×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Phishers Hone Skills, Craft More Impressive Attacks

Soulskill posted more than 2 years ago | from the practice-makes-perfect dept.

Security 63

CWmike writes "Recent break-ins at high-profile targets like the International Monetary Fund demonstrate just how proficient hackers have become at so-called spear phishing, researchers said on Tuesday. 'Today's spear phishing is not only more prevalent but also much more technically proficient,' said Dave Jevans, chairman of the Anti-Phishing Working Group. 'They're not going for a password, anymore; they're getting people to install crimeware on their computers.' The trend highlights the need for defenses against such targeted threats, requiring companies to look beyond security strategies focused purely on dealing with traditional network threats, analysts said. Increasingly, companies also need to focus on approaches such as continuous monitoring of networks, databases, applications and users, outbound traffic filtering and whitelisting."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

63 comments

What about turning the tables on them? (1)

Anonymous Coward | more than 2 years ago | (#36445970)

I have had the Indian MS helpdesk ring a few times about the viruses of my Windows PC, surely there has to be a way of "honey potting" them to shut them down?

Re:What about turning the tables on them? (2)

Billlagr (931034) | more than 2 years ago | (#36446050)

Really??? So have I!! And friends and relatives. All you need to do is provide some credit card details, and bam! your machine is instantly remotely cleaned up. It's good to see MS taking such a proactive stance.

Re:What about turning the tables on them? (2)

syousef (465911) | more than 2 years ago | (#36446230)

I have had the Indian MS helpdesk ring a few times about the viruses of my Windows PC, surely there has to be a way of "honey potting" them to shut them down?

If I have time, I like to play with them. i use to put the phone down while they were talking and walk away but I worry they'll take silence as consent to switch my phone or do something else. So you egg them on. Keep saying "Sorry I don't understand" and "Could you explain a bit more?". Then agree to nothing. If you don't have time you just hang up.

Re:What about turning the tables on them? (1)

Falconhell (1289630) | more than 2 years ago | (#36446282)

Absolutely, I tell al the people I support to keep them on the phone as long as possible, when they ask, tell them your computer is on (But DONT switch it on) then give them false answers to thier questions. Some of the users have kept them on the phone for more than 1/2 hour (Getting right into the spirit of it). Whilst their time is wasted they cant rip off some other poor sucker.

"WrYttiN-WuRDz" by Professor FalconDUMMY (-1)

Anonymous Coward | more than 2 years ago | (#36449478)

Or rather, a MURDER of the english language (lol, read on, this is hilarious - 5 yr. olds write better):

"It's enlessly amusing to see such incredible ignorance." - by Professor FalconDUMMY (1289630) on Monday June 13, @06:57PM (#36430124)

Look - we're not here to decipher your "hieroglyphics", and you're correct (especially about yourself, lol!) - however? It's endlessly you illiterate DOLT!

Now, for everyone's amusement here?

However, below?

I managed to do a translation of your "troll speak", and, with CONSIDERABLE effort, for the benefit of others here (and for their amusement at your expense trolling dolt) and, I have consolidated your single day 'fine effort' & attempts at writing properly (lol, not - 4 blunders in writing in a single day? Please... lol!) here:

"THE CONSOLIDATED ILLITERACY COLLECTION BY PROFESSOR FALCONDUMMY" (world reknowned master of illiteracy, lol!)

---

FROM http://slashdot.org/comments.pl?sid=2235170&cid=36431020 [slashdot.org]

"its hillarious" - by Professor FalconDUMMY (1289630) on Monday June 13, @08:07PM (#36430760)

LMAO! Hahahahahaha... Now that? That's HILARIOUS!

So you know?

The correct phrase, and spelling, is "it's hilarious" using the contraction for "it is" properly, and spelling hiliarious properly... apostrophes boy, learn about 'em!

(Not what you 'ScRiBBLeD' in your droolings on the printed page fool quoted above!)

---

This one take the cake:

FROM -> http://slashdot.org/comments.pl?sid=2231292&cid=36430236 [slashdot.org]

Soemthing more complicated for me... Would have liked to arrive earlier but definately left on time! - by FalconDUMMY (1289630) on Monday June 13, @07:13PM (#36430236)

It's "SOMETHING" and "DEFINITELY" you illiterate moron! The only thing that appears COMPLICATED for you is writing properly, hahahaha...

