http://www.webadminblog.com Real Web Admins. Real World Experience. Wed, 25 May 2011 03:02:28 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 http://www.webadminblog.com/index.php/2009/03/23/spear-phishing-breaking-into-wall-street-critical-infrastructure/ http://www.webadminblog.com/index.php/2009/03/23/spear-phishing-breaking-into-wall-street-critical-infrastructure/#comments Mon, 23 Mar 2009 18:45:19 +0000 Josh http://www.webadminblog.com/?p=218 For my first breakout session of the TRISC 2009 Conference, I decided to check out Rohyt Belani's presentation on Spear Phishing.  Rohyt is the CEO of Intrepidus Group and has spoken at a variety of conferences from BlackHat to OWASP to MISTI to Hack in the Box.  I had heard from several other conference attendees that he was a pretty good speaker and the topic seemed interesting enough so I went and wasn't at all disappointed.  My notes (while not very long) from the presentation are below and the actual presentation can be found here:

• CEO of Intrepidus Group
• Adjunct Professor at Carnegie Mellon University
• Frequent speaker at BlackHat, OWASP, MISTI, Hack in the Box
• Phishing: The act of electronically luring a user into surrendering private information that will be used for identity theft or conducting an act that will compromise the victim’s computer system.
• Example of spear fishing used for pump-and-dump scam
• Example of spear fishing used to download a Trojan, crack the admin password, and create domain administrator accounts on a windows server.
• Have a service called fishme.com that is used to run mock attacks against companies.
• 23% +/- 3% are susceptible to phishing attacks based on surveying on fishme.com
• Convincing people to click via authority works better than reward
• People are more “click happy” on a Friday afternoon
• Use an existing website that’s vulnerable to XSS or create a fake SSL certificate

]]> http://www.webadminblog.com/index.php/2009/03/23/spear-phishing-breaking-into-wall-street-critical-infrastructure/feed/ 0