26/06, shakti velu <shaktivelu88 (at) gmail (dot) com [email concealed]> wrote:
> We spent lot of time educating users - please use two-factor, it will
> solve your phishing problems.
>
> Now we tell them Sorry, Two factor is of little use ! what next ?
> three factor , biometric !
>
> On 7/27/06, mohamed.siddiqu (at) wipro (dot) com [email concealed] <mohamed.siddiqu (at) wipro (dot) com [email concealed]> wrote:
>
> Shakti Velu,
> > >
> > > End user awareness is the key ... Keep them informed the latest phishing
> > > threats...
> > >
> > > Thanks
> > > Siddiqu.T
> > >
> > > -----Original Message-----
> > > From: shakti velu [mailto:shaktivelu88 (at) gmail (dot) com [email concealed]]
> > > Sent: Thursday, July 27, 2006 10:23 AM
> > > To: bs7799 (at) securityfocus (dot) com [email concealed]
> > > Subject: phishing threat
> > >
> > > We have implemented two-factor authentication a year back.
> > >
> > > Recently came to know that it has been defeated by latest phishing
> > > attacks?
> > >
> > > What are the other measures to mitigate the phishing threat?
> > >
> > > The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com
> > >
> >
>
[ reply ]