(However, you MAY have a future in "encryption", lol, because your "hieroglyphics" style of writing is unbelieveable! LOL!)

---

FROM -> http://slashdot.org/comments.pl?sid=2222626&cid=36381748 [slashdot.org]

"Climate deniers have done a lot of damage to the credibilty of all scientists with their vile lies and obsufcation of the issue." by Professor FalconDUMMY (1289630) on Wednesday June 08, @07:27PM (#36381748)

LMAO - You've done CONSIDERABLE DAMAGE to the English lanuage Roman Maroni (see the film Johnny Dangerously, lol) and to your own attempts at "acting intelligent", because your spelling is HORRENDOUS!

(It's credibility and obfuscation, moron!)

As you can see? Professor FalconDUMMY is trying to "obsufcate" (???) the english language. His own form of encryption, perhaps? NO, it's just trollspeak (illiterate trollspeak, lol).

(Wait, wait... read on, it only gets BETTER, lol!)

---

FROM -> http://slashdot.org/comments.pl?sid=2222626&cid=36381748 [slashdot.org]

its endless fun hoisting them with their own petard of scein tific corruption. " by Professor FalconDUMMY (1289630) on Wednesday June 08, @07:27PM (#36381748)

Well, what about YOUR CORRUPTION OF THE ENGLISH LANGUAGE THERE, "Roman Maroni"? LMAO!

---

FROM -> http://slashdot.org/comments.pl?sid=2235170&cid=36429940 [slashdot.org]

"Personal I find the "free market" does a fine job of slandering itself." - by Professor FalconDUMMY (1289630) on Monday June 13, @06:37PM (#36429940)

Personally speaking, the correct word & turn of a phrase here is PERSONALLY, not "personal" as you wrote (incorrectly as per your "hieroglyphics usual", lol!).

---

FROM -> http://slashdot.org/comments.pl?sid=2235170&cid=36430760 [slashdot.org]

"Still havent made me angry at all" - by Professor FalconDUMMY (1289630) on Monday June 13, @08:07PM (#36430760)

Ahem - it's "haven't" (see the apostrophe? Good - we knew you could, lol!) and, we still haven't managed to teach you how to write or spell properly either, lol!

---

Please - You need to get out of grade school, or get "hooked on phonics" Professor FalconDUMMY! You did ALL OF THOSE IN LESS THAN 1 DAY'S TIME... lmao!

(That's what you get for trolling others off topic as you do, FalconDUMMY -> http://it.slashdot.org/comments.pl?sid=2198230&cid=36418054 [slashdot.org] )

Re:What about turning the tables on them? (1)

tehcyder (746570) | more than 2 years ago | (#36459946)

Whilst their time is wasted they cant rip off some other poor sucker.

As long as you don't mind wasting your own time too. Although presumably most people would do this on work time rather than their own.

falconhell is a waste of time (0)

Anonymous Coward | more than 2 years ago | (#36462212)

Trying to read falconhell's hieroglyphics style attempts at the english language alone is hours of translation from badly spelled manglings of the english language. I am judging that from the other replies here that actually had many a quoted proof of it. Utterly hilarious proofs in fact. I've never seen anyone write that poorly in only 1 day's time in fact.

Re:What about turning the tables on them? (1)

Anonymous Coward | more than 2 years ago | (#36448972)

These scammers have been calling me weekly for about a year so a couple of months ago I fired up a freshly installed Windows 2000 VM and played along.

I installed logmein at their request and they took control. The "engineer" showed me event viewer ("look, infections!"), opened a command-prompt, typed a few irrelevant commands (ping, nslookup and tree) and then typed the word "expired". The salesman assured me that this meant my "core security system" had expired.

The engineer then took me to their website where they clicked a button to initiate a £40 paypal payment "to renew my core security system". Happily the ancient version of IE in Windows 2000 didn't understand paypal's https so it wouldn't connect. After half an hour of pointless tinkering they installed firefox and got me connected. And, of course, I refused to enter my details.

Anyway, this isn't a sophisticated scam. There's no malware. They are just trying to convince you to give them £40.

