Showing posts from September, 2011

Fake BA Email Scam

This one has reached a lot of people including myself. Check the email below. The url in red is where clicking the link above it actually takes you.

Once clicked you are redirected to another fake webpage. (below)

This is where you are asked to enter your credentials. Right or wrong the credentials entered get harvested and the link redirects you to another real BA webpage.

BA are aware of this scam and are looking into it....

Would you know if you had been hacked ?

It would be fair to say that many companies assume they have secure systems because they implement strict security measures.
The problem is how do we know that our security is working. Does never getting hit by a virus mean that our anti-virus software is
doing it's job or have we just been lucky ?
It usually takes an incident to focus awareness on system or procedural failings. The benefits of regular Penetration Tests are well understood in the industry, however taking more time to frequesntly examine and understand log files will pinpoint areas of concern a lot sooner if they are being exploited.

The problem with log files typically falls into a few categories.

1) The number of devices which require management.
2) The quality and retention period of the logs produces.
3) Undestanding the meaning of the files themselves.

Even the simplest of networks will have one or more servers, a firewall, a router and wireless access points to name a few.

Firstly enable logging on each device, be fa…