Saturday, 17 September 2011

Fake BA Email Scam

This one has reached a lot of people including myself. Check the email below. The url in red is where clicking the link above it actually takes you.

Once clicked you are redirected to another fake webpage. (below)

This is where you are asked to enter your credentials. Right or wrong the credentials entered get harvested and the link redirects you to another real BA webpage.

BA are aware of this scam and are looking into it....

Monday, 12 September 2011

Would you know if you had been hacked ?

It would be fair to say that many companies assume they have secure systems because they implement strict security measures.
The problem is how do we know that our security is working. Does never getting hit by a virus mean that our anti-virus software is
doing it's job or have we just been lucky ?
It usually takes an incident to focus awareness on system or procedural failings. The benefits of regular Penetration Tests are well understood in the industry, however taking more time to frequesntly examine and understand log files will pinpoint areas of concern a lot sooner if they are being exploited.

The problem with log files typically falls into a few categories.

1) The number of devices which require management.
2) The quality and retention period of the logs produces.
3) Undestanding the meaning of the files themselves.

Even the simplest of networks will have one or more servers, a firewall, a router and wireless access points to name a few.

Firstly enable logging on each device, be familiar with the options for logging on these devices and make an effort to understand the logs. In medium to large networks consider implementing centralised logging such as syslog or a proprietory system.

I will focus more on log files and options in further posts. If you have any questions or related input please leave a comment.

Email Retention Policies

Many companies have little to no email retention policies in place.  The idea here is to ensure that if a business related email is required...