http://www.darkreading.com/insiderthreat/security/client/showArticle.jhtml?articleID=222200326 By Kelly Jackson Higgins DarkReading Jan 05, 2010 The researcher who conducted a successful spear-phishing experiment with a phony LinkedIn invitation from "Bill Gates" is about to reveal the email products and services that failed to filter the spoofed message -- and that list includes Microsoft Outlook 2007, Microsoft Exchange, Outlook Express, and Cisco IronPort. Joshua Perrymon, CEO of PacketFocus, had previously revealed that the iPhone, BlackBerry, and Palm Pre smartphones had all fallen victim to the spear-phishing exercise. "Email-based attacks are probably one of the most effective in today's hacker bag of tricks. The email security industry gets by with stopping most spam and known phishing attacks," Perrymon says. "The problem lies in a directed, under-the-radar, spear-phishing attack -- the type where the attacker spends time to understand the target, create an effective spoofed email and phishing site, [and] then attacks." The experiment was aimed at measuring the effectiveness of email security controls in several major products and services. And the simplicity and success of the test demonstrated just how powerful social engineering can be and what little technology can actually do about it, security experts say. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Thu Jan 07 2010 - 00:36:59 PST
This archive was generated by hypermail 2.2.0 : Thu Jan 07 2010 - 00:57:41 PST