In this blog I will outline vulnerabilities that could potentially be exploited by phishing and pharming attack mechanisms in order to realise the threats mentioned in my previous blog. The first threat discussed was employees replying to phishers with personal and confidential information. To realise this threat, the employee must a) be contacted and b) [...]

It is important to know the threats phishing and pharming pose to your company and employees. In particular, there are four primary threats; employees replying to contact made by an adversary [3], malicious software being installed on employee workstations [1], employees or the public visiting an illegitimate website under the presumption it is legitimate [6], [...]

Whilst relatively secure in 1997, the WEP algorithm can now days be easily cracked. To compromise the vulnerable WEP algorithm, an adversary must employ a sniffer, which “passively monitors the WLAN and computes the encryption keys after a variable number of packets have been sniffed” [3]. The goal is to recover two ciphertexts with identical [...]

Three weeks ago ZDNet reported that the iPhone DST (the clock / alarm) had a bug when switching between Daylight Savings and Standard time. The bug causes the alarm to go off 1 hour later than usual (as reported by many angry twitteries out there!). The bug was caused when the phone’s internal clock was [...]

Phishing and Pharming are two social engineering techniques used to deceive users out of personal information. While both are concerned with obtaining personal information from unsuspecting victims, the way phishing and pharming are performed is slightly different. Phishing Phishing employs social engineering and technical trickery to obtain confidential information (e.g. bank account details) from victims [...]