Security « Informasietegnologie

Security

Phishing scam warning: Your Apple Profile Suspension

Monday, November 3rd, 2014

Scammers have trawled the university web pages and perhaps even obtained e-mail addresses via compromised computers within the university, and are using these stolen addresses to create a phishing scam that can be dangerous, if you respond, especially if you have an Apple device and use iCloud etc.

The Subject will be “Your Apple Profile Suspension” (Notice the use of capitals for each word, already a sign that something is not right…)

Below is an example of such a mail. Do not respond to this mail, click on any of the links and fill in any details, on any page you might be directed to. This is a scam and you should firstly add the sender to your Blacklist, blacklist the subject line and consign the mail to your junkmail folder.

Here is the mail with the dangerous stuff filtered out, just in case you like clicking on links!…

From: Apple Accounts [mailto:hackedaddress@sun.ac.za]
Sent: Friday, 31 October 2014 17:36
To: Stolen US Adress, AN <stolenaddress@sun.ac.za>
Subject: Your Apple Profile Suspension

Dear stolenaddress@sun.ac.za

This email is to to inform you we regret to announce you that your Apple Account (stolenaddress@sun.ac.za) has been temporarily locked until we can certify your Apple ID details on file. This security measure to safeguard your iCloud Account from unapproved usage. We apologise for any inconvenience.
How do I validate my Apple ID and unsuspended my Apple ID?
Just click the link below to verify ownership of your Apple ID. Log-in in using your iCloud Account and password, then read the instructions.>> Validate My Apple/iCloud Account

When using Apple devices and services, you’ll still sign in with your usual email account as your Apple login.

If you have questions or want support, visit the Apple ID Support site.

Kind Regards,
Apple Identity Verification

Resolution ID: #H8MND945-ID129

Apple Account | Support | Privacy Policy | Manage Subscriptions

[INFORMATION SUPPLIED BY DAVID WILES]

Posted in E-mail, Security | Comments Off on Phishing scam warning: Your Apple Profile Suspension

What is PoPI or PPI?Wat is PoPI of PPI?

Friday, October 24th, 2014

PoPI or PPI is the Protection of Personal Information Act, an act approved by government at the end of 2013. The purpose of this act is to ensure that all South African institutions collect, process, save and share the personal information of entities in a responsible way.

The act deems institutions responsible if any personal information is abused or compromised. This is to your advantage as individual and owner of your personal information and gives you certain rights to be protected and also control of how your information can be used.

But what, according to PoPI, is personal information (PI)?

This is information pertaining to a living, natural person and where applicable an existing juristic person and includes the following:

Race, gender, sex, pregnancy, marital status, national or ethnic origin, colour, sexual orientation, age, physical or mental health, disability, religion, conscience, belief, culture, language and birth of a person;
Education, medical, financial, criminal or employment history;
Biometric information of the person; personal opinions, views or preferences; ID number, student number, e-mail address, physical address, telephone number;
Private or confidential correspondence. PI such as biometric information, medical status, religion, among others, are considered as Special PI (as described in section 26 of the act). Special PI is subject to stricter security measures.

8 informormation protection principles exist in PI according to PoPI. These principles can be illustrated by looking at a few examples within the university context:

