Lesson A4 - Link Hygiene
HOME
PAGE
MEMBER RESOURCES
ABOUT US
FORUMS
PARTNERS
PRODUCTS & SERVICES
FREE RESOURCES
LOGIN
HERE
JOIN
NOW!
You are not logged in. Access is limited. Login or see membership information. • Streetwise Security Zone Community

The Streetwise Security Zone Discussion Forums are a great way to see what other managers are doing about security and what problems they have faced. You can find a lot of helpful hints and tips that could save you time and money.

You must join The Streetwise Security Zone (click HERE) in order to reply or post new items in the forums.
Author Message

ScottWright
Group Administrator

Subject: Lesson A4 - Link Hygiene
Self-Coaching Program
posted by ScottWright on Sunday, September 5th 2010 @ 9:26 AM

Lesson A4 covers the link hygiene - Avoiding Unwanted Infections and Scams From Email Links and Attachments

The lesson can be found by clicking HERE.

Please feel free to post your comments, recommendations or references by replying in this thread.

- Scott

________________________________
Scott Wright
The Streetwise Security Coach

Would your organization be interested in obtaining the right to use my lessons or articles in your enterprise security awareness program? Please email me at the address below...

Email: scott@streetwise-security-zone.com
Twitter: http://www.twitter.com/streetsec
Phone: 613-693-0997
Podcast: http://www.streetwise-security-zone.com/podcast.html

ScottWright
Group Administrator

Subject: RE: Lesson A4 - Link Hygiene
Self-Coaching Program
posted by ScottWright on Friday, September 17th 2010 @ 5:44 AM

Before I forget, there are a couple of common threats that people think of more in relation to social media websites than in the context of Email.

Cross-Site Scripting is a typical attack that can occur if you have multiple web pages open within a browser. If you happen to click on a link in an email message, it may open a new browser tab and if you have other web pages open already in the browser, the newly opened tab may take advantage of vulnerabilities in the site it sent you to, or in sites you already have open. It's a case of not realizing that attackers are going to try to get to your vulnerabilities indirectly.

The other related risk is through a threat called Cross-Site Request Forgery, which literally shows up as a link in an Email message or some social media content. The trick is that the hacker assumes you are already logged in to a site like online banking. They can form a link that tries to make some kind of request to the service you are already logged in to. For example, it could try to make a change in your Email address in your account settings. If it is successful, they may have what they need to do a password reset on your account without you knowing about it, which gives them complete control over your account.

So, for example, you receive an Email message from some friend saying they haven'ts spoken to you in a long time, but when they saw the article in the attached link it made them think of you. So, you click on it. But instead of going immediately to an article, it opens a page that seems to get stuck and doesn't go anywhere. In fact, the request is being made to your Twitter account settings. and your Email contact address for your Twitter account is being changed in a hidden window. You think it's just a bad link, but the attacker got what they wanted.

Some sites are aware of these risks, and have modified their sites to prevent this kind of request from happening. But it is still a common problem in some websites.

________________________________
Scott Wright
The Streetwise Security Coach

Would your organization be interested in obtaining the right to use my lessons or articles in your enterprise security awareness program? Please email me at the address below...

Email: scott@streetwise-security-zone.com
Twitter: http://www.twitter.com/streetsec
Phone: 613-693-0997
Podcast: http://www.streetwise-security-zone.com/podcast.html


Copyright 2012. Security Perspectives Inc. All Rights Reserved.