Tonight, we had our first B.O.F. session (Birds of a Feather – From “birds of a feather flock together”, much like “together, we are stronger”). Besides eating chips, Toblerone, home-made brownies and drinking beer, we still had the time to dig into a subject that is geeky interesting enough for us to even forget about ordering pizzas.

Social networks like Linkedin, Facebook or Plaxo are real gold mines when it comes to social engineering. These websites are growing up months after months, to a point where they count today more users than there are bicycles in Beijing.

The goal of these “mangroves” is to get the more connection as you can. And everybody displays his information as a trophy.

Now, the problem is that malicious users just have to choose from any personal information available. They can easily get names, phone numbers, positions and mail addresses as well as details about the person’s habits. It’s then easy to imagine what the next steps could be.

Don’t forget to make your users aware of this risk. In most cases, an update in the Internet usage policy and a security refresh will greatly help.

Good news for all Nokia (and Symbian) users that need a RSA keyfob to securely log into their applications. RSA authenticators are now available as software version that run on Nokia phones.

No need to carry a fob anymore, my E51 will do the job.

Quite interesting, I got a spam mail last week that is pdf based. A simple email containing an image embedded into a pdf attachment.

Reputation based filtering and greylisting are currently your only remaining friends…