As anyone would be, Sarah was thrilled to be expecting, and shared her excitement on a social-networking site. Henderson won't name names there, either, but you can go ahead and guess.
That was pretty much all the attacker needed. He soon sent out a message labeled "Sarah's baby pictures," and many of her friends and coworkers enthusiastically downloaded his malicious code. That made them victims of a scam known as "spear-phishing," a targeted version of the more familiar phishing scam in which the bait is a broad-based e-mail telling recipients that something has gone wrong with one of their accounts.
Just like the old Tom and Jerry cartoons, the cat-and-mouse game of hacker vs. IT professional never ends but continually changes scenes, though with anything but humorous stakes. That's why Henderson and other security experts drew an avid crowd of about 75 potential victims to a "Data Security Summit" on Wednesday at Penn State's Great Valley campus.
The all-day session was sponsored by INetU Inc., an Allentown Web-hosting company that also runs server farms in Chicago and Amsterdam. Other speakers included Microsoft's Hameed Mohammed, an expert in cloud-computing security who likens today's frequent data breaches to the relatively high level of air and auto accidents that occurred in the 1950s, when jets and superhighways were likewise in their infancy.
Henderson and Mohammed both aimed their advice at businesses trying to secure their systems and networks. But computer users of any type can benefit from warnings gleaned from their work.
