Just like any normal Myspace user, I tend to browse my friends bulletins to see if there is anything of interest that might catch my eye. A Myspace bulletin is like an announcement message, it gets posted to all of your friends bulletin boards for them to see. So, a few days ago, I came across a bulletin from my Myspace “friend” and digg.com founder, Kevin Rose. (I don’t know Kevin, he’s my “friend” in the loosely connected, easily created Myspace way.)

The URL in the bulletin from Kevin takes you to hxxp://stalkertrack.com.

It’s highly unlikely that Kevin intended to send this bulletin. It should be noted that this was not an isolated incident.

This piqued my interest, so I decided to “digg” a little deeper to find out why a few web-savvy folks would openly give out their login credentials to a service that is not promoted or supported by Myspace itself, and is even actively discredited by the Myspace founders.

(more…)

MessageLabs released a study last week on malicious emails. They found that attackers using email to distribute threats are increasing relying on users to click through on links in the email, as opposed to clicking on attachments.

This means a couple of things to me:

(1) Most everybody has deployed AV at the mail gateway.

(2) Your web filter is becoming an ever more important device in securing your network.

(3) Users need more training.

(more…)

Any IT Manager can tell you that the biggest bang for your budget dollar comes from training. Simply training your users some security 101 — don’t haphazardly double click on email attachments, pay attention to file extensions, don’t click on links in unsolicited emails and IMs, learn to recognize a phish — drastically reduces your attack surface. Even with the evolution of blended threats and with the steady stream of newly exploitable vulnerabilities announced each day, the single biggest threat propagation vector is still attachments on mass emails.

(more…)