Spear Phishing

by Vince
in Blog
Hits: 2077

 

Spear Phishing is a targeted email attack and the message will typically come from someone you know.  We’ve been seeing this type of attack more frequently and the latest one had an interesting twist.  Using our domain, sevenlayers.com and changing the names to protect the innocent, the email was crafted as follows:

Read more

Apache - Prevent Clickjacking

by Vince
in Blog
Hits: 3696

You've run a tool, such as ZAP, against your web site in an attempt to harden it and you discover your site is prone to 'clickjacking'. 

A quick search reveals:

Clickjacking

The malicious practice of manipulating a website user's activity by concealing hyperlinks beneath legitimate clickable content, thereby causing the user to perform actions of which they are unaware.

Read more

OpenVPN WebUI Login Issue

by Vince
in Blog
Hits: 3063

We have several clients using OpenVPN in one form or another but I was playing around with the OpenVPN appliance available for download here:

https://openvpn.net/index.php/access-server/download-openvpn-as-vm.html

As a side note -- they warn you against using VMWare Player.  While I didn't use Player, I was testing it out in VMWare Workstation 11 and it works perfectly. 

Read more