Sober was the most prevalent e-mail worm of 2005. The carefully planned and coordinated attack started in early November 2005 and lasted until Jan. 6, 2006. In this presentation, iDefense examines the progression of the Sober attacks and the techniques the worm used to both infect its hosts and spread to others. iDefense also covers the impact that these attacks had on key corporate infrastructure and the future of the Sober worm itself.

This is a replay. It runs for 19 minutes and requires a headset or speakers. No interaction is possible

Researchers have often pointed to human users as the weakest and most commonly exploited attack vector. Although social engineering tactics have evolved, they remain simple and effective. In this report, iDefense explores the extent to which such targeted trickery affects the security environment today, and how it will continue to impact information security in the future.

This live webcast is scheduled for 2pm US EST (7pm GMT) on Wednesday 15th March, and requires an audio equipped computer for full participation.

As usual we will mount a replay on this site a day or two after the webcast.

We have, at Compliance and Privacy, and so has the Advertising Standards Authority in the UK. And a recent judgement aganst one such scheme has led to the ASA and the Committee of Advertising Practice issuing advice for these Refer a Friend schemes, also known as "Member-get-Member"

The schemes are only lawful if handled correctly, and if certain legal conditions are met. So, is yours lawful?

The answer is, "When it's a virus".

Why do so many well meaning people confuse the two? We've wondered about this for a long time. The only conclusion we can come to is that ordinary people, acting with goodwill, just haven't got a clue. As a result, they confuse viruses like the Kama Sutra and the various Sober viruses with Spam.

But when a UK Internet Service Provider confuses the two you have a recipe for confusion. They applied a highly agressive Spam filter to address a virus outbreak and announced the same to their customers. As an ISP you might expect them to know better and you could certainly argue that they have a duty to customers to be clear in an area where such mis-understanding could have disastrous consequences for the hapless customer!

With all the major need for strong authentication, true recognition of the user, and discussions about tokens and similar things, this story caught our eye. The question is, "Is this the future?" And we will only start to know when the 16 week trial of Finger Print Payment Processing at the UK's Mid Counties Co-op's Oxford store is complete.

Pay By Touch is an innovative payment service which enables consumers to pay for their purchases using their finger rather than a card, cheque book or cash. The payment service will be available in three Midcounties Co-op supermarkets in and around Oxford.

But will conservative Brits take this service up, or will they give it the archetypal British two finger gesture? Read the article and then tell us your views, both as a consumer and as someone who may implement biometric systems.

email: peter.andrews@complianceandprivacy.com

web: http://complianceandprivacy.com