Category Archives: Infosec Communicator

  • -

Protect Yourself Online–Anti-Phishing Toolbar

Category:Infosec Communicator,Internet Safety,Social Networking

Today I received an Alert from Google that my name had appeared online. (Being in information security breeds paranoia, so I’d set up  a Google Alert for occurrences of my name online–and for the rest of my family as well!)

The Phishing Attempt

Here’s the Google Alert I received:

Ben Woelk (bwoelk) on Twitter
Infosec Communicator, Trainer and Policy Analyst at RIT. STC Rochester VP. Educause A&T co-chair. Community builder applying Web 2.0 to security awareness.
retwite-dot-appspot-dot-com/bwoelk

Curious to find out where my name had appeared and thinking that Google had alerted me about Twitter, I clicked on the link. (And yes, I really should know better!) Clicking on that link brought me to a site that looked exactly like my Twitter page, a potential phishing site. Or I should say, “almost brought me” to the site?

How did I know it was a phishing site and why didn’t I arrive there?

One indication that it’s a possible phishing site is the URL, which clearly is not Twitter.

The other indication was that my Netcraft Toolbar plugin on Firefox blocked access to the site and asked me to confirm that I wanted to go there. Here’s what the Netcraft Toolbar showed me when I tried to go to the site:

Netcraft warning message

Netcraft warning message

After I chose “No,” my browser window showed:

Netcraft blocked confirmation message

Netcraft blocked site confirmation message

Netcraft Toolbar Features

The toolbar also provided some information about the site itself. The diagram below (captured and edited with TechSmith Snagit 9.x), shows the information the toolbar provides:

Example of Netcraft Toolbar

Netcraft Toolbar at Twitter Homepage

Netcraft and Me

I’ve been using the Netcraft Toolbar for several years and have been pleased with its performance. It blocks known phishing sites and also provides you the opportunity to submit suspect sites to them for verification. If Netcraft decides that it is indeed a phishing site, it serves as a neighborhood watch group and blocks all Netcraft Toolbar users from reaching the site. Netcraft provides versions for both Internet Explorer and Firefox.

Highly recommended!

NOTE: There seems to be a good deal of discussion about whether retwite.appspot.com is really a phishing site or a proxy. Either way, the toolbar works in the same manner to protect from other reported phishing sites.

You may also want to visit the RIT Information Security Safe Practices webpage for more information about protecting yourself and others.


  • 8

Twitter Use at #STC10 Summit

Category:Infosec Communicator,STC,Summit

One of the more surprising things to me at the STC Summit conference this year was the frequent use of Twitter. It was used for arranging informal and “official” Tweetups and for summarizing the content of various sessions. It seemed like there were a lot of different people tweeting, but I wasn’t sure how many people were involved and exactly what they were tweeting about. Although I didn’t conduct a rigorous analysis, I think the results are interesting.

Methodology and results

I set up an RSS feed in Google Reader prior to the conference so I wouldn’t “miss anything.”  Google Reader provided the following Twitter frequency graph. (The orange bar is the number of tweets I had read.)

summit 10 twitters

Graph of Twitter use during and immediately after Summit STC10

After manually exporting the tweets from the Google Reader RSS feed to a notepad file and removing the hash tags “#stc10” and “#stc11,” I produced the Wordle below. (And yes, I’m sure there was a better way to do this!)

Summit STC10 Tweets

Wordle of the tweets containing #stc10 or #stc11 from 4/30 through 5/6/10

Using the online word frequency analyzer and phrase analyzer at https://www.writewords.org.uk, I was able to get a sense of whose Twitter handles appeared most frequently at Summit.

Top Ten Eleven Twitter Handles (Occurrences)

125 techcom
108 afox98
85 bwoelk
83 whitneyhess
80 willsansbury
79 techcommdood
68 suredoc
65 stc_org
63 debdebtig
63 sushiblu + jgillenwater87
58 ninety7

Selected Keywords (Occurrences)

434 stc
339 rt
121 great
106 sig
95 dallas
89 summit
69 content
67 session
67 good
64 conference
43 tweetup
41 community
31 dinner

Negative Words (Occurrences)

10 bad
3 terrible
1 sucks
1 suffering

Contrary to some expectations, “beer” was not the most commonly used word in the tweets appearing only 13 times. (I’m not sure if there’s any correlation, but “karaoke” also appeared 13 times.)

Conclusions

In my opinion, Twitter provided a sense of community and a “conference within a conference.” Most tweets were positive, implying that many of the Twitter users enjoyed the conference. Very few of the tweets were negative, and usually referred to specific sessions or problems with the site for the Tweetup. Personally, I found that using Twitter enabled me to make connections that I never would have attempted had they started face to face.

Prior to Summit, I had not been a heavy Twitter user, although I had tied postings from two Facebook Pages I administer,  RIT Information Security and STC Rochester,  to Twitter accounts.  I look forward to using it at future conferences and seeing what new connections it enables.

The “raw” data is available upon request.


Categories