Language:
SEARCH
  • Recent Posts

  • Categories

  • Archives

Security

Phishing email with subject “SUNCOM”

Wednesday, February 5th, 2020

An email from a sun.ac.za address with the subject “SAFECOM – 5 / FEBRUARY / 2020” has been sent to staff and students. The email asks you to open a message received from “SUNCOM” (also see image below)

This is not a legitimate email, but a phishing attempt which will lead you to a fake website.

By clicking on links and providing your information, you give criminals access to your personal information and your accounts. If you think your account or device has been compromised or you notice suspicious activity:

  • Immediately change your password on www.sun.ac.za/password.
  • Contact the IT Service Desk by logging a request or calling 808 4367.
  • More information is available on our blog and Twitter.

Data Privacy day

Thursday, January 30th, 2020

In South Africa, we’re a bit late to the Data Privacy Day party. In Europe, it’s been around since 2007, while The United States joined in 2009. 

Data Privacy Day (known in Europe as Data Protection Day) is an international holiday that occurs every 28 January. The purpose of Data Privacy Day is to raise awareness and promote privacy and data protection best practices. 

Even though data Privacy Day has been around for more than ten years, awareness around the protection of data is becoming a critical issue. The reason is twofold. Firstly, data breach incidents across the world are occurring on a more regular basis and it’s happening to large companies who should have strict measures in place to protect their users’ data. Which brings us to the second reason – the implementation of GDPR and POPI. Before both these data laws, there was little to enforce companies to protect users’ data. The GDPR and POPI acts changed this. Now companies are held accountable and can be heavily fined for compromising their clients’ personal information.

Why is data so important, though? According to Mark Barrenechea, CEO at OpenText, “[e]very day we are building, brick by brick and bit by bit, a digital copy of ourselves, whether we are aware of it or not.” A bigger digital footprint makes it easier to find information about you, whether it’s personal information such as usernames and passwords, your physical location or your interests or hobbies. Algorithms can track your actions and anticipate your behaviour. Every little piece of information adds up to a bigger picture and can be used to your disadvantage. 

Sharing data is easy, which makes it critical that you take responsibility for protecting your own information. We can no longer depend on companies or social networks to keep our digital identities safe. This we’ve clearly seen over the past few year with multiple data breaches – many including large companies such as Facebook and Google. 

Data Privacy is just one day in the year to make data owners (that’s anyone using a digital platform!) aware of the importance of protecting data. However, we should be aware of the risks every day. How can you protect your data?  www.digitalguardian has an extensive guide, but here are 10 basic tips:

  1. Use encrypted networks when you’re accessing important information. Even though open and free Wi-Fi is tempting, it comes at a high risk. If you’re browsing websites not using https, know that whatever you do can be seen by someone else.
  2. Choose strong passwords. Don’t know how? Here are some tips. The general trend is using two-factor authentication. Better even, use a password manager as it’s the most secure solution.
  3. Protect your passwords. Don’t write them down. Don’t share them. And most importantly, don’t use the same password for all your social networks or websites. 
  4. Update your software when it prompts you to. Don’t ignore it because you don’t have time – it might be an important security update which will prevent that you are at risk.
  5. Update your antivirus software regularly. New versions of viruses, malware, etc. are released regularly to explore weaknesses. If you don’t update, you’ll be an easy target. Also, consider an anti-virus for your mobile devices – they are even more vulnerable.
  6. Check and configure privacy settings on your phone. Consider carefully which apps you give access to use certain services on your phone, for example the camera function.
  7. Lock your smartphone and tablet devices when you are not using them. Mobile devices are used to access social media, banking services and various other apps containing personal information.
  8. Enable remote location and device-wiping. If your mobile device is stolen, no-one will be able to access your information.
  9. Delete your data from old devices, for example, smartphones, before you sell, discard or pass them onto someone else. 
  10. Back up your data on a daily basis. If your device is infected with malware or stolen, you’ll still have your data. 

[SOURCES: https://www.forbes.comhttps://www.techradar.com]

Remember that movie you downloaded?

Monday, January 20th, 2020

With a fast internet connection and enough internet data, it’s possible to watch and download movies and series whenever you want. Unfortunately, it’s also not legal and everything you do online can be tracked and traced.  

Until recently television networks and film companies weren’t geared to trace and stop downloading and distribution of illegal movies. It was just too difficult and not cost-effective, however, this is no longer the case – even in South Africa. 

We frequently receive notifications from companies such as Warner Bros. and Columbia Pictures indicating that illegal, copyrighted material is being downloaded and seeded (distributed) from IP addresses within the university’s network. 

These emails include the specific IP address, the material downloaded and distributed and at which times. When we receive these notifications, we immediately send an email to the user of the address with a written warning. If they do not comply, these companies will take legal action.

