Professional Documents
Culture Documents
By
Richard Hammer
LANL
LA-UR-08-2558
UNCLASSIFIED
UNCLASSIFIED
In the news!
•The initial entry of malware into the ORNL networks reportedly came via a phishing email that took
advantage of a temporary vulnerability in the Internet Explorer (a Microsoft fix came April 12, a day
after the lab identified the intrusion). knoxnews.com
•RSA, the security division of EMC, has revealed the firm's data breach in mid March was the result of
a spear phishing attack. The spear phishing attack exploited an Adobe Flash vulnerability that was
unpatched at the time. computerweekly.com
•Sony is warning customers who use the Playstation Network and/or Sony Online Entertainment to be
on the alert for possible spearphishing attacks. The company suffered a data breach and says a
hacker may have gained access to over 24 million accounts including email addresses, birthdates,
phone numbers, passwords, and more-including credit card numbers, which have been spotted for
sale in several cybercrime forums. allspammedup.com
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Understanding e-mail
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Encrypting e-mail?
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
• Guy Lisella
“Anytime they ask for personal
information, it’s a scam.”
• Legitimate businesses will
NEVER ASK for personal
information to be transmitted
over clear text e-mail!
• If unsure, call them.
UNCLASSIFIED
UNCLASSIFIED
What is wrong?
UNCLASSIFIED
UNCLASSIFIED
Understanding URLs/Redirection
http://computername.subdomain.domain.name/directoryname/resourcefile.htm
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
http://www.facebook.com.herrazzb.eu/...
UNCLASSIFIED
UNCLASSIFIED
http://up-dates.lanl.gov.secure.1-central.net/...
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
• Is it secure?
• Redirection
• Man-in-Middle Attack
UNCLASSIFIED
UNCLASSIFIED
• SessionID
https://ucfy.ucop.edu/ucfy/BaseServlet;jsessio
nid=0000q9ZvjIPe7xWTjxeftFjTqBy:-1
• Cookie
– Persistent
– Non- Persistent
UNCLASSIFIED
UNCLASSIFIED
Desktop Client
WW W Server
Desktop Client
TCP/IP Port 443 TCP/IP Port 443 WWW Server
Bad Guy
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Secure ???
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Firefox - Noscript
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Passwords Everywhere?
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Educate Yourself!
&
Always Initiate the
Communication
UNCLASSIFIED