The paper I will be writing is entitled The Severity of Social Engineering. This paper will begin by breaking down the definition of severity as per the industry standard.   Companies such as SANS have developed security models such as the SANS Top 20 Cyber Security Risks.  SANS looks at various aspects including client-side vulnerabilities, internet-facing web site vulnerabilities, Zero Day vulnerabilities, etc.  This paper will look at what aspects are used to determine the severity of attacks to develop a definition of what the industry looks at to define severity.

The industry does not have an official definition for social engineering; therefore, this paper will look at the loose definitions of social engineering and develop a definition that can be used in the industry.  Social engineering has been around as long as social interactions have existed.  Attackers use human interaction techniques to persuade others into doing things for the attacker and/or providing information to the attacker.

With many human interactions now done online, social engineering attacks have been exceedingly prevalent around the internet.  This paper will then apply the definition of social engineering to the definition of severity and determine whether or not social engineering will be in the top cyber attacks in the immediate future.   This paper will also provide some recommendations on how to combat these attacks.

General

Hello Everyone,

I know I said I’d get around to this sooner, sorry for the wait.

Attached is the paper I wrote on social networking, which was based primarily on the research done based on those who participated in the survey on Facebook.

Once again, thanks to everyone who participated in the survey.  I hope you enjoy the paper!

Update: Facebook has agreed to make some changes to their privacy policy based on the privacy commissioner of Canada’s findings.  (I like to think maybe my paper had a little to do with it as well )

Click here to view

General

Hello readers!

CloudCamp is coming to Toronto July 22nd, 2009.

“CloudCamp is an unconference where early adopters of Cloud Computing technologies exchange ideas. With the rapid change occurring in the industry, we need a place we can meet to share our experiences, challenges and solutions. At CloudCamp, you are encouraged you to share your thoughts in several open discussions, as we strive for the advancement of Cloud Computing. End users, IT professionals and vendors are all encouraged to participate.” – CloudCamp

What: CloudCamp Toronto
When: July 22, 2009
Where: Toronto Marriott Downtown Eaton Centre (525 Bay Street)
Who: Anybody
Price: Free
Time: 5pm-9pm

For more information visit their website: http://cloudcamp.com/toronto

General

Hello everyone,

Thank you to all those who participated in the survey! The results will be posted in early August.

General

Hello readers!

Happy 2009! I get a lot of questions about these “safe surfing” practices I often refer to. Therefore I thought I’d start off the new year with the following article explaining what exactly I’m talking about. I’m going to assume that most people are using a version of a Microsoft’s Windows operating system for the majority of these, however when there is something that applies to other operating systems, I’ll be sure to mention it.

Safe Surfing Tip #1: Applies to Apple and Microsoft
Always buy your operating system!

The first and foremost reason for this is that companies like Microsoft and Apple constantly provide software updates and patches that are vital to your protection as a user of their software. These major companies put lots of money into taking care of their customers. It may not always seem like it, but they do. Everytime there is a loophole, the programmers are hard at work to fix it. If you choose to use a cracked version, you are A: (In most countries) Doing something illegal and B: Are missing out on critical updates to prevent malware and other types of attacks.

Safe Surfing Tip #2: (Applies mainly to Microsoft products, but more and more to Apple as well)
Always buy and regularly update your antivirus software!

Same sort of theory applies to this tip. If you don’t buy the software and use a cracked version or nothing at all, you are subjected to not having the updates and proper proactive protection needed when surfing the internet.

Also, choose one program and stick with that. No need for more. They just get in each other’s way. I’m not going to recommend one over the other, there have been many comparisons that can be found online if you’re willing to do the research.

Safe Surfing Tip #3: (Applies to all users of antivirus software)
Just because you have antivirus software, doesn’t mean you won’t get infected.

The first statement I get when someone comes to me with a virus issue is “but I have antivirus software!”

The main reasons that the virus got through the protection are as follows:
1) You disabled it
2) The “allow” button was clicked one-too many times
3) You allowed some program like Limewire through to download illegal music and downloaded something you thought was music, but was really a virus!

Well either those or you got tricked into opening a “male enhancement” attatchment because it was sent by a spoofed address that you thought was someone you knew.

Safe Surfing Tip #4: (Applies to everyone)
If you should be paying for something but you’re not, there’s always a chance you’re not getting what you expect.

This applies for many things, the main one being those users of torrents and P2P sharing programs. Like I mentioned in my little Limewire rant above, often files thrown into the mix of mp3s are malicious files that are mistakenly downloaded onto the system and run, thus hitting your system pretty hard with a wide variety of infections. This applies even more with software programs and keygens. Countless times I’ll check the browsing history of an infected computer and I’ll see search history for a keygen.

I’ll also mention one thing here I really can’t stand and that is people searching for pornography. In both real life and the virtual world, it’s a great way to catch a little more than a cold. I’ll leave it at that.

Safe Surfing Tip #5: (Applies to All)
When in doubt, don’t do it.

This is a common tip you hear in all walks of life. Unless you’ve got some neuropsychological issues, instinct is your friend. That gut feeling you get when you’re going somewhere you’re not supposed to be is telling you something. Listen to it.

These are just a few of the ways to stay safe when browsing the internet. Remember common sense is a lost art. Learn to use it!

General antivirus, Apple, common sense, danger, Mac, malware, microsoft, PC, Phishing, safe surfing, spam, spyware, tips, virus

Hey Everyone,

Just a quick note here.  The Websense Security Labs Threat Seeker has released information on fake coupons that are coming in e-mails.  The email address is spoofed to make it seem like it’s coming from somewhere legitimate. The coupons are coming in the form ‘file.zip’.  Notice that the files are a .zip file meaning an archive that when opened installs a virus on your system. The file in the archive is either promotion.exe or coupon.exe. Again notice that it is a .exe extension, which means an executable file. Coupons are usually in a .jpg which is an image file.  Either that or a link to the company’s website with the coupon image is there.  Just keep an eye out!

The full story with pictures is available here I strongly suggest you take a look at the images so you know what to look out for.  Keep in mind, spammers like to use various companies to trick you into paying them, so be careful!

General

Hello Readers,

This is my first blog entry for IrfWorks.  In this entry will be a rough introduction to myself and things I’ll be talking about. So here goes:
As you may or may not know my name is Irfahn Khimji.  I currently run IrfWorks and am co-founder and Vice President of Sec-C, a security club founded at Seneca College.

This blog will be an informal, yet professional way of me talking about the latest security threats, common misconceptions I come across, as well as things I see user’s doing on a daily that may need some adjustments to protect them from virtual harm.

That’s about all there really is.  Look forward to hearing more about various events around town.

Irf

General