Hundreds of thousands of businesses, large and small, world-wide now use Wi-Fi to connect PCs to their network. Millions of homes have Wi-Fi to connect their PCs to the Internet and, of course, millions more use laptops, with Wi-Fi in public places the length and breadth of virtually every country. From where I'm sitting, writing this right now I have no less than nine wireless networks I could connect to.

So, what's the problem?

Wi-Fi uses an easily interceptable frequency to transmit/receive data to and from a PC - if it didn't it wouldn't work without huge antennae. So anyone could easily intercept whatever you send or receive to or from your PC. Secondly when you connect to a network via Wi-Fi you are then dependent on the security of that network to protect you from anyone trying to access your PC. In your office or at home the chance are you have a Firewall between your PC and the network.

The Metafisher family of Trojans are now showing an unprecedented level of sophistication. This type of phishing attack is carried out using a botnet, which is controlled though a Web-based command-and-control server. This gives the operators of the botnet the ability to control numbers of bots several orders of magnitudes greater than could be done via traditional IRC-based control structure.
But Metafisher is more that just a Trojan/Bot; it is in fact a professionally built suite of tools with a user-friendly administration interface and solid software lifecycle management comparable to many professional software products. This fact suggests that Metafisher is being developed and sold as a phishing toolkit to interested third parties. This report will explore these facts in greater detail and explain the implications of MetaFisher-related criminal activity.

This live webcast will, we think, be absolutely fascinating! Your active participation is requested.

The webcast scheduled for 24th May 2006 at 2pm US Eastern Standard Time. That's 7pm UK time, 8pm European time. To take full part you need a fully audio equipped computer. Don't miss out, participation is free.

Intrusion Detection Systems (IDS) detect inappropriate, incorrect or anomalous host or network activity. This presentation provides information about common techniques used to evade IDS detection. The goal is to answer the question: To what extent should network administrators rely upon IDS detection systems for security and advanced warnings of attacks?

The webcast lasts for 22 minutes and is streamed to your desktop. An audio equipped PC is required.

If you knew that the unit you put your Chip and PIN card into could be transmitting your details to a fraudster, how happy would you be to use the card ever again? Just how secure is Chip and PIN? Has this new technology simply played into the hands of the fraudster? And where will that leave Smart Card based ID Card Systems like that proposed for the United Kingdom?

In fact, just how smart is it to enter your PIN nowadays, and just what is waiting to catch you out?

We're not talking about technology that is simple but "old hat", here. While it's well known that cameras can be aimed at ATMs to snoop on our keystrokes and on our card number when we key the data in, these are the crude end of the current advanced technology offerings.

VeriSign has asked us to let you know about the Chief Security Officers' Dinner at the conference this year.

We know it's short notice, but, if you are a senior IT Security professional, and if you are in Edinburgh on the 25th May 2006, and you really should be there, then VeriSign has a very few places remaining available for dinner guests.

The opportunity to network with your peers is first class.

We could not believe it. Right after we published the article on Chip and PIN and Skimmers a spammer found it.

We get spammers all the time. We keep the discussion forums clean, but we still get them. And I was just running down the spammers, blocking IPs, deleting spam when I found......

Someone selling skimmers to skim Chip and PIN cards! We're going to edit the message as soon as the authorities have finished with it, but we're featuring it!

email: peter.andrews@complianceandprivacy.com

web: http://complianceandprivacy.com