Compliance and Privacy
Compliance and Privacy News )
Essential Reading for Today's Business 18th May 2006

in this issue:
  • Wi-Fi: Are you broadcasting personal data?
  • Metafisher Trojan Activity - an iDefense Webcast
  • IDS Evasion Techniques and How to Prevent Them - an iDefense WebCast Replay
  • Chip and PIN - Just how safe is it?
  • The International Worldwide Web Conference
  • ****STOP PRESS**** - Skimmer Spam

    Dear Visitor,

    We have a packed newsletter for you today with articles ranging from Wi-Fi to the latest techniques for beating Chip and PIN. But perhaps the most disturbing of all is the article on Metafisher Trojans. These are ultra-sophisticated, incredibly professional and a real threat to everyone. We think this will be one of the most interesting and valuable webcasts we've yet seen. And, as always, registration is free.

    No sooner did we post an article on Chip and PIN on the website than we got some spam in the discussion forum. We couldn't believe what was on offer - and neither will you! If you wondered whether Chip and PIN was all it's cracked up to be, wonder no more. Not only is it not safe, anyone can skim your card and PIN anywhere you use it!

    As always, we welcome your feedback - do take part in the discussion forums. The more we get from you, the more we can tailor the content we're providing!

    Peter Andrews

    Wi-Fi: Are you broadcasting personal data?

    Hundreds of thousands of businesses, large and small, world-wide now use Wi-Fi to connect PCs to their network. Millions of homes have Wi-Fi to connect their PCs to the Internet and, of course, millions more use laptops, with Wi-Fi in public places the length and breadth of virtually every country. From where I'm sitting, writing this right now I have no less than nine wireless networks I could connect to.

    So, what's the problem?

    Wi-Fi uses an easily interceptable frequency to transmit/receive data to and from a PC - if it didn't it wouldn't work without huge antennae. So anyone could easily intercept whatever you send or receive to or from your PC. Secondly when you connect to a network via Wi-Fi you are then dependent on the security of that network to protect you from anyone trying to access your PC. In your office or at home the chance are you have a Firewall between your PC and the network.

    Metafisher Trojan Activity - an iDefense Webcast

    The Metafisher family of Trojans are now showing an unprecedented level of sophistication. This type of phishing attack is carried out using a botnet, which is controlled though a Web-based command-and-control server. This gives the operators of the botnet the ability to control numbers of bots several orders of magnitudes greater than could be done via traditional IRC-based control structure.
    But Metafisher is more that just a Trojan/Bot; it is in fact a professionally built suite of tools with a user-friendly administration interface and solid software lifecycle management comparable to many professional software products. This fact suggests that Metafisher is being developed and sold as a phishing toolkit to interested third parties. This report will explore these facts in greater detail and explain the implications of MetaFisher-related criminal activity.

    This live webcast will, we think, be absolutely fascinating! Your active participation is requested.

    The webcast scheduled for 24th May 2006 at 2pm US Eastern Standard Time. That's 7pm UK time, 8pm European time. To take full part you need a fully audio equipped computer. Don't miss out, participation is free.

    IDS Evasion Techniques and How to Prevent Them - an iDefense WebCast Replay

    Intrusion Detection Systems (IDS) detect inappropriate, incorrect or anomalous host or network activity. This presentation provides information about common techniques used to evade IDS detection. The goal is to answer the question: To what extent should network administrators rely upon IDS detection systems for security and advanced warnings of attacks?

    The webcast lasts for 22 minutes and is streamed to your desktop. An audio equipped PC is required.

    Chip and PIN - Just how safe is it?

    If you knew that the unit you put your Chip and PIN card into could be transmitting your details to a fraudster, how happy would you be to use the card ever again? Just how secure is Chip and PIN? Has this new technology simply played into the hands of the fraudster? And where will that leave Smart Card based ID Card Systems like that proposed for the United Kingdom?

    In fact, just how smart is it to enter your PIN nowadays, and just what is waiting to catch you out?

    We're not talking about technology that is simple but "old hat", here. While it's well known that cameras can be aimed at ATMs to snoop on our keystrokes and on our card number when we key the data in, these are the crude end of the current advanced technology offerings.

    The International Worldwide Web Conference

    VeriSign has asked us to let you know about the Chief Security Officers' Dinner at the conference this year.

    We know it's short notice, but, if you are a senior IT Security professional, and if you are in Edinburgh on the 25th May 2006, and you really should be there, then VeriSign has a very few places remaining available for dinner guests.

    The opportunity to network with your peers is first class.

    ****STOP PRESS**** - Skimmer Spam

    We could not believe it. Right after we published the article on Chip and PIN and Skimmers a spammer found it.

    We get spammers all the time. We keep the discussion forums clean, but we still get them. And I was just running down the spammers, blocking IPs, deleting spam when I found......

    Someone selling skimmers to skim Chip and PIN cards! We're going to edit the message as soon as the authorities have finished with it, but we're featuring it!

    Quick Links...


    Readers should note that references to VeriSign's sponsorship are historical. That sponsorship ended on 28 February 2007, and is simply included here for context and historical purposes. VeriSign is not formally associated with this site in any manner, and has asked us to emphasise this point.