Phishing: An Interesting Twist On A Common Scam

Written by Darren Miller

Continued from page 1

You remember that router that was compromised? For proof of concept purposes,repparttar router configuration was altered to forward all Internet traffic bound forrepparttar 140842 legitimate web server, to another web server where user ID, password, and account information could be collected. The first time this information was entered,repparttar 140843 customer would receive an ambiguous error. The second timerepparttar 140844 page loaded,repparttar 140845 fake web server redirectedrepparttar 140846 customer torepparttar 140847 real site. When repparttar 140848 user re-enteredrepparttar 140849 requested information, everything worked just fine.

No one, notrepparttar 140850 customer, norrepparttar 140851 company had any idea that something nefarious was going on. No bells or whistle went off, no one questionedrepparttar 140852 error. Why would they, they could have putrepparttar 140853 wrong password in, or it was likely a typical error on a web page that everyone deals with from time to time.

At this point, you can let your imagination take over. The attacker may not move forward and userepparttar 140854 information collected right away. It could be days or weeks before it is used. Any trace of what actually took place to collectrepparttar 140855 information would most likely be history.

What Do You Really Get Out Of Security Assessments


I can't tell you how many times I've been presented with security assessment reports that are pretty much information output from an off-the-shelf or open source automated security analyzer. Although an attacker may userepparttar 140856 same or similar tools during an attack, they do not solely rely on this information to reach their goal. An effective penetration test or security assessment must be performed by someone who understands not only "security vulnerabilities" and how to run off-the-shelf tools. The person executingrepparttar 140857 assessment must do so armed withrepparttar 140858 tools and experience that meets or exceeds those a potential attacker would have.



Whether you are a small, medium, are large company, you must be very careful about who you decide is most qualified to perform a review of your company's security defense systems, or security profile. Just because an organization presents you with credentials, such as consultants with their CISSP....., it does not mean these people have any real-world experience. Allrepparttar 140859 certifications inrepparttar 140860 world cannot assure yourepparttar 140861 results you receive from engaging in a security assessment are thorough / complete. Getting a second opinion is appropriate given what may be at stake. If you were not feeling well, and knew that something was wrong with you, would you settle for just one Doctor's opinion?

Quite frankly, I've never met a hacker (I know I will get slammed for using this term, I always do), that has a certification stating that they know what they are doing. They know what they are doing because they've done it, over and over again, and have a complete understanding of network systems and software. On top of that,repparttar 140862 one thing they have that no class or certification can teach you is, imagination.

About The Author ---------------- Darren Miller is an Information Security Consultant with over sixteen years experience. He has written many technology & security articles, some of which have been published in nationally circulated magazines & periodicals. If you would like to know more about computer security please visitus at

Attracting More People To Your Web Site

Written by Dan Brown

Continued from page 1
6. Give visitors a free entry into your contest or sweepstakes. The prizes should be something of interest or value to your visitors. Most people who enter will continually revisit your web site to getrepparttar results. 7. Let visitors download free software. It could be freeware, shareware, demos etc. You could even turn part of your site into a free software directory. If you createdrepparttar 140819 software, include your ad inside and let other people give it away. 8. Offer free online services or utilities from your web site. They could be search engine submitting, copy writing proofreading etc. The service or utility should be helpful to your target audience. 9. Give free consulting to people who visit your web site. You could offer your knowledge via e-mail or by telephone. People will consider this a huge value because consulting fees can be very expensive. 10. Give your visitors a free membership to your online club. People want to belong to something, why not your online club. You could also give away a free e-zine for club members only.

Dan Brown has been active in internet marketing for the past 4 years. Dan currently is working with the Zabang search engine, introducing their new affiliate program which is due out July, 2005.

    <Back to Page 1 © 2005
Terms of Use