Well I have not written here for quite some time because I have been preparing for the CISSP exam which I took on Saturday, I am now waiting for my results and really could not say if I have passed or not, I answered all the questions and got done in 5 hours but so many of them had more than one answer that seemed correct and it was difficult to work out which was actually the best answer.
At lunch time I read a fantastic article on techcrunch written by Nik Cubrilovic titled The Anatomy of the Twitter Attack. It outlines the steps taken by “Hacker Croll” to gain access to a whole lot of private information from Twitter including access to employees email and control over the Twitter.com domain name at godaddy. The basis of the attack was gaining control over an employees gmail account using the password reset feature, the alternative email was a hotmail account that had expired so the hacker was able to recreate the hotmail account and reset the gmail password with it.
It is the start of the month of twitter bugs, each day for the rest of a month the guys over at twitpwn.com will be releasing a new vulnerability in a 3rd party twitter app. This is done to raise awareness and hopefully improve security in 3rd party twitter service. The 3rd party service provider will be given at least a 24 hour advance warning of the vulnerability before it is published to the site.
This morning I have read an article on risky web searches on a study carried out by McAfee on The most dangerous and safest Web searches with some interesting findings. McAfee claims that a search for the term “screensavers” is the riskiest with 59.1% of the sites shown in search results contain some form of malware. The term “lyrics” followed closely with around half of the results leading to sites containing malware.
Lately I have been receiving more and more phishing attempts via email. I usually just report them then delete them without giving them a second though but today I decided to take a good look at one for tell tale signs you could use to warn users. I had one which claimed to be from my bank although it was not a bank I use and one explaining to me that I had won over £900,000 on the lottery.
So you have your super strong password and nobody would guess it in a million years, but maybe a someone wanting to gain access won’t need to…. Often sites ask you to provide answers to security questions when you sign up, these are used to recover or reset you password if you forget it and are often things like, “Where were you born?” or “What was the name of your first school?