News on the implementation of the new firewall will also be available at http://www.sun.ac.za/newfw.

These personalized, deceitful messages can be crafty and believable enough to slip by spam filters and other security protections and to trick you — the last line of defense.

About one in every 300 emails in 2011 was a phish. University academics and administration personnel should be especially concerned because these emails are surfacing more and more in university mailboxes. Almost 50% percent of university accounts have received a phish in their work email in 2011. Often, these messages are personalized “spear” messages to specific employees, sometimes including details mined from LinkedIn and other social networks to make them more plausible.

Spear phishing emails can be alarmingly effective. Google and a slew of large companies had valuable intellectual property stolen over the last two years in attacks that began with a spear phish of an employee. The university can also be a prime target. Don’t think that because we are an academic institution, we are not important to criminals. There is a lot of valuable and sensitive data that is available within the university network, and that is worth a lot of money.

The rule of thumb that you can use to judge the vast majority of mail that arrives in your mailbox – if it is legitimate or a phishing attack – is whether you know or are associated with the sender. If not and someone out of the blue mails you, then you then the chances that it is a phisher at the other end is very high!

There are more details on the GERGABlog here.

Over 60% of all South African companies have had computers stolen at some point, but university computer labs have become a favorite target for criminals,  because the computers in these areas are easily accessible and easy to dispose of on the black market.

Here are some useful tips to protect your computer in the office, at your hostel and at home:

• Mark computers and laptops in a permanent way, through the use of microdots, engraving or other means, to entrench and secure their identity. This negatively affects their resale value on the illegal market and is therefore a deterrent for thieves.
• Keep an up-to-date inventory of all computer equipment. The list should include the make and description, serial number and the purchase date, place and price of each item. This can help prevent internal theft and will help the police and insurance companies should a burglary occur.
• Station computers and high-value equipment away from windows on the ground floor.
• Attach or anchor computers to furniture or something solid with security plates or security cables.
• Store laptops in high-security cabinets or in a safe when not in use.
• Fit alarms to computers. Some of these fit inside computers and sound if the equipment is moved. Others, called ‘loop’ alarms have a cable which passes through the equipment and which sounds if it is broken.
• Make sure all employees know not to leave laptops unattended and in full view.
• Employees should be encouraged to take laptops home or lock them up safely at the end of the working day.

There will most certainly be period of instability as the transfer from one net to another is done, so please exercise a bit of patience. I asure you the wait and the few hours of inconvenience will be worth it!

There is a media release that has some interesting information.

The Complete list…

The South African Internet Service Providers’ Association (ISPA) updated their “Spam Hall of Shame” recently, naming and shaming the country’s spammers and e-mail address resellers.

Until recently it was mainly the embarrassment of appearing on this list which made it a deterrent to spammers, but an announcement by a local firm that it is using this data in fighting spam changes the game.

Pinpoint SecureMail said that they are integrating the Internet Service Providers’ Association (ISPA) Hall of Shame anti-spam watchlist in their e-mail protection software. According to Yossi Hasson, managing director of Pinpoint SecureMail development company SYNAQ, this means that all companies listed on the ISPA spam Hall of Shame are immediately given an extra weighting on SYNAQ’s spam algorithms and are quarantined.

In the first three weeks following the ISPA Hall of Shame integration into Pinpoint SecureMail, SYNAQ identified and blocked 146,926 spam messages sent out by companies included in the list.

The latest spammers and email address resellers listed in ISPA’s spam hall of shame are as follows…

From MyBroadband.co.za

Because these drives are so popular and generally get used to move data between multiple systems frequently, they are also a prime target for attackers as means to get infections spread around with you doing most of the work for them.

Virusses that  target USB Flashdisks are usually designed so that they do not affect your computer directly, but once an external drive or other storage based device is plugged in, the virus goes to work and transfers malicious code to the device without you even knowing that it is taking place – now your flashdisk has become the attackers tool!

Flashdisk virusses can be used to steal your personal information, sensitive documents, allow external access to the infected system, or even spread an annoying virus to the university network via network shares – the possibilities are limitless.

So what can you do about protecting yourself against such activity?

Panda Security have released a small tool to immunise your USB flashdisks against most common malware infections.

It is called USB Vaccine and can be downloaded here: (intranet access only)

Also available on the Internet here:

Below is a link to a comprehensive list of viruses that DO NOT EXIST, despite rumor of their creation and distribution. You will need your NXInetkey to be open to access the page.

Please ignore any messages received regarding the supposed “viruses” or “promotional gimmicks” listed above and do not pass on any messages about them. They all contain bogus information, and are intended only to frighten or confuse users. Do not forward or pass these messages on as it only serves to further propagate them. There are better things to do with your time than forward on hoax messages.