SMS: Nice piece of social engineering
This morning, I received on my cellular the following SMS (translated from French): Info: This caller tried to call you at 09:47 without leaving a message. Unknown Number in your directory > Call...
View ArticlePredictably Irrational
“Predictably Irrational” from Dan Ariely is not a book about security (neither Sci-Fi). Thus, why do I report about it? “Predictably Irrational” highlights that many of our reactions are not rational....
View ArticleGhost in the Wires
Or the official biography of Kevin Mitnick. In the 90s, Kevin Mitnick was known as the World Most Wanted Hacker. He is an artist of social engineering. His book “The Art of Deception” is a...
View ArticleYou are what you wear
Usual knowledge is that what you are wearing has some influence on the perception of your interlocutors. When visiting a therapist, would you trust more the one in shorts and torn tee shirt than...
View ArticleWhy do Nigerian scammers say they are from Nigeria?
Nigerian scam is a generic term for the category of scams that always follow the same scheme: the widow/lawyer/son/exiled person has a huge sum of money blocked somewhere. They need the help of a...
View ArticleSecurity Newsletter 22 is available
The Security Newsletter 22 is available. We are proud to have as guest Joan DAEMEN. Joan is one of the authors of KECCAK, the new algorithm selected by NIST to become the new official SHA-3 function....
View ArticleFavor helps
If you do favor to one person, will this person more likely comply to your request? Dennis Regan studied this question in 1971. The purpose was to validate: Subject is more likely to respond your...
View ArticleSocial engineering and catastrophes
Recently, I visited a security company. They presented their new impressive Security Operational Centers. The security analysts had a continuous update of the sanity of their networks, the most...
View ArticleCloud services as Command and Control
Cloud services are increasing the surface of attack of corporate networks. For instance, we associate usually to file sharing services the risk of leak of confidential information. This is a real...
View ArticleStealing account with mobile phone-based two-factor authentication
Attackers often entice users to become the weakest link. Phishing and scams exploit the human weakness. These attacks become even creepier if the attacker circumvents legitimate security mechanisms....
View ArticleA “charitable” ransomware
This is not a joke. Heimdal Security disclosed a new variant of ransomware combining CryptoWall 4 and CryptXX. It has all the usual components of ransomware. The ransom itself is high: five bitcoins...
View ArticleClik here to view.
Law 7 – You Are the Weakest Link
This post is the seventh post in a series of ten posts. The previous post explored the sixth law: Security is not stronger than its weakest link. Although often neglected, the seventh law is...
View Article