[Dataloss] [Fwd: Bank Technology News Intelligencer: Warn Your Execs: Whalers Targeting Bank CEOs ]

Arshad Noor arshad.noor at strongauth.com
Thu Jun 5 16:56:24 UTC 2008

Fascinating attack at a number of levels:

1) The attacker installs a new Trusted Root CA certificate on the
    victims' computer;
2) Steals Client-Certificates (and presumably, Private Keys stored
    in files) in addition to stored passwords and account information;
3) Targets only CxOs;

Attackers appear to be moving at warp-speed in exploiting weaknesses
in technology and business processes, while corporations are still
stuck trying to get into third - perhaps even second - gear despite
real solutions staring them in the face.  Pathetic.

Arshad Noor
StrongAuth, Inc.


Security researchers at SecureWorks are warning about the latest spear
phish-now more catchily-called whaling, because of the big-fish nature
of its targets-that is targeting CEOs and other senior financial
services executives.

More information about the Dataloss mailing list