Miles Associates LLC

Jim Miles – IT & IT Security Consultant – Web Sites for Growing Organizations

Tag Archives: CSO Mag

Blogger: “I fell for the oldest social engineering trick in the book”

I’ve written countless stories about social engineering, with security experts far and wide telling our readers never to open a link from someone we don’t know. We’ve also published advice about making sure a message from a friend is for real before opening. That didn’t stop me from falling for one of the oldest tricks in the book.

Go ahead and have a good laugh at my expense. I deserve it.

via I fell for the oldest social engineering trick in the book | CSO Blogs.

“Someone tried to steal my identity” – CSO Mag

A cautionary tale regarding Facebook profile privacy:

Someone has spent the last three months trying to get prescription drugs using my name.I learned of this when I got home last night to a note on the kitchen table with a Salem, N.H. police officers name and number with a message to call him back.

Far as I can tell, he got the idea to use my identity from my Facebook page. I don’t give my address or year of birth, but I have had the day of birth on my profile. Given the mistakes the guy has made, it seems reasonable to connect it to my Facebook page. That doesn’t mean he didn’t get my information elsewhere, but it’s all I got at the moment.

I’ve since removed all birthday information, and feel rather stupid for letting that much information onto the profile to begin with.

via Someone tried to steal my identity.

Smartphone security: Keep your handset safe

Hard to deny the wisdom in here.  From CSO magazine:

Does Smartphone Security Really Matter?

The short answer is yes, absolutely, more and more…

Threats to your mobile security are not always easy to see. They range from the simple (such as when someone finds your phone and reads all of your e-mail) to the highly complex (such as Trojan horses, viruses, or third-party apps that share your personal information).

Here are some common security risks, with tips, tricks, and tools to combat them.

via Smartphone security: Keep your handset safe.

SMS ‘message of death’ threatens mobile phoness

Security researchers have shown that carefully crafted text messages sent to cell phones via short message service (SMS) can cause them to shutdown without the knowledge of the owner.

via Text message of ‘death’ threatens….

Web Application Security Scanners

I ran across this good article to share…

Today, Web penetration testing is considered a key component in ensuring application security, which has become an essential part of enterprise risk management, Kelley* says. Or as Joseph Fieman, analyst at Gartner, puts it, “It’s coming down to a race between you and the hackers. Either you use [penetration testing] or the hackers will do it for you.”

*Diana Kelley, VP and service director at Burton Group

via How to Evaluate and Use Web Application Security Scanners (CSO Magazine).

Where PCI DSS Falls Short

Where PCI DSS Still Falls Short (and How to Make it Better)  — Former CISO and Symantec strategic consulting director Ariel Silverstone goes through PCI DSS line by line and offers suggestions to make it more effective.

Currently, I believe it is possible to be 100 percent PCI compliant and have no real security.

via Where PCI DSS Still Falls Short (and How to Make it Better).  By my frieind, Ariel Silverstone.

Two views of the RSA Conference

Some attendees at RSA Conference 2009 wondered aloud if the gathering still has much value. CSO Senior Editor Bill Brenner offers his assessment

via Has RSA Jumped the Shark?.

Also, here is the report of my friend, Ariel Silverstone.

Social Engineers’ Favorite Pick-Up Lines

 9 Dirty Tricks: Social Engineers’ Favorite Pick-Up Lines

What the average guy might call a con is known in the security world as social engineering. Social engineering is the criminal art of scamming a person into doing something or divulging sensitive information. These days, there are thousands of ways for con artists to pull off their tricks. Here we look at some of the most common lines these people are using to fool their victims…