Wednesday, May 01, 2013

firewall-wizards Digest, Vol 65, Issue 1

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: Linked-in and its Phishing-like contacts option! (Mathew Want)


----------------------------------------------------------------------

Message: 1
Date: Wed, 1 May 2013 15:50:42 +1000
From: Mathew Want <imortl1@gmail.com>
Subject: Re: [fw-wiz] Linked-in and its Phishing-like contacts option!
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<CAKFczxaVoZ4Z79Ugc8tKAGGuFKhUXVAotTabMAYXg48TC6=q0A@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Read only access to the sites. I like that idea a lot.

Has anyone else come across this requirement or found a good way to do it
at a control point level? Perhaps at the IDS layer?

M@


On 1 May 2013 02:20, <lordchariot@embarqmail.com> wrote:

> > I'm honestly not sure how we could block this stuff in a web-proxy, or be
> > alerted by an IDS rule short of just blocking the sites.
> > (Maybe this will start more discussion. How would one try this?)
>
> I have a lot of requests from customers to try to make the web read-only.
> The main use cases are for social network, blogs/wikis, and commenting on
> posts. The fundamental ways to do this are to 1) have MITM SSL decryption,
> and 2) block the POST method for specific sites. Most commercial proxies
> can do this and even squid does SSL MITM.
>
> By blocking POST to certain categories of sites and only allowing the POST
> for the */logon pages, users can view all the facebook/twitter/youtube they
> want, but can't write anything outbound to the site. It's pretty effective.
>
> e?
> _____________________________________
>
> From: firewall-wizards-bounces@listserv.icsalabs.com [mailto:
> firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of Bruce Platt
> Sent: Friday, April 26, 2013 7:41 AM
> To: Firewall Wizards Security Mailing List
> Subject: Re: [fw-wiz] Linked-in and its Phishing-like contacts option!
>
> I have a love/hate relationship with these as well. I was only tempted
> down this perfidious path a few years ago when a set of my Grandchildren
> asked me to get a Facebook account so we could interact that way as they
> live on the other coast from me. I started disliking it within five
> minutes when a former employer sent me a request to "friend" him. Then it
> became an issue of who can I not be "friends" with among my contemporaries.
>
> Same with Linked-In, same with Twitter.
>
> Up to this point I'm just addressing the personal inconvenience aspect of
> it, which is why I chose Crispan's post to which to reply.
>
> But, the larger issue is really the risk of exposing all sorts of personal
> / corporate information in a variety of unwitting ways. This is the part
> I hate. We've had many discussions about the risks of allowing people to
> use social media web sites from work. It's a losing battle. Entering
> one's email password is just one, and Linked-In is not the only villain. I
> just made some flight reservations yesterday. The airline website offered
> to add the reservation to my Calendar. Not let me download a .cal file,
> but to directly insert it into my calendar. Uh, no. Not today.
>
> But, this now get's added to our list of worst practices and meet's Paul's
> criteria of being part of overall operational security. I'm honestly not
> sure how we could block this stuff in a web-proxy, or be alerted by an IDS
> rule short of just blocking the sites. (Maybe this will start more
> discussion. How would one try this?)
>
> Mix these with BYOD, and it makes a daunting task indeed.
>
> Cheers
>
> --
> +------------------------------------+
> Bruce B. Platt, Ph.D.
> V.P. Research
> ei3 Corporation
> 136 Summit Avenue
> Montvale, NJ 07645
> Phone: +1-201-802-9080 ext. 404
> Facsimile: +1-201-802-9099
>
> On Fri, Apr 26, 2013 at 12:53 AM, Crispin Cowan <crispin@crispincowan.com>
> wrote:
> I boycott all social media. I?m not opposed to social networking, but I am
> opposed to some dot.com monetizing my relationships; I do all my social
> networking via open protocols like e-mail, and having a beer with a friend
> ?
>
> I broke this rule once, joining LinkedIn 5 years ago, because I needed a
> job. LinkedIn was a total failure at getting a job, but attending ToorCon
> and having a beer with someone I met there worked. I deleted my LinkedIn
> account when I got tired of the ?Foo wants to connect with you? spam. I?m
> still getting LinkedIn spam.
>
> Screw social networking web sites. I don?t have a FaceBook page or a
> Twitter account, and never will.
>
> Funny, I never envisioned myself as Clint Eastwood yelling at kids to get
> off my lawn, but here I am ?
>
> Sent from Windows Mail
>
> From: Gautier . Rich
> Sent: ?Thursday?, ?April? ?25?, ?2013 ?9?:?28? ?PM
> To: Firewall Wizards Security Mailing List
>
> Thoughts? I?m wondering why User Operational Security falls under the
> realm of Firewall Wizards.. Other than that, I?d say ? They?re not alone
> by any stretch of the imagination, and plenty of users seem to be perfectly
> willing to accept the risk (or be unaware of it). However, not much you
> can do on the firewall side other than turning off webmail access...
>
> Richard Gautier, CISSP
> Enterprise Architect, Federal Group
> 650 Massachusetts Avenue NW
> Suite 510
> Washington, DC 20001
> Office: (571) 226-8828 | Cell: (703) 231-2156
> rgautier@drc.com | www.drc.com
>
> From: firewall-wizards-bounces@listserv.icsalabs.com [mailto:
> firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of Mathew Want
> Sent: Monday, April 22, 2013 7:30 PM
> To: Firewall Wizards Security Mailing List
> Subject: [fw-wiz] Linked-in and its Phishing-like contacts option!
>
> Hiya all.
>
> Has anyone else noticed the option to see who else they know is connected
> on Linked-in? Have you noticed that if you click on the outlook button it
> asks you for your WORK EMAIL PASSWORD!!!!!
> Bloody hell! It's not like the job of getting users to not submit this
> information to other sites isn't already hard enough without this!!! The
> "can't put brains in pumpkins " department must be having a field day over
> this.
> Am I the only one that think this is a touch negligent on the part of
> Linked-in? Or should I just accept that it is corporate facebook, accepts
> that they have the dame moral fibre and move on?
> Maybe I am expecting too much? Thoughts?
> --
> Regards,
> M@
> --
> "Some things are eternal by nature,
> others by consequence"
> ________________________________________
> This electronic message transmission and any attachments that accompany it
> contain information from DRC? (Dynamics Research Corporation) or its
> subsidiaries, or the intended recipient, which is privileged, proprietary,
> business confidential, or otherwise protected from disclosure and is the
> exclusive property of DRC and/or the intended recipient. The information in
> this email is solely intended for the use of the individual or entity that
> is the intended recipient. If you are not the intended recipient, any use,
> dissemination, distribution, retention, or copying of this communication,
> attachments, or substance is prohibited. If you have received this
> electronic transmission in error, please immediately reply to the author
> via email that you received the message by mistake and also promptly and
> permanently delete this message and all copies of this email and any
> attachments. We thank you for your assistance and apologize for any
> inconvenience.
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>



--
"Some things are eternal by nature,
others by consequence"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20130501/92f74360/attachment-0001.html>

------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 65, Issue 1
***********************************************
at

No comments:

Post a Comment