How To Stay Secure in Insecure World

I want to highlight 2 current articles:

http://www.infosecurity-magazine.com/news/pawn-storm-serves-malware-via-fake/

and

http://googleonlinesecurity.blogspot.com/2015/07/new-research-comparing-how-security.html

Google_Security-practices-expertsvsnonexpert

 

It is best to use good passwords, 2factor authentication, and patch your systems

 

The first article points to how a fake website was set up and delivers a zero-day java exploit attack onto unsuspecting users as they come in the website, and you wont even knew it.

The second article points out how security experts operate on their computer versus nonexperts.

 

But either an expert and a non-expert can be “attacked” by Zero-day  exploits, as a 0Day from the Oracle vulnerability  CVE-2015-2590.

 

 

So even a security expert will be successfully attacked if going on a website with an exploit that has not been patched yet. (this is why we patch our systems more often).

The obvious thing to do is to spot fake links and not go on them.

But…  how do you teach regular users not to go to fake websites, and teach URL gimmickery etc?

 

This is one reason I still keep a steady flow of spam coming in to my mailbox – even knowing that a lot of them have viruses and more in them.  It keeps me on my toes with regard to fake websites, scams, and more.

There are hundreds of these coming in every day, with 8600 in 6 months.

spamexample

 

In the coming days I will improve this post and provide more sophisticated analysis of spam. – In such a manner that would help someone determine a ‘fake’ website without clicking on it.

 

We can help set up security policies to improve the “people & process” portion of  people, process, and technology.

 

http://oversitesentry.com/contact-us/

 

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.