I reported the scam to paypal, but they weren't interested because I hadn't parted with any money.

Re:What about turning the tables on them? (1)

tehcyder (746570) | more than 2 years ago | (#36459964)

Con men are con men. All the stuff people talk about elite hacking skills is irrelevant compared to the age-old techniques of social engineering..

This begs the question: (1)

For a Free Internet (1594621) | more than 2 years ago | (#36445988)

In World 2.0, our new 21st century hyperconnected, hyperlinked multipolity, what is "identity"? What is the "individual"? Let's move beyond dealing with this phenomena like a police procedural. I propose that the phishers are really the new philosophers of our age, telling us that we are all eafch other, and that humanity is one. Hooray and hozanna for the new age of equaius!!!!!

Re:This begs the question: (1)

JavaBear (9872) | more than 2 years ago | (#36446078)

Well, someone have been reading too many bad "cyber" novels, with a bit of Karl Marx in the mix, while on crack.

Re:This begs the question: (0)

For a Free Internet (1594621) | more than 2 years ago | (#36447508)

you are a goat fucking goat fucker, obviusl youy are also illiterate and obese and fat.

Re:This begs the question: (1)

tehcyder (746570) | more than 2 years ago | (#36459978)

you are a goat fucking goat fucker, obviusl youy are also illiterate and obese and fat.

Wow, the ghost of Oscar Wilde is posting on slashdot.

The Art of Deception (3, Informative)

DigiShaman (671371) | more than 2 years ago | (#36445996)

The Art of Deception. By Kevin D. Mitnick. It's worth reading.

Re:The Art of Deception (3, Funny)

DeusExMach (1319255) | more than 2 years ago | (#36446044)

It takes a thief...

Re:The Art of Deception (2, Funny)

Anonymous Coward | more than 2 years ago | (#36446264)

The phrase “Set a thief to catch a thief had by this time (after strong representations from the Thieves’ Guild) replaced a much older and quintessentially Ankh-Morporkian proverb, which was “Set a deep hole with spring-loaded sides, tripwires, whirling knife blades driven by water power, broken glass and scorpions, to catch a thief.”

Re:The Art of Deception (1)

repapetilto (1219852) | more than 2 years ago | (#36446378)

I wonder if thatd be legal to have. Like in your own home.

Re:The Art of Deception (1)

trum4n (982031) | more than 2 years ago | (#36448800)

Nope. No Deadly Scorpions without a license where i live. And you'd need a permit for the hydro power setup. And the water source. And the hole.

Re:The Art of Deception (1)

tehcyder (746570) | more than 2 years ago | (#36459994)

I wonder if thatd be legal to have. Like in your own home.

Yes, because obviously that would just be using reasonable force to protect yourself. You fucking moron.

Re:The Art of Deception (1)

AliasMarlowe (1042386) | more than 2 years ago | (#36460396)

I wonder if thatd be legal to have. Like in your own home.

Yes, because obviously that would just be using reasonable force to protect yourself. You fucking moron.

Should it also be large enough to handle the entire SWAT team that might attempt to break into his home on a warrantless raid? Reasonable force for protecting yourself, it would seem, but perhaps not a reason a court might accept.

i rape animals (-1)

Anonymous Coward | more than 2 years ago | (#36446006)

i use their brains as anal lubricant

Government, Businesses must now become police stat (-1)

Anonymous Coward | more than 2 years ago | (#36446082)

Is it any wonder, that network security so closely resembles societal security. And when religion finally dies, the only security we will have is an all pervasive police state. It is a paradox unimaginable.

Re:Government, Businesses must now become police s (0)

Alex Belits (437) | more than 2 years ago | (#36446816)

network security so closely resembles societal security

No, and you are dumb for posting this, and you made everyone who read this, a little bit dumber.

Re:Government, Businesses must now become police s (1)

Jawnn (445279) | more than 2 years ago | (#36447374)

Is it any wonder, that network security so closely resembles societal security. And when religion finally dies, the only security we will have is an all pervasive police state. It is a paradox unimaginable.

WTF? What security has religion ever provided?

Re:Government, Businesses must now become police s (1)

bstender (1279452) | more than 2 years ago | (#36458168)

"WTF? What security has religion ever provided?"

