Phishing Prevention

Interesting article on preventing phishing with social engineering tests. Here it says that new phishing attacks are geared directly toward employees. Voice phishing is also on the rise, with a man in the middle attack. According to this article, setting up regular tests and awareness training for employees is a key element to curbing such attacks.

Does it sound 'phishy' to you? Or not?

http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1371307,00.html?track=NL-105&ad=732419&asrc=EM_USC_9666669&uid=9209486#

66% websites infected with cross site scripting/SQL injection attacks

Kinda bogles the mind, doesn't it? 66% of websites are infected. Most of the time, it is done for information.... a kind of ID theft. And is apparently easy to do. However, this would drop dramatically if coders would code with security in mind. Using open source apps that are more 'open' are really beginning to scare me. Guess I will have to learn to be a better coder !!!!

Here is the article:

http://www.technewsworld.com/story/Ridding-the-Web-of-the-XSS-Scourge-68410.html

Almost 100 Arrested Worldwide in Phishing Scheme

Today the FBI arrested about 33 people in California, North Carolina and Nevada for a

phishing sheme which cost victims about 1 million dollars. Egypt also arrested individuals involved in this "con". What I find interesting is that it just reinforcing the need for international laws regarding the web. Security is global, not just national.

http://www.technewsworld.com/story/68324.html?wlc=1255137673

HR and IT

Here is a white paper about the benefits of forming a bond between HR and IT

http://viewer.bitpipe.com/viewer/viewDocument.do?accessId=10622579.

Discusses impact of employees on security. Right up this class's ally, so to speak.