- Malware Malvertising: The Mechanics of Malicious Ads
Malicious ads redirect victims through chains of domains to exploit kits or social engineering sites. Flash-based ads embed ActionScript logic that can decide when and whom to attack, evade detection...
- Social Engineering The Targeted Attack Potential of Vanity Web Searches
Vanity web searches create targeted attack opportunities. Attackers can create pages with a target's name, wait for Google indexing, then add malware knowing the person will visit when alerts...
- Career Are Mistrustful People Better at Information Security?
Research shows high-trust people are actually better lie detectors than mistrustful ones—their less cautious nature develops social skills for identifying deception. Similarly, security professionals...
- Malware Social Graph: The Holy Grail of Actionable Intelligence
Attackers harvest email and social networking data to construct organizational social graphs, identifying connectors whose accounts could send social engineering messages, new "clueless" employees...
- Encryption Fun Ways to Change Behavior and Improve Security
Fun can act as positive reinforcement for security behaviors—more powerful than negative reinforcement. Ideas include rewarding badge swipes with jokes, entering complex password users in raffles,...
- Social Engineering Attackers Are Attracted to Email Like Flies to Honey
Email contains business plans, credentials, and sensitive data that attackers harvest after compromising systems—either from local PST files or directly from Exchange servers. Mitigations include...