The distribution or seeding of copyrighted material without a licence is both a criminal and civil offence in South Africa, even if distribution takes place from BitTorrent. Just because it’s available via a torrent, it doesn’t mean it’s legal.

In South Africa, under the Copyright Law of 1978, you can be sentenced for up to 5 years in prison and a fine of up to R10,000 for each item you distribute. Between 2010 and 2012, 200,000 people have been sued for uploading and downloading copyright material via BitTorrent.

So before you download the latest episode of your favourite series or stream movies from an illegal file sharing site, consider the consequences. There are many legal options to watch media online, from Netflix  to Showmax, so rather be safe and legal.

MORE INFORMATION:

How does BitTorrent and seeding work?

http://en.wikipedia.org/wiki/BitTorrent 

http://www.bittorrent.com/help/guides/beginners-guide

 


Example of a warning letter:

We are writing this letter on behalf of Columbia Pictures Industries, Inc. (“Rights Holder”) who own certain rights under copyright law in the title White House Down.

You are receiving this notice because your Internet account was identified as having been used recently to copy and/or distribute illegally the copyrighted motion pictures and/or television shows listed at the bottom of this notice. This notice provides you with the information you need in order to take immediate action that can prevent serious legal and other consequences. These actions include:

1. Stop downloading or uploading without authorization any motion pictures or TV shows owned or distributed by Rights Holder; and
2. Permanently delete from your computer(s) all unauthorized copies you may have already made of these movies and TV shows.
If this notice is being received by an Internet Service Provider (ISP), please forward the notice to the individual associated with the activities.
The unauthorized distribution or public performance of copyrighted works constitutes copyright infringement under the Copyright Act, Title 17 U.S Code Section 106(3)-(4). This conduct may also violate the Berne Convention for the Protection of Literary and Artistic Works and The Universal Copyright Convention, as well as bilateral treaties with other countries that allow for protection of Rights Holder copyrighted works even beyond U.S borders.
Below is the detail for your reference:
– ————- Infringement Details ———————————-
Title: White House Down
Timestamp: 2013-09-19T23:18:28Z
IP Address: 146.232.***.**
Port: *****
Type: BitTorrent
Torrent Hash: *************************************


 [SOURCE: http://mybroadband.co.za]

 

 

Eduroam Visitor Access (eVA)

Wednesday, November 6th, 2019

eVA (eduroam Visitor Access) is a new service which enables higher education and research institute visitors to access the secure and trusted eduroam Wi-Fi network. As additional identity management tool, eVA is a platform where visitors who only need temporary internet access can be registered in a simple and secure manner. 

What is it? 

eVA provides a mechanism that allows authorised staff at eduroam participating institutions to sponsor a visitor and issue temporary credentials to that person for a defined period. Designated eVA admin can determine who is eligible to sponsor visitors, and how long those visitors may gain access.

How does it work?

If you are interested in using eVA to register your department’s visitors, please log a request on the ICT Partner Portal. To simplify matters, this could typically be the same contact person as for SUNid and only one person per department or division.

Note that your line manager has to approve your request before we can assign you rights. Approval can also be done on the ITC Partner Portal.

What are the benefits?

  •  No other, additional registration, for example SUNid, is necessary to use this service.
  • Ease of use. Manuals and instructions are available online.
  • Visitor rights can be managed and limited.
  • Access expires automatically after the selected set date.
  • Records can be tracked and audited.

More information on eVA.

How do I report phishing?

Thursday, October 17th, 2019

You’ve received a suspicious email, what should you do with it? Firstly, don’t click on any links. But just as important, send it to us so we can prevent more staff and students falling prey to the scam. We encourage our customers to submit potential phishing examples for review. Using these submissions, the Cyber Security Incident Response Team (CSIRT) can learn from the analysis of these messages. This collectively helps to improve the level of virus and spam detection.

What is phishing?

Phishing attacks are designed to steal a person’s login and password details so that the cyber criminal can assume control of the victim’s social network, email, and online bank accounts. Seventy percent of internet users choose the same password for almost every web service they use. This is why phishing is so effective, as the criminal, by using the same login details, can access multiple private accounts and manipulate them for their own good. 

More on how to recognise a phishing email. 

Report phishing

  1. On the ICT Partner Portal:
  1. By sending an email:​​
  • Start up a new mail addressed to csirt@sun.ac.za.​​
  • Use the Title “SPAM” (without quotes) in the Subject.​​
  • With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure* and a small icon with a light yellow envelope will appear in the attachments section of the – New Mail.​​
  • Send the mail.​​

*Spam or phishing examples must be sent in either.EML or .MSG format as an attachment and must not be forwarded. This ensures the original email can be analysed with its full Internet message headers intact. Alternatively, use the mail application to save the email (usually located under File | Save As) as an .EML or .MSG format to a folder location, and attach the saved file to a new email.

 

© 2013-2020 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.