A couple of "don't miss" articles might be useful.
Jeff Crume's recent article on the myths and reality of Directories is a positive discussion of a topic that has been a source of considerable teeth gnashing if not outright nonsense.
Infoweek claims hacking attempts are up 81% this year, riding on the backs of Man In The Middle Attack kits reported to being sold at various hacker sites.
MITM based phishing continues to be not only theoretically possible, but a straight-forward exercise for anyone conversant in HTTP based technology. My new friends at Indiana University illustrate the an alternate view of the problem I discussed in a previous post. They also have a nice repository of papers if you're interested in a more academic treatment of phishing.