WTF you say? Considerable social cohesion for starters. But more specifically, the way individuals manage the chaos. That is, the framework for a brain to function in the world. You may say "that is simply opiate for _lame persons_", but the amazing Zizek can certainly help disabuse you of that naivety. I dish off to him bc to attempt to describe it is beyond the scope of a few paragraphs, (plus I'm never going to come close to doing it adequately anyway). But I will hint at the notion that 'religion' isn't the core of it, that is, the 'brands' you recognize, but rather the innate human faculty which creates religion(s) and which belief creates. It might even be fair to say that there is no security without "religion". You're soaking in it!

Maybe it's time... (5, Insightful)

__Paul__ (1570) | more than 2 years ago | (#36446130)

...to stop employing people who are so clueless when it comes to IT. Personal computers have been commonplace for more than twenty years now, it's time people started learning how to use them correctly.

I'm still coming across businessmen of a certain vintage (typically 50+) for whom it's a matter of pride that they "don't know anything about computers". FFS, it's 2011. Get a grip or retire.

Special sandbox for 'em (5, Interesting)

Mathinker (909784) | more than 2 years ago | (#36446162)

No, I think the best is to provide super-special sandboxing for them. One could even periodically send "test probes" to random people on one's network to better judge their level of acumen vs. current phishing techniques. Those who fail (or originally admit to being clueless) get:

  • all email which isn't a direct reply to something they originated "held up for review" by some luckless soul in IT
  • extra lockdown of their computer, perhaps including physically disabling USB ports and DVD drives
  • extra automatic monitoring of their computer for unusual behavior
  • segregating them into a special segment of the LAN which is only connected to the rest of the company via a special filtering/monitoring gateway

Re:Special sandbox for 'em (0)

Anonymous Coward | more than 2 years ago | (#36446504)

God says (puppet-net), "deeper promise stumbling God_is_not_mocked displeaseth lusts later melody speaking".

Re:Special sandbox for 'em (2)

AmiMoJo (196126) | more than 2 years ago | (#36448142)

I think the best is to provide super-special sandboxing for them.

Etch-a-Sketch

Re:Special sandbox for 'em (1)

Anonymous Coward | more than 2 years ago | (#36448536)

I've been studying phishing attacks and spear-phishing attacks for the past few years. And to be blunt, if you don't think that you are vulnerable, then you are truly the clueless one. You really don't understand the level of sophistication that these attackers have, in using the right kinds of email formatting, the right kind of language, the right kinds of events, and the right kinds of names of people in your organization.

Are you good enough to avoid PDF exploits? What if you got an email in your inbox about a conference in your field, would you be smart enough to avoid that? How about one that talks about a retirement party for a real person in your organization? Or one that used a stolen account from someone in your org? Read this article in Business Week to see some sophisticated phish [businessweek.com] .

Being arrogant about it and blaming users may make you feel good about yourself, but it won't solve the problem. So get off your high horse, be an engineer, and devise real solutions that can really work with people, instead of being an ass about it.

Re:Special sandbox for 'em (0)

Anonymous Coward | more than 2 years ago | (#36450268)

Except these people are really really dumb. By the way, the answer to every single one of your questions is "yes, I can deal with that".

Re:Special sandbox for 'em (1)

kmoser (1469707) | more than 2 years ago | (#36459050)

But how do we know that article you pointed us to isn't itself a spear phishing attack?

Re:Special sandbox for 'em (1)

Anonymous Coward | more than 2 years ago | (#36450822)

Yeah, what do you do when that special someone is the ceo? Technically clueless, but needs access to sensitive data.

Re:Maybe it's time... (2)

ColdWetDog (752185) | more than 2 years ago | (#36446174)

In my organization, it's not the old dinosaurs that create security problems, it's the idiot 20 something that bypasses Sonic Firewall (the dipshit product that it is) to get to Facebook by using HTTPS and then proceeds to play Farmville for hours. Unless you can employ security experts in every slot in your organization you have these problems. Remember this is about SOCIAL engineering, not technical issues.

