Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

10/30/2009
05:04 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

LinkedIN With 'Bill Gates'

Bill Gates invited me to join his LinkedIN network. OK, so it wasn't really Bill Gates, but as far as my email system, spam filter, and email client were concerned, it's perfectly normal for Gates to send me a LinkedIn invitation.

Bill Gates invited me to join his LinkedIN network. OK, so it wasn't really Bill Gates, but as far as my email system, spam filter, and email client were concerned, it's perfectly normal for Gates to send me a LinkedIn invitation.Notice that I said he invited me to join his LinkedIN network: If you're a LinkedIn member, then the uppercase "N" should be your first clue the message was phony. That misspelling was in the subject line of the email, though the message's contents spelled it correctly. But apparently many email security products don't notice those things, as researcher Joshua Perrymon demonstrated in his recent spear-phishing experiment, which was 100 percent successful across multiple email products and services, including iPhones, BlackBerrys, and Palm Pres.

I was one of Josh's guinea pigs for his experiment, so I got to see how easy phishing email can bypass email security controls. There obviously wasn't much chance I would get duped by the invite: I knew that my interviewing Bill Gates on the spot at a computer conference when I was in my 20s wasn't enough to get me into his social networking inner circle. But what if Perrymon's rather convincing spoofed LinkedIn invite had come from someone I did know, and had spelled LinkedIn with a lowercase "n"?

I would easily have fallen for it.

Now that's social engineering at its best, right? You bet. There's no patch for a good social engineering attack. But what worries me is that while Perrymon's message had the look and feel of a legit LinkedIn invitation message, it still had the capitalization issue and Bill Gates' name in it -- a couple of things you'd think might appear spammy to a filter. But then again, Russian-language email messages occasionally slip through and land in my inbox, too. So I guess I'm not surprised that the experiment worked on my end.

Still, it was a good exercise to experience firsthand, especially when Perrymon showed me the results of the data he was able to gather about me when I willingly clicked on the link in the email -- my operating system, browser version, IP address, etc. Nope, nothing Bill Gates would be interested in.

-- Kelly Jackson Higgins, Senior Editor, Dark Reading Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
Robert Lemos, Contributing Writer,  2/20/2020
Ransomware Damage Hit $11.5B in 2019
Dark Reading Staff 2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17274
PUBLISHED: 2020-02-26
NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access.
CVE-2019-17275
PUBLISHED: 2020-02-26
OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers.
CVE-2020-3169
PUBLISHED: 2020-02-26
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of arguments passed to a spe...
CVE-2020-3170
PUBLISHED: 2020-02-26
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could expl...
CVE-2020-3171
PUBLISHED: 2020-02-26
A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input vali...