PRINCIPLE	DESCRIPTION	EXAMPLE
Accountability	The organisation must ensure that the principles and measures in the Act are complied with.	SU establishes accountability and responsibilities, roles and organisation, policies and procedure to adhere to PoPI’s regulations.
Processing limitation	PI may only be processed in a fair and lawful manner with the consent of individuals.	US may only, for example, process the necessary PI of a prospective student, student and alumni, with the person’s permission.
Purpose specification	PI may only be processed for specific, explicitly defined and legitimate reasons.	Each PI item in an application form should have a specific and legitimate reason to be processed for the purposes of prospective study. “Religious belief” would therefore be questioned.
Further processing limitation	PI may not be processed for a seconday purpose unless that processing is compatible with the original purpose.	PI forming part of research data, processed for a specific research project, may not be used for another research project.
Information quality	The organisation must ensure that PI is accurate, reliable and up=to-date.	The responsibility lies with SU to ensure all PI regarding alumni, students, prospective students, scholars, etc. is accurate and up to date.
Openness	The Regulator and the data subject to be aware that PI is being collected by the organisation.	Potential prospective students have the right to be informed about SU’s intention to process their PI and for which reason.
Security safeguards	PI must be kept secure against the risks of loss, unauthorised access, interference, modification, destruction or disclosure.	The IT Division ensures that all policies, tools and control measures are in place and supplied to users to prevent leakage or unauthorised access to PI.
Data subject participation.	Data subjects may request the correction/deletion of any PI held about them that may be inaccurate or misleading.	This implies that alumni have the right to know what PI SU has of them and request that errors be corrected or that the item(s) be removed.

It is expected that PoPI will be fully promulgated early in 2015 and the University will be given granted 12 months to comply.

The project to comply to PoPI was launched at SU during 2013. Over a period of a year a multi-disciplinary project team, under leadership of mr Ralph Pina, Director: IT (Development) and Mobius Consulting, conducted a gap analysis and developed a road map. This phase has just been completed and the report was submitted last week. The remedial phase will be executed during this coming year.

PoPI of PPI is die Protection of Personal Information Act, `n wet wat einde 2013 goedgekeur is en waarvan die doel is om te verseker dat alle Suid-Afrikaanse instellings op `n verantwoordelike wyse persoonlike inligting van individue insamel, verwerk, stoor en deel. Die wet hou ook instansies verantwoordelik as enige persoonlike inligting misbruik of blootgestel word.

Dit bevoordeel dus vir jou as individu en eienaar van jou persoonlike inligting en gee aan jou sekere regte om beskerm te word en gee ook aan jou beheer oor hoe jou inligting gebruik mag word.

Maar wat, volgens PoPI, is persoonlike inligting (PI)? Persoonlike inligting is enige informasie wat te doen het met `n lewende persoon, en waar toepaslik, `n bestaande jursitiese persoon. Dit sluit die volgende in:

Ras, geslag, swangerskap, huwelikstatus, nasionaliteit of etniese herkoms, seksuele orientasie, ouderdom, fisiese of geestelike welstand, ongeskiktheid, geloof, gewete, geloof, kultuur, taal en geboortedetails;
Opvoeding-, mediese, finansiële, kriminele of werknemersgeskiedenis;
Biometriese informasie, persoonlike opinies, menings of voorkeure; ID nommer, studentenommer, e-posadres, fisiese adres, telefoonnommer en privaat of persoonlike korrespondensie.

PI soos biometriese inligting, mediese status, geloofsoortuigings, onder andere, word as Spesiale PI beskou (in afdeling 26 van die wet beskryf). Spesiale PI is onderhewig aan strenger beskermingsmaatreëls.

M.a.w. as die inligting die persoon kan identifiseer, is dit persoonlike inligting.

Daar bestaan 8 beginsels insake die beskerming van PI volgens POPI. Die beginsels word aan die hand van enkele voorbeelde in die universiteit se konteks verduidelik:

