25. July 2011 · Comments Off on Lenny Zeltser on Information Security — Why There Are Fewer LinkedIn Scams and Malware Than Facebook Ones · Categories: blog · Tags: , ,

Lenny Zeltser on Information Security — Why There Are Fewer LinkedIn Scams and Malware Than Facebook Ones.

Lenny Zeltser received some very good answers as to why there are fewer scams on LinkedIn than Facebook.

I think this is the best answer:

People’s LinkedIn interactions have a professional perspective. This frame of mind doesn’t generate the same social/emotional response as Facebook, which makes them more resistant to being tricked, suggested @adamshostack. In addition, @marypcbuk pointed out that people tend to pay more attention to their LinkedIn interactions, because they police their professional activities more carefully than personal ones.

Facebook interactions are much more free flowing and emotional while LinkedIn, being professionally oriented, interactions are more thoughtful. On LinkedIn people are more cautious because they are more concerned with their reputations.

The other answers definitely have merit as well.

24. July 2011 · Comments Off on Lenny Zeltser on Information Security — The Use of the Modern Social Web by Malicious Software · Categories: blog · Tags: , , ,

Lenny Zeltser on Information Security — The Use of the Modern Social Web by Malicious Software.

Lenny Zeltser posted his excellent presentation on The Use of Modern Social Web by Malicious Software.

However an increasing number of organizations are seeing real benefits to the top line by engaging in the social web. Therefore simply blocking it’s usage is no longer an option. The InfoSec team must respond to the business side by mitigating the security risks of using the modern social web.

 

24. July 2011 · Comments Off on Lenny Zeltser on Information Security — 3 Reasons Why People Choose to Ignore Security Recommendations · Categories: blog · Tags: , ,

Lenny Zeltser on Information Security — 3 Reasons Why People Choose to Ignore Security Recommendations.

Lenny Zeltser relates a general psychology paper on Information Avoidance ($30 if you want to read the paper) to why security recommendations are ignored.

Here are the three reasons outlined in the paper:

(a) the information may demand a change in beliefs,
(b) the information may demand undesired action, and
(c) the information itself or the decision to learn information may cause unpleasant emotions or diminish pleasant emotions.

On the third point, Lenny hits on one of the age old concerns – the unpleasant emotion of “I bought the wrong security products.”

While this could be true in some situations, the more likely issue is that the security landscape has changed and obsoleted the purchased security product in question before it’s fully amortized.

We are seeing this today with respect to firewalls. The changes in the way browser-based applications communicate with servers and the related attack vectors have left traditional port-based firewall policies helpless to defend the organization.