Exploring Historical & Emerging Phishing Techniques
International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013
DOI : 10.5121/ijnsa.2013.5402 23
Marc A. Rader1 and Syed (Shawon) M. Rahman2, *
1CapellaUniversity, Minneapolis, MN, USA and Associate Faculty, Cochise CollegeAZ, USA
Mrader3@CapellaUniversity.edu
Associate Professor of Computer Science at the University of Hawaii-Hilo, Hawaii,
USA and Part-time Faculty at Capella University, Minneapolis, USA
*SRahman@hawaii.edu
ABSTRACT
Organizations invest heavily in technical controls for their Information Assurance (IA) infrastructure.
These technical controls mitigate and reduce the risk of damage caused by outsider attacks. Most
organizations rely on training to mitigate and reduce risk of non-technical attacks such as social
engineering. Organizations lump IA training into small modules that personnel typically rush through
because the training programs lack enough depth and creativity to keep a trainee engaged. The key to
retaining knowledge is making the information memorable. This paper describes common and emerging
attack vectors and how to lower and mitigate the associated risks.
KEY WORDS
Security Risks, Phishing, Social Engineering, Cross Site Scripting, Emerging Attack Vectors, DNS poising.
1. INTRODUCTION
Phishing is a social engineering technique that is used to bypass technical controls implemented
to mitigate security risks in information systems. People are the weakest link in any security
program. Phishing capitalizes on this weakness and exploits human nature in order to gain access
to a system or to defraud a person of their assets.
Adrian Lamo and FBI Cyber Squad computer scientist Russell Handorf
10/18/12 Update: 2006 posting at forum - where Russell Handorf still contributes using his "grey hat hacker" handle "satanklawz" - suggests he has been working for FBI three years earlier than his resume claims; Adrian Lamo admits being "friends" with Handorf but still won't answer any real questions; Chet Uber offers to have Lamo "interview" me - Neal Rauhauser, who claims he has nothing to.....
Netcat 1.10
Netcat 1.10=========== Netcat is a simple Unix utility which reads and writes dataacross network connections, using TCP or UDP protocol.It is designed to be a reliable "back-end" tool that canbe used directly or easily driven by other programs andscripts. At the same time, it is a feature-rich networkdebugging and exploration tool, since it can create almostany kind of connection you would need and has severalinteresting.....
Hacker defender v0.7.3
Hacker defender v0.7.3====================== Main---- Hacker defender v0.7.3 byHoly_Father <holy_father@phreaker.net> & Ratter/29A <ratter@atlas.cz>Copyright (c) 2000,forever ExEwORxbirthday: 10.01.2003home: http://rootkit.host.skBetatesters:ch0pper <THEMASKDEMON@flashmail.com>phj34r (sandstorm99@ziplip.com)ierdna (ierdna@go.ro)UnixDied Hacker defender is rootkit for Windows NT 4.0, Windows 2000 and Windows XP.Main code was written in Delphi 6. New functions are written in assembler.Backdoor and redirector clients are coded mostly in Delphi 6. program uses adapted LDE32LDE32, Length-Disassembler Engine, 32-bit, (x) 1999-2000 Z0MBiEspecial edition.....