Sekuriteit
(English) Windows 10 upgrade and McAfee
Woensdag, Augustus 10th, 2016
Vals e-pos skep verwarring
Vrydag, Julie 15th, 2016IT se “Admin Desk” het verlede week talle e-posse uitgestuur om personeel en studente te versoek om rekeninge te heraktiveer. Of het ons? Gelukkig word ons gebruikers nie meer met `n slap riem gevang nie. Of is julle?
Phishing e-posse, wat vra dat jy jou e-posrekening heraktiveer, is uitgestuur vanaf die rekening “The IT Admin Desk”. Twee ander e-posse is gestuur deur “ADMIN TEAM” en “IT SERVICE DESK” vanaf dieselfde bron, gekaapte e-posse by opvoedkundige instellings in Minnesota en Iowa.
Al die e-posse versoek dat jy, deur middel van `n skakel, aanteken om jou rekening te verifieer of opdateer. Een is herlei na `n bediener in Brasilië, die ander Kalifornië.
Moenie reageer op hierdie e-posse nie en moet ook nie na die verskafte webwerfadres gaan nie. Moenie jou gebruikersnaam, wagwoord, of enige ander inligting op die webwerf invul nie.
Universiteit Stellenbosch se Informasietegnologie-afdeling hoef nie jou gebruikersnaam en wagwoord te vra nie. Die enigste plek waar dit nodig is om in te vul is op www.sun.ac.za/useradm, waar jy jou eie rekening bestuur. IT kan jou e-posrekening skuif of opgradeer sonder dat jy enigiets hoef te doen.
Ons e-posse sal altyd herkenbaar wees, in dieselfde formaat en in Afrikaans en Engels.
Indien jy onseker is oor ‘n e-pos, vra vir jou plaaslike rekenaarkundige of kontak die IT Dienstoonbank (021-8084367 of helpinfo@sun.ac.za).
Hier is `n voorbeeld van die phishing e-pos:
From: I, Amscammer
Sent: Thursday, July 14, 2016 5:56 AM
To: 1,Amscammer
Subject: ADMIN TEAM/IT SERVICE DESK/IT HELPDESK/IT SUPPORT/WEBMAIL ADMIN (and all variations you could think of)
Dear E-mail User:-
Take note of this important update that our new webmail has been improved with a new messaging system from Owa/outlook which also include faster usage on e-mail, shared calendar,web-documents and the New 2016 Anti-Spam Version.
Please use the link below to complete your update for our new Owa/outlook improved webmail.
Log on to Outlook Web Access<http://iam.aspammer.com> to update your mailbox.
ITS Help Desk
ADMIN TEAM
©Copyright 2016 Microsoft Outlook
All Right Reserved.
[INLIGTING VERSKAF DEUR DAVID WILES]
(English) New spam e-mail distributed on campus
Vrydag, Julie 8th, 2016Selfs Zuckerberg gebruik swak wagwoorde
Donderdag, Junie 9th, 2016Mark Zuckerberg, tegnologiese reus, Facebook grootbaas en (mens sou dink?) rekenaargenie, se Twitter en Pinterest-rekeninge is die naweek gekaap.
Hy is wel ʼn gesogte teiken vir enige kuberkraker – wie sal nie wil sê hy kon toegang kry tot Mark Zuckerberg se rekeninge nie? Ongelukkig het dit nie veel vaardigheid vereis nie.
Die Zuck het voor-die-hand-liggende glipse gemaak. Eerstens het hy ʼn eenvoudige, maklike wagwoord gebruik. Een wat bestaan uit slegs twee unieke karakters: dadada. Geen hoofletters, geen spesiale karakters, geen probleem vir ʼn kraker.
Sy tweede fout was om dieselfde wagwoord te gebruik vir sy Twitter en Pinterest-rekeninge. Gevolglik kon kuberkrakers sonder moeite toegang tot beide rekeninge kry.
