Friday, December 12, 2008

ironic: /me props av company

so i've dogged on the AV industry pretty hard in the past, but i want to give some props to the peeps at McAfee Avert Labs.

i've been following them on my feeds for a while and they turn out consistently interesting and nifty blurbs about attackers. sometimes tech, and sometimes just info.

i found this portion of a recent entry particularly interesting:

Many websites employ security images to convince the user that they can feel safe logging in so long as they see a teddy bear, a train, or some other image they choose from a library when creating their profile. As phishing scams become more complex, scammers’ websites can easily start acting as proxies to the legitimate website. This isn’t in widespread use yet, but a few isolated incidents have been seen, and the technique is easy to craft: when you enter your username into the phishing site, the site turns around and queries the legitimate website for your security image. It can then display the security image to the customer to gain their trust.


that's just an awesome bit of info. attackers using their phising sites as proxies to get your security image?!? a simple and prolly quite effective hack against pseudo-2-factor auth. it doesn't break the tubes, and there are mitigations, but it's something i'd never thought of before.

btw, the theme of that blog post is about online fraud and also users who are new to the internet, which is a topic some friends and i kicked around a while ago. we just got to the point where grandma isn't going to fall for lovebug type emails, and now we've got this emerging class of users out of china, some african nations, and other emerging economies. do we have to re-educate all of these people from scratch???

i was happy to hear from a coworker who recently got back from a trip to china that the security team he worked w/ over there is developing short (30 second) snippets about security best-practices and distributing them to their users as an ongoing practice. hopefully we'll see more stuff like that all over as time goes on...

sooooo, if avert labs isn't on your feeds, i'm poking you cause it's pretty good stuff...

anywho... lookit that, a post which props some AV peeps and ends on a hopeful note... ;)

No comments: