- Malware Malvertising: Dealing With Malicious Ads - Who and How?
Ad networks could validate advertisers, research domain registrations, and examine Flash ads for malicious logic—but practices are ineffective or ignored. One organization reduced malware infections...
- Malware Malvertising: The Mechanics of Malicious Ads
Malicious ads redirect victims through chains of domains to exploit kits or social engineering sites. Flash-based ads embed ActionScript logic that can decide when and whom to attack, evade detection...
- Social Engineering The Targeted Attack Potential of Vanity Web Searches
Vanity web searches create targeted attack opportunities. Attackers can create pages with a target's name, wait for Google indexing, then add malware knowing the person will visit when alerts...
- Career Are Mistrustful People Better at Information Security?
Research shows high-trust people are actually better lie detectors than mistrustful ones—their less cautious nature develops social skills for identifying deception. Similarly, security professionals...
- Malware Social Graph: The Holy Grail of Actionable Intelligence
Attackers harvest email and social networking data to construct organizational social graphs, identifying connectors whose accounts could send social engineering messages, new "clueless" employees...
- Encryption Fun Ways to Change Behavior and Improve Security
Fun can act as positive reinforcement for security behaviors—more powerful than negative reinforcement. Ideas include rewarding badge swipes with jokes, entering complex password users in raffles,...