Re:Maybe it's time... (1)

scream at the sky (989144) | more than 2 years ago | (#36446844)

it sounds like you work for my old employer...

the had an SonicWall in every location (~300 stores) that they relied on for everything security related, and as soon as some of the younger kids realized they could just https to whatever they wanted, it was game over and the PC's stopped working.

what was even better, was when the kiddies figured out they could unplug the ethernet cable from the laptops we had as our POS systems, and plug in their iPhone and tether that way, completely bypassing everything.

Re:Maybe it's time... (0)

Anonymous Coward | more than 2 years ago | (#36447232)

Serves you idiots right for not setting the damn thing up properly.

Install company created self-signed certificates in all company PCs and then MITM all outgoing encrypted connections, voila, full monitoring.

If sonic firewall doesn't support that then you (r management probably) are idiots for using it.

Re:Maybe it's time... (2)

badzilla (50355) | more than 2 years ago | (#36448032)

It originates from a time when anyone with aspirations to status in an organisation also had a secretary to perform manual tasks involving keyboards and typing. Admitting to doing one's own typing was a bit of a career depressant. These days I can't believe that anyone of whatever age in business can make serious claim to non-use of computers.

Re:Maybe it's time... (1)

tehcyder (746570) | more than 2 years ago | (#36460092)

It originates from a time when anyone with aspirations to status in an organisation also had a secretary to perform manual tasks involving keyboards and typing. Admitting to doing one's own typing was a bit of a career depressant. These days I can't believe that anyone of whatever age in business can make serious claim to non-use of computers.

Meanwhile, in the real world, there are still plenty of secretaries, admin assistants and directors' PAs. If you're a successful business person, time spent reading non-essential emails or typing letters is still wasted time.

Re:Maybe it's time... (0)

Anonymous Coward | more than 2 years ago | (#36448076)

I'm still coming across businessmen of a certain vintage (typically 50+) for whom it's a matter of pride that they "don't know anything about computers". FFS, it's 2011. Get a grip or retire.

And those are the ones that get you fired when you try to get them to comply with sane security policies. Try to restrict web browsing and email to one of those.

Re:Maybe it's time... (2)

flappinbooger (574405) | more than 2 years ago | (#36448224)

...to stop employing people who are so clueless when it comes to IT. Personal computers have been commonplace for more than twenty years now, it's time people started learning how to use them correctly.

I'm still coming across businessmen of a certain vintage (typically 50+) for whom it's a matter of pride that they "don't know anything about computers". FFS, it's 2011. Get a grip or retire.

No, for most people they have not developed any more technical competence for the computer than they have for the toaster. Once you could buy a computer from Wal-Mart at the same time as getting a loaf of bread and a gallon of milk, while having your oil changed, computers have become commodities. Why would you expect people to develop such deep understanding of using and securing their toasters?

Who is to blame? Start with Apple, then Dell. Gateway. The early "computer in a box, use color coded wires and a pictograph to hook it up" people made it stupid easy to own a computer. Once the stupid is in, hard to get stupid out.

It's not a bad thing over all, but from a security aspect it is.

Re:Maybe it's time... (1, Flamebait)

AmiMoJo (196126) | more than 2 years ago | (#36448254)

To be fair to some of these guys I think people of older generations were not taught to solve problems like we were, instead they learned by committing a series of steps to memory. There was a great XKCD about this, but basically they are stuck if the sequence they learnt doesn't work for some reason. Even something as simple as their USB flash drive being drive X instead of drive Y is enough if your brain works that way.

You can see this effect at work in IQ tests. Since the 50s they have been getting steadily harder, to the point where someone who scored 100 in 1950 would only get about 80 now - technically mentally deficient. Obviously people in the 50s were not idiots, they were just not taught problem solving at school, and even are pre-school level they didn't have all the educational toys that promote that kind of thinking like we did.

I'm not saying older people should not make an effort, just that the amount of effort is orders of magnitude more than we require to master something new.

Re:Maybe it's time... (0)

Anonymous Coward | more than 2 years ago | (#36448344)

Take that you old fogies.

Yea all you geezers get off my lawn :-D

Re:Maybe it's time... (1)

tehcyder (746570) | more than 2 years ago | (#36460170)

To be fair to some of these guys I think people of older generations were not taught to solve problems like we were, instead they learned by committing a series of steps to memory.

