Interesting SANS NewsBites 2

Posted by Peter Burkholder Wed, 13 Dec 2006 19:25:00 GMT

I’m posting a link to this week 12/12/2006 SANS Newsbites because there are so many tasty tidbits that bear further reading. To wit:

  • NASA bans Word attachments.
  • Local Colorado woman raided because her system had been taken over by a bot in a credit card scam network. Roland Grefer added a little note with some links worth keeping handy:
[(Grefer): If you are an end-user and your computer suddenly starts to run slow, do NOT turn off your firewall. Rather, run antivirus and antispyware scans. Starting points might be the offerings at -http://free.grisoft.com, -http://www.safer-networking.org, and -http://www.lavasoftusa.com/products/ad-aware_se_personal.php. They all offer their tools free of charge for personal home use and are reputable sources. ]
  • After a note about a fellow convicted for stealing credit card data, Ed Skoudis had this to say about VoIP phishing and how banks may be unwittingly contributing. I think VoIP phishing needs much more publicity, and I’ve not heard it mentioned in recent media coverage of spam and phishig.
[Editor’s Note (Skoudis): Credit card theft remains a major issue. Just last Friday, I got an automated call from my bank, one of the biggest in the world, about a fraud warning. The voice mail was comically synthetic, with a tinny machine mispronouncing my name, urging me to call my bank at a phone number that didn’t match the one on my credit card. Given the rise of VoIP phishing, I was instantly suspicious. I called the number printed on my card. As it turns out, the call was legit, and there was a real fraud warning on my card. I was disappointed in my bank for opening themselves to VoIP phishing this way. If you get a fraud warning call, do not dial back to the number in the voice mail. Instead, call only the number printed on the back of your card, or, if the card isn’t available, call the number on your last statement. ]
  • Colorado gets a statewide laptop encryption contract. Way to go Colorado (and maybe a bit of Mark Weatherford tooting his own horn as Colo’s CISO).