Re: RE: Online Fraud Protection

[josh.perrymon () packetfocus com]

I believe that Anti-Fraid measures *SHOULD* begin with information security. As a pentester working globally for very 
LARGE organizations I often used social engineering and directed phishing attacks to gain remote access when 
infrastructure and app attacks fail. Especially when the scope is VERY limited and we may only find an OWA server and a 
couple open ports.

We have bypassed 2factor authentication and all of the current IDS/IPS/HIPS/COntent Security/BLAH goes here.

Remember it's hard to detect an attacker that uses normal comm channels.

The problem with an approach you may be taking using IE7<whatever> here is that whitelisting WILL NOT WORK for 
protection against directed phishing attacks. I have been using IE7 Beta for a while now and have performed over 40-50+ 
global phishing attacks and IE7 has not picked up our phishing site ONCE. This is because it uses M$ whitelist of
KNOWN phishing sites. Same issue with Websense and other vendors that use the same approach. 

THe only way that IE7 phishing filter may be useful is if it interfaces with a widget that can detect these directed 
attacks( Small volume and very dynamic) then automatically update the phishing filter and deter the attack. ( NDA 
here... but we are working on something :)

What about trending and controlling the attack is 2-3 users have already fallen for it???

So the core of this is USER EDUCATION. Your user base has to be aware of these type of attacks and company policy must 
be VERY CLEAR on what type of information support may ask for. If EVERY user knows not to submit this type of 
information the attack may fail. We work globally developing LMS and training content based on internal policies.

Simply because the technology isn't available to stop current directed small volume, phishing attacks.

Josh Perrymon
CEO
PacketFocus
www.packetfocus.com
josh.perrymon () packetfocus com

 

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------