Security Basics: Social Engineering

June 4, 2005, 1:40 am

It has been said the the users are the weakest link in the security chain. This is especially exemplified in Social Engineering. This is a practice wherein a user is lured to give in sensitive information such as password and credit card numbers. This is typically directed at the users and not on a security hole. The success of many of virus and phishing attacks are due largely to social engineering.

Let us take the case of the Love Bug worm. The worm made an international sensation because it was able to infiltrate even the Pentagon. This is not because there were known security holes in the system of the Pentagon, but because of the psychological motivation of “love” which prompted users to execute the worm. Aside from that, social engineering also plays a big part in phishing or attacks directed at getting user information through e-mail, instant messages, or websites that asks for them.

These activities are not exclusive to the Internet. This include chain e-mails, like the case of “Bill Gates giving away his money” if you forward the e-mail and made it look authentic with a signature of a lawyer at the end of the mail; scams such as the “Nigerian Scam“; and even text scams.

According to Sophos, there are measures one need to consider in order to avoid phishing scams:

1. Never respond to emails that request personal financial information
2. Visit banks’ websites by typing the URL into the address bar
3. Keep a regular check on your accounts
4. Check the website you are visiting is secure
5. Be cautious with emails and personal data
6. Keep your computer secure
7. Always report suspicious activity

Recommended sites for more information:

http://www.fightidentitytheft.com/
http://www.windowsecurity.com/articles/Avoid-Phishing.html

Next on Security Basics: PHP

Posted by Francis under: Security

Security Basics: PHP

For those who are using scripts like Moveable Type and Wordpress, they have little to worry about security since they only need to wait for

WordPress 2.0.3 Released

The latest in the stable 2.0 series, 2.0.3, is now available for download at WordPress.org. This is a bug fix and security release, and is

Apache 1.3.36 Security Update

A new version of Apache (1.3.36) was just released for Cpanel servers. We don't recommend upgrading rightaway, because you quite often wind up with more

WordPress 2.7.1 is Out

Those who are running WordPress can now update their blogs to the latest version 2.7.1. This version fixes bugs and security holes in the software

CGI Scripts disabled

We have disabled the Mchat, Cgiecho, Cgiemail, Guestbook, Counter and Formmails from CPanel's system wide cgi-sys directory. The are the most commonly exploited scripts since

WordPress 1.5.1.3 Security Update

WordPress version 1.5.1.3 is remotely exploitable if the web server on which it runs has register_globals = on in the PHP configuration. perl and PHP

Enable register_globals on individual cPanel accounts

Since register_globals is disabled on the servers for security purposes, some of your scripts and Fantastico installs might not work properly. However, you can enable

Security Issues with PHPBB

PHPBB has announced an injection vulnerability on their website. Those running PHPBB software are advised to update a patch on their installations: Despite being among the

Upgrade your blogs to WordPress 2.1.13 & 2.0.10

The new release of WordPress are versions 2.1.13 and 2.0.10. There are security updates so download your copy now and upgrade your blogs.