As someone of an "older generation" can I just say please fuck off you patronising, ignorant little shit?
Hopefully with your 1337 problem solving skills you can find an amusing way to kill yourself for our amusement.

Re:Maybe it's time... (1)

AmiMoJo (196126) | more than 2 years ago | (#36460938)

As someone who is just trying to be helpful and promote a bit of understanding can I just say please try not to be a twat and take it personally. Obviously my statement does not apply to everyone, I am just making a general point about school level education back then.

It is also the reason arse holes like you like to make out the youth of today are all dumb as shit and couldn't pass the exams you did. Yeah, they couldn't, because these days they don't teach the same way. I wish someone would do it the other way around - get people of that generation to take modern GCSEs and A Levels, see how badly they do.

Re:Maybe it's time... (1)

drinkypoo (153816) | more than 2 years ago | (#36448712)

I'm still coming across businessmen of a certain vintage (typically 50+) for whom it's a matter of pride that they "don't know anything about computers". FFS, it's 2011. Get a grip or retire.

What makes me grumpy is that there are qualified applicants for many of these jobs who DO have computer skills, but they hire based on something other than the ability to actually do the job. Pretty much every college job requires familiarity with Office. Pretty much nobody knows WTF they are doing. Then they have to hire additional IT staff to destink their computers because they're always trying to find ways to screw them up by doing something both unauthorized and stupid.

Re:Maybe it's time... (1)

Kittenman (971447) | more than 2 years ago | (#36455978)

I'm still coming across businessmen of a certain vintage (typically 50+) for whom it's a matter of pride that they "don't know anything about computers". FFS, it's 2011. Get a grip or retire.

Hey, I'm a businessman in my 50s, you insensitive clod!

Re:Maybe it's time... (1)

tehcyder (746570) | more than 2 years ago | (#36460046)

I'm still coming across businessmen of a certain vintage (typically 50+) for whom it's a matter of pride that they "don't know anything about computers". FFS, it's 2011. Get a grip or retire.

Well, if you can't produce compelling arguments to these businessmen for why they should know about computers, why would they bother?.

Re:Maybe it's time... (1)

nobodie (1555367) | more than 2 years ago | (#36461832)

typically 50+
Hmmmm, I am 56 and work in an office full of clueless keyboard bangers who I scare away by threatening them with the "Linux Virus"
There is no age band for clueless people, maybe you might oughta' try that age thing on a few others, like RMS say, or Steve Wozniak, both of whom have more creds than you will probably get in a life of tech work.

Last week I was chief invigilator for an exam that included a listening component. I created a set of USB pendrives with portable apps and VLC player loaded on together with the sound file to be played over the speakers in the class rooms. The only person who couldn't figure out how to drag and drop the sound file onto the player was the 28 year old Stanford grad who talks up his tech ability. You are officially refuted by anecdote, hang your head.

HAHAHAHAHAHA

Of course, when I got the drives back the only one that didn't have a virus on it (mostly the "recycler" virus) was the one from my tech illiterate office mate, so go figure.

English is our only hope (1)

Anonymous Coward | more than 2 years ago | (#36446160)

"Ass a security measure we hat to temporarily suspend your account. To restore your account Please download the form and fallow the instructions on your screen."

I don't think we have to worry too much until they learn English.

Not phishing (3, Informative)

lavagolemking (1352431) | more than 2 years ago | (#36446336)

Phishing [wikipedia.org] means tricking users into divulging sensitive data, usually a password. It is just one type of social engineering [wikipedia.org] . What is being described here is another form of social engineering, where users are told instead to install malware or something like that. It is not phishing, or even spear phishing. When you get a lot of information together to plan out an effective attack on human psyche, it's called pretexting.

Re:Not phishing (0)

Anonymous Coward | more than 2 years ago | (#36446848)

rate up

there's a reason why we have all the terms we have

Locked down computers (2)

Danathar (267989) | more than 2 years ago | (#36448304)

Fact of the matter is, the less companies, governments, organizations, etc trust their employees the less control they will give them. Every time a phisher is successful more control over the PC is taken away by security (in general).

