Do you know how to tell a legitimate email from a targeted phishing attack?
Phishing scams try to “hook” you into believing they come from legitimate businesses so that you’ll reveal personal or secure information.
Sometimes it’s not easy to tell what’s real and what isn’t, even for the most sophisticated email user. This article will help you or someone you care about learn what to look for so that your information stays safe.
Within the past few years, there’s been an increase in the ability of the average email user to detect and delete spam. This has not gone unnoticed, particularly by the spammers who have a direct financial interest in obtaining our confidential information. Because of this, the percentage of people who respond to spam has remarkably decreased. Now, though, we’re seeing an increase in the type of targeted spam known as phishing. We’ve entered the next evolution of email scams, and things are just heating up.
The Heartbleed OpenSSL vulnerability should be taken seriously. FixedOpenSSL has been released. Please see heartbleed.org for more information. (image from heartbleed.org)
Warning: OpenSSL vulnerability.
I’ll skip trying to re-explain everything and just link to: http://heartbleed.com/
The short version is that OpenSSL versions in the last ~2 years are vulnerable to having basically any confidential information stolen. Any exploited servers are vulnerable to having previously sniffed traffic decrypted, even after patching out the vulnerability. It is recommended that you regenerate your SSL private keys and certificates, even after patching, and revoke the previous certificates with your certificate authority.
All in all, very bad. Approximately 1/3 of the Internet is effected. FRII is advising all customers to take this extremely seriously (as we are) and take every precaution. FRII has already patched all potentially vulnerable portions of our infrastructure, and any potentially compromised certificates will be revoked and replaced as soon as possible.
Due to many users (on and off our network) being infected with the Cryptolocker Ransomware/Virus, I’ve decided to put together this blog entry summarizing the issues, and prevention.