BEGINSEL	BESKRYWING	VOORBEELD
Accountability	The organisation must ensure that the principles and measures in the Act are complied with.	Die US vestig verantwoordbaarheid en verantwoordelikhede, rolle en organisasie, beleide en prosedures om aan die bepalings van PoPI te voldoen.
Processing limitation	PI may only be processed in a fair and lawful manner with the consent of individuals.	Die US mag slegs die nodige PI m.b.t. ŉ voornemende student, student en alumnus, byvoorbeeld, met die toestemming van die persoon vaslê.
Purpose specification	PI may only be processed for specific, explicitly defined and legitimate reasons.	Elke PI item in die aansoekvorm moet slegs vir ŉ spesifieke en legitieme rede vir die doeleindes van voornemende studie vasgelê word. ŉ “Kerkverband” sou dus bevraagteken kon word.
Further processing limitation	PI may not be processed for a seconday purpose unless that processing is compatible with the original purpose.	PI wat deel uitmaak van navorsingsdata wat vir ŉ spesifieke navorsingsprojek vasgelê is, mag nie vir ŉ ander navorsingsprojek aangewend word nie.
Information quality	The organisation must ensure that PI is accurate, reliable and up=to-date.	Die onus berus by die US om te verseker dat PI omtrent alumni, studente, voornemende studente, skoliere, ens. akkuraat en op-datum is.
Openness	The Regulator and the data subject to be aware that PI is being collected by the organisation.	Potensiële voornemende studente het ŉ reg om ingelig te word dat die US PI omtrent hulle vaslê, en vir welke rede.
Security safeguards	PI must be kept secure against the risks of loss, unauthorised access, interference, modification, destruction or disclosure.	Die Afdeling IT verseker dat die beleide, gereedskap en beheermaatreëls in plek is en aan gebruikers voorsien word om lekkasie van of ongeoorloofde toegang tot PI te voorkom.
Data subject participation.	Data subjects may request the correction/deletion of any PI held about them that may be inaccurate or misleading.	Dit impliseer dat ŉ alumnus die PI wat die US omtrent hom/haar het, kan ondersoek en vra dat foute reggestel word of uitgewis word.

Daar word aangeneem dat PoPI in werking gestel sal word vroeg in 2015 en dat die Universiteit gevolglik, 12 maande gegun sal word om daaraan te voldoen.

Reeds in 2013 is die projek by die US om aan PoPI te voldoen, goedgekeur. Oor `n tydperk van `n jaar het `n multi-dissiplinêre projekspan, onder mnr Ralph Pina, Direkteur: IT (Ontwikkeling) se leierskap, en Mobius Consulting ‘n gapings-analise gedoen en `n padkaart ontwikkel. Hierdie fases is sopas afgehandel en die verslag is verlede week voorgelê. Die remediërende fases sal in die komende jaar uitgevoer word.

Posted in General, Security | Comments Off on What is PoPI or PPI?Wat is PoPI of PPI?

Lose your cellphone, lose your infoVerloor jou selfoon, verloor jou inligting

Friday, October 24th, 2014

If you lost your cellphone today, what would a criminal have access to? Your smses? Your banking details? Your private documents saved in your e-mail? Or sensitive work documents even?

And yet, we carry this invaluable information with us every day. We absentmindedly wander around talking in public while we’re within reaching distance of any opportunistic criminal. But there are also other ways to access information on your phone by means of spyware and other suspicious software.

We use our cellphones more and more to organise and plan our lives and at the same time, make ourselves more vulnerable.

However, there are a few measures you can take to ensure you don’t become a victim.

1. PASSWORD OR PIN

This is your most important first line of defense. Without a PIN or password, anyone can get hold of your cellphone, access your e-mail, bank details, sms and personal information.

And Microsoft’s head of online security agrees.”Using a PIN or unique password is the single most important thing to do as a user of a smartphone to protect the device, the data and your reputation.” According to Beauchere the data on your phone is also more recent than the data on your desktop or laptop. This increases the risk even more.

Last year Microsoft conducted a worldwide online survey regarding the usage of PINs. 10 000 desktop and mobile device users from 20 countries took part. Only 28% of these used a PIN on a device.

2.CELLPHONE APPS

Be very careful which apps you download and where you download them from. It’s great having an app to streamline your life or one to entertain you, but weigh the pros and cons against each other.

Even if an app looks nifty, rather download a similar one from renowned app shops like iTunes, Google Play and Amazon. So some research. Read other readers’ comments, how they rate the app and if they experienced any problems with it.

