Paypal attacked by phone phishers

Some attackers are moving from traditional email phishing to phone phishing and it seems that this phishing method its now increasing. Make sure your network users don't 'spread the word' over the phone.

Fraudsters are attempting to trick paypal users by persuade them to call a phone number and provide sensitive account information. When the number is dialed, users are greeted by an automated voice saying: 'Welcome to account verification. Please type your 16-digit card number.'


Anti-Phishing tips to protect your network users:

• Anti-Phishing Hardware for large networks, see the 'spam' topic post
• Never surf into website by link clicking, type manually
• Report the message to the company impersonated in the email.
• Use anti-phishing software
• Beware of "pharming", In this latest version of online ID theft, a virus or malicious program is secretly planted in your computer and hijacks your Web browser. When you type in the address of a legitimate Web site, you’re taken to a fake copy of the site without realizing it.
• Realize that phishing can also be done by phone
• Report suspicious phishing to www.fraud.org

Final words, remember that phishing its not all about bank accounts, it can open a flaw and compromising your network security with confidential information.

Penetration test to your Network

The best method to secure your network is to use the same methods as Evil Blackhat hackers would use. System auditors can check for your security holes and provide useful links related to their fix. I would highly recommend you a periodical check to your system with a penetration tester available on the net. Many of them are not free, but... there is a price for your data integrity and privacy.

Computer Security companies are very efficient but... not so affordable! Depending on the risk you have with your network, as a BOPH (for those who don't know.. Bastard Operator From Hell, a zero tolerance system admin) you can make some check routines.

You can check these fine auditor backtrack.

Cracking WEP

I think wireless networks are the future, although there is many security issues to be concerned.
IEEE released in 1999 Wireless Equivalent Privacy (WEP) as part of their 802.11 standard.

I knew that WEP is 'crackable' but i never tried to crack it, until now :)
I am amazed with the ease that WEP can be cracked! I never thought it would be so easy.

the crack

First of all, you need these checklist:

• Remote Access Point (to be cracked)
• Remote AP user
• Wireless Network Card, many of them are not compatible
  
• Software AIRcrack-NG (you'll find the link at the bottom)

1# Start sniffing a specific wireless channel.
2# You'll analyze the wireless data packets transmitted from the AP user to Remote AP and save to a file (these process can be time consuming). WEP 64-bits key require an average of 300,000 packets, 128-bits key requires 1,000,000 packets. Note: These are average values.
3# Now we crack the key, use AIRcrack to crack the analyzed packets from file, this can take average of... 10 seconds !!!

Now you have the AP key.

How do i secure my network without WEP ?

Instead of WEP, use WPA (also crackable but much more difficult). If your network supports WPA2 you can also try this authentication method. Never use dictionary based words for passwords and it is a good policy to combine chars and digits as well.

NOTE: WEP cracking according to your country laws can be illegal. I tried to crack my home network. You can also try with yours or with AP owner permission.

I found these fine guide about cracking wep here, you can also download AIRcrack-ng.

Google Enterprise Solutions

Google is on the way through their internet world domination. They've already spotted the average internet home user and also the eCommerce business, but now it's time they go ahead with the enterprise internet solutions.

"Wouldn't it be great if search within your company was as easy as search on Google.com? With Google Enterprise products, you can offer employees simple, fast and secure search across all your information -- including intranets, document and content management systems, file servers, corporate desktops, and business applications ... "

This is particularly useful for large networks, MIT is using it. Imagine what is like searching all over MIT network for a specific document/site ? Currently online page 'searchers' are not so effective and not so configurable as google search. Their Hardware is fully configurable and you can place in your rackmount U1 or U2 depending on the hardware model.

More information about google enterprise solutions ? Click Here

Spam all over your network ?

Spam nowadays can be a very serious problem! We are constantly being annoyed each day by advertising such as Pharmaceutical (52%), Gifts (14%), Enhancers & Diets (13%) and other fraudulent email. But that's not all! Spam can also slow down your networking caused by the massive unnecessary emails travelling all over your network cables and occupiying your precious bandwith. On large networks such as Hotmail it can be a critical problem, they had to activate an emergency anti-spam tool because they were constantly being massed with Spam.

Barracuda Networks as released their Barracuda Anti-Spam & Firewall Hardware, it can radically reduce spam by monitoring in Real-Time your email traffic and through fingerprint detection technology detects the spam by scoring each email and block all emails that match a pre-defined score before it passes through your Email Server.



But that's not all! It's more than a simple spam filter, it can protect your network from:

• Anti-spam
• Anti-virus
• Anti-spoofing
• Anti-phishing
• Anti-spyware (Attachments)
• Denial of Service

It is fully configurable through website control center and different models are available depending on your network size.

You can check more information about these device Here