I've seen this happen in my organization. The flexibility of having a computer you can install software that helps you do your job without permission is vanishing very quickly. Before long I expect that you will not be able to download any executable (even archived in zip) or run them. Of course this not saying they will not

Basically people's desktops at work are going to become less "personal computer" and more "web/document processing workstation".

Re:Locked down computers (1)

The O Rly Factor (1977536) | more than 2 years ago | (#36448906)

That's the way it should be, and that's definitely the way it is at my job. Every good sysadmin knows that the biggest idiot in the whole system is the user.

If you are allowing common users to install their own software, you are doing it wrong.

Re:Locked down computers (2)

firewrought (36952) | more than 2 years ago | (#36453070)

That's the way it should be, and that's definitely the way it is at my job.... If you are allowing common users to install their own software, you are doing it wrong.

Security groups tend to define "the way it should be" by whatever makes life most convenient for them. In their ideal environment, no software can run, no hardware can be introduced, no websites can be visited, and no emails can be received. Or at least, they'd like to get as close as possible to that environment as they can without management figuring out that they're responsible for organizational deadlock. Many of the promises of computing are lost to this mindset, and the bureaucratic "no" takes significant time, energy, and political influence to overturn or circumvent.

Ideally, however, "the way it should be" is defined by whatever makes the organization most capable for the least amount of risk. There's a balance to be struck, and we haven't figured out how to organize IT departments so that security policymakers have an intrinsic interest in finding that balance.

For the first time I've seen in years . . . (1)

DinDaddy (1168147) | more than 2 years ago | (#36448444)

Someone used the word hone correctly, and without appending "in" to it. I am going to go weep for joy.

You're going to LOVE THIS then, lol! (0)

Anonymous Coward | more than 2 years ago | (#36449658)

Re:You're going to LOVE THIS then, lol! (0)

Anonymous Coward | more than 2 years ago | (#36452762)

Only because it shows what an idiot APK is.

FalconDUMMY, you're the illiterate idiot (lol) (0)

Anonymous Coward | more than 2 years ago | (#36457830)

Or, is your not answering a simple question not enough to evidence that much, here:

http://it.slashdot.org/comments.pl?sid=2198230&cid=36418054 [slashdot.org]

Hmmm?

OIC - It's "ok for falconhell to troll others, but not for him getting 're-trolled'", right?? Wrong - what's "good for the goose, is good for the gander" - learn to take what you dish out! OR, just stop trolling others, pretty simple!

(Additionally?? Learn to SPELL and WRITE... lol, please! We're not here to decipher your 'hieroglyphics' falconhell...)

Lastly - your replies as "AC" to try to 'defend yourself', especially when you have a registered 'LUSER' account here??? Pitiful... lol!

A major contributor (1)

portwojc (201398) | more than 2 years ago | (#36448558)

And the malware that they're installing continues to evade antivirus software

Support: Hello this is anti-virus/malware company XYZ how can I help you.
Caller: Yes I have this software called Anti-something 2010 that just popped up on my screen. I have your software installed and it still came up.
Support: You can call our 1-900-BLAH number and they can assist you for $39.95 a minute to remove the software.
Caller: So why did I buy your software in the first place?

Some easy email fixes inside (0)

Anonymous Coward | more than 2 years ago | (#36457760)

These are simple, easy-to-implement measures vs. malware attack in email (which IS how phishing &/or spamming works anyhow):

---

1.) Set email readers (like Outlook variants & others external to webbrowsers) to do TEXT ONLY message displays.

2.) Use a custom HOSTS file (filled with malware sites &/or phishing/spamming site data - yes, there are places like SpamHaus for instance (or there used to be) that have THAT type of data that's regularly updated) since HOSTS files do what things for browsers in addons like AdBlock can't - cover email readers!

3.) Use a decent email reader that already has blocks of known malwares (Windows LIVE has such features for example).

4.) If/when possible - don't allow scripting in browsers OR email readers

---

* Those SIMPLE MEASURES can stall hack/crack attempts in emails easily... for starters!

APK

P.S.=> Is there MORE you can do? Yes, sure, & at the firewall perimeter level, as well as local DNS servers using DNSBL lists too (if not browser level TPL's like for IE, NoScript in FireFox, Opera's urlfilter.ini too etc.), but those measures above? A decent enough start!

... apk

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...