3. DUBIOUS LINKS

According to research people are 3 times more likely to click on a link on their phone than one on their PCs. The fact that the screen is smaller and dubious links not as easily recognised could be the reason. Be suspicious of request for personal information you receive via links in sms, e-mail or social networks. By clicking on them, you run the risk of identity theft.

4. UNPROTECTED WI-FI

When you use an open WI-FI network in coffee shops, malls and other public places you information isn’t securely sent through the air. Any other person can intercept it during transmission. If you have to do banking on your phone or work with sensitive information, rather wait till your at work or home and have access to a secure WI-FI network.

5. SPYWARE

Without a password cyber criminals can load spyware on your phone and track your sms records, e-mails, banking transactions and location. To prevent this from happening, activate a password or PIN on your phone or download an app from a reputable store to scan for and remove spyware and viruses.

If you’d like to read more on cellphone security, wikipedia has extensive information.

[SOURCES: www.rd.com, www.computerworld.com]

As iemand nou jou slimfoon moet steel, tot watter inligting sal hy toegang kan kry? Jou smse? Jou bankdetails? Jou privaatdokumente wat op jou e-pos gestoor is of sensitiewe werksdokumente?

En tog, ons dra al hierdie belangrike inligting elke dag saam met ons, stap en gesels in die openbaar op ons telefone en is eintlik binne bereikafstand vir enige opportunistiese grypdief. Maar daar is ook ander maniere om by jou inligting uit te kom deur middel van “spyware” en ander verdagte sagteware.

Hoe meer ons slimfone gebruik om ons lewens te organiseer en te beplan, hoe meer stel ons onsself bloot en ongelukkig is dit wel so dat slimfoondiefstal al meer toeneem.

Daar is egter maatreëls wat jy kan tref om te voorkom dat jy nie `n slagoffer word nie.

1. WAGWOORD OF PIN

Hierdie is jou eerste en belangrikste voorsorgmaatreël. Sonder `n PIN of wagwoord het enigiemand wat jou selfoon in die hande kry, toegang tot jou e-pos, bankdetails, sms’e en persoonlike inligting.

En Microsoft se Hoof: Aanlynsekuriteit, Jacqueline Beauchere, stem saam. “Using a PIN or unique password is the single most important thing to do as a user of a smartphone to protect the device, the data and your reputation.”. Volgens Beauchere is die data op jou selfoon ook meer onlangs en op datum as die op jou rekenaar, wat die risiko nog meer verhoog.

2.SELFOONTOEPASSINGS

Wees versigtig watter toepassings jy aflaai en waar jy dit aflaai. Dis wonderlik om `n toepassing te kry wat jou lewe meer stroombelyn kan maak of wat pret kan verskaf, maar weeg die voordele en risikos teen mekaar op.

Al lyk `n toepassing hoe oulik, laai eerder net by bekendes soos iTunes, Google Play, Amazon, ens. af. Doen ook `n bietjie navorsing. Lees wat ander gebruikers daaroor sê, hoeveel punte gee hulle die toepassing, was daar enige probleme daarmee?

3. VERDAGTE SKAKELS

Volgens navorsing kliek mense 3 keer makliker op `n skakel op hul fone as op hul rekenaars. Die rede hiervoor is waarskynlik omdat die skerm kleiner is en jy moeilik kan identifiseer of die skakel verdag is.

Oppas vir skakels wat via sosiale netwerk, sms of e-pos vir jou gestuur word en persoonlike inligting vra. Op dié manier stel jy jou bloot vir identiteitsdiefstal.

4. ONSEKURE WI-FI

Wees versigtig hoe jy oop wi-fi punte soos die in koffiewinkels, winkelsentrums, en ander openbare plekke, gebruik. Omdat dit nie sekuur is nie, word jou inligting onveilig deur die lug versend. Enige anderpersoon kan dit onderskep gedurende versending. As jy banksake wil doen of met sensitiewe informasie wil werk, doen dit liewer by die huis of werk waar jy weet die wi