International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013
DOI : 10.5121/ijnsa.2013.5402 23
Marc A. Rader1 and Syed (Shawon) M. Rahman2, *
1CapellaUniversity, Minneapolis, MN, USA and Associate Faculty, Cochise CollegeAZ, USA
Mrader3@CapellaUniversity.edu
Associate Professor of Computer Science at the University of Hawaii-Hilo, Hawaii,
USA and Part-time Faculty at Capella University, Minneapolis, USA
*SRahman@hawaii.edu
ABSTRACT
Organizations invest heavily in technical controls for their Information Assurance (IA) infrastructure.
These technical controls mitigate and reduce the risk of damage caused by outsider attacks. Most
organizations rely on training to mitigate and reduce risk of non-technical attacks such as social
engineering. Organizations lump IA training into small modules that personnel typically rush through
because the training programs lack enough depth and creativity to keep a trainee engaged. The key to
retaining knowledge is making the information memorable. This paper describes common and emerging
attack vectors and how to lower and mitigate the associated risks.
KEY WORDS
Security Risks, Phishing, Social Engineering, Cross Site Scripting, Emerging Attack Vectors, DNS poising.
1. INTRODUCTION
Phishing is a social engineering technique that is used to bypass technical controls implemented
to mitigate security risks in information systems. People are the weakest link in any security
program. Phishing capitalizes on this weakness and exploits human nature in order to gain access
to a system or to defraud a person of their assets.
A person wanting to impress a hacker group broke into the popular MySpace profiles of several celebrities, including Justin Timberlake and model and MTV personality Tila Tequila, researchers said today.
The hacker, who uses the handle “Tesla,” gained access late Wednesday into the profiles of Timberlake, Tequila and actress-singer Hilary Duff, and used the compromised accounts to blast out bulletins to the celebrities’ tens of thousands of MySpace friends, said Chris Boyd, senior director of malware researchFaceTime Security Labs.
The messages, which appeared to come from the Hollywood stars themselves, proclaimed support for a hacker group known as Kryogeniks.
One read: “Hey Tesla here. Justin Timberlake has been hacked by me. HTTP://kryogeniks[dot]org. Cheers [expletive].”
Secret-spilling site Cryptome was hacked over the weekend, possibly exposing the identities of whistleblowers and other confidential sources, according to a hacker who contacted Wired.com and claimed responsibility for the breach.
The hacker said two intruders from the group Kryogeniks breached the long-running site, where they gained access to a repository of secret files and correspondence. Among them, the hacker claimed, were the records of self-proclaimed WikiLeaks insiders who have been the source of several unconfirmed tips supposedly detailing internal WikiLeaks matters.

The Philadelphia 2600 was set up to gather people with a common intrest to represent a stereotyped culture, share knowledge, and have a good time. Everybody at the meetings has something to teach, no matter how new to computers, and everybody has something to learn, no matter how experienced. We ask everyone to keep an open mind at the meetings because even within our group there is diversity. The Philadelphia 2600 was set up for anybody with any electronic and computer intrest, not just “Hackers”. If you’re a graphic artist, come on down. If you’re a cable repair guy, come on down. If you’re a 10 year old midget with a 2X4 for a leg, come on down. If you’re a police officer or government official, you’re welcome too. As for everyone else, you’ll always find someone who’s willing to teach new members and this is the perfect place to do it.
This site was one of Russell Handorf’s old websites from 2001. He went by satanklawz.