Wat ons eintlik probeer sê is, moenie te sleg voel as jy eenvoudige wagwoorde gebruik omdat dit maklik is om te onthou nie. Selfs Mark Zuckerberg doen dit. Ons wil egter aanbeveel dat jy, vir jou eie veiligheid, begin om unieke, ongewone wagwoorde te gebruik en nie 123456 vir al jou rekeninge nie.
Indien dit moeilik is om verskillende wagwoorde vir verskillende rekeninge te onthou of wagwoorde te ingewikkeld raak met snaakse karakters, hoofletters en leestekens, oorweeg sagteware wat jou daarmee kan help, byvoorbeeld KeePass en LastPass.
Daar is wel goeie nuus vir wagwoord-haters. Google werk aan ʼn alternatiewe metode vir gebruikers om toegang tot Android-fone te kry. Hierdie metode sal veiliger wees en gebruik nie ʼn wagwoord nie.
Projek Abacus gebruik Trust API, sagteware wat herken hoe ʼn gebruiker tik, sy stem klink, sy gesig lyk, waar hy homself bevind en ander biometriese merkers. Werk aan die projek behoort teen die einde van die jaar voltooi te wees.
[BRONNE: http://qz.com, http://www.nytimes.com]
(English) So did you also get an e-mail from Pravin Gordhan?
Woensdag, Mei 25th, 2016Every day, countless phishing emails are sent to us at Tygerberg Campus and to the Main Campus. This one (see below) is so outlandish that it is an obvious fraud, but others can be a bit more convincing. Using this as an example, there are a number of things that you can look for.
Here are 10 of them:
1: The message contains a mismatched URL: If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious.
2: URLs contain a misleading domain name: Phishers try to convince their victims that a message came from the government or a company like Microsoft or Apple.
3: The message contains poor spelling and grammar: Reading this mail I attach as an example should leave no doubt.
4: The message asks for personal information: No matter how official an email message might look, it’s always a bad sign if the message asks for personal information. Your bank doesn’t need you to send your account number, neither does the government.
5: The offer seems too good to be true: If you receive a message from someone unknown to you who is making big promises, the message is probably a scam.
6: You didn’t initiate the action: If you get a message informing you that you have won a contest you did not enter, you can bet that the message is a scam.
7: You’re asked to send money to cover expenses: One telltale sign of a phishing email is that you will eventually be asked for money or provide data to release the money.
8: The message makes unrealistic threats: Here the “minister” says if you don’t respond the government will take the money. (That should bring a smile to your face!)
9: The message appears to be from a government agency: Phishing artists who want to use intimidation don’t always pose as a bank. Sometimes they’ll send messages claiming to have come from a government agency or SARS.
10: Something just doesn’t look right: Professionals in the security business are taught to look for anything that is “JDLR” – (Just Doesn’t Look Right) If you receive a message that seems suspicious, it’s usually in your best interest to avoid acting on the message.
[ARTICLE BY DAVID WILES]
From: Pravin Gordhan [mailto:praving@treasury.gov.za]
Sent: Tuesday, 24 May 2016 14:36
Subject: FOR YOUR URGENT ATTENTION-FROM THE OFFICE OF HONORABLE MINISTER OF FINANCE.
Attention,
I write in respect of a fund brought to the department of National Treasury earlier today from Reserve bank under your name.
From the reports contained in the file having your information attached to the fund, the fund was supposed to be transferred to you from Reserve bank, but was not due to some reasons that were not mentioned in the file.
The fund is 9.5m USD. Are you aware of the fund?
This notification stands as the first and final notice to you for you to claim your fund and after 5 working days of this notification, if I do not hear from you, I will have no option than to declare the fund government’s fund.
Please re-confirm the following details;
1, Your full name and address.
2, Your age and occupation.
3, Your cell phone number.
Revert back to me as soon as get this email, so that we can process the release your fund to you.
Yours Sincerely.
Pravin Gordhan
Honorable Minister of Finance,
Republic of South Africa.