SANS Internet Storm Center published a bulletin on Friday that casts a new light on the capabilities of Social Engineering. The report describes a website whose visitors were infected with malware. And here is the problem since according to the author, Mr. Bojan Zdrnja, the site didn’t use the nearly universal technique of an iframe, which allows exploit code to be siphoned in from another website .
So what? We are facing a case of pure Social Engineering technique.. and quite an effective one.
As reported by the Internet Storm Center, “ When visited, the web page in question (a game site related to RuneScape) shows couple of broken icons and all links just point to another web page that conveniently inform the user that his version of Macromedia Flash Player needs to be updated. After this notice, the user is redirected to a web site hosting a complete replica of the Shockwave Player Download Center”.
French officials aren’t any longer allowed to use Blackberry to send and receive e-mails because of security concerns, the newspaper Le Monde reports .
The fear for potential espionage activities - specifically, snooping by the U.S. National Security Agency (NSA)- convinced French authorities to forbid the use of Blackberry devices in ministries and in other governmental areas.A similar warning had been already released 18 months ago by France’s General Secretariat for National Defense.
The warning was based on a study by French head of economic intelligence, pointing out the security threats brought about Blackberries.
On June 21st, the Defence Secretary Robert Gates confirmed that the previous day the Pentagon suffered a digital intrusion into a US Defence Department mail server, prompting authorities to take 1500computers offline.
Gates declared that “Elements of the OSD (Office of the Secretary of Defense) unclassified email system were taken offline yesterday afternoon due to a detected penetration,” also adding that “A variety of precautionary measures are being taken. We expect the system to be online again very soon.”
Three different DDoS attacks temporarily took Zone-H offline for some days, preventing Zone-H team to publish news and to update our Attacks Archive. Now that all Zone-H activities have been restored we point out some important digital events that affected both companies and governmental websites during last weeks .
One of the most worth noticing attack was carried out by a Turkish defacer against AOL’s website, based in Puerto Rico.
Today, June 21st 2007, a strict regulation integrating Europe’s ecommerce laws with British Terrorism Act has come into law . According to this regulation, the Electronic Commerce Directive, in some cases a foreign company can be brought to justice in the UK over blog postings that encourage terrorism.
In the Terrorism Act, already introduced in 2006, it is pointed out that specific police constables can ask a blog’s operator to remove those posts, remarks, comments which are considered as potentially inciting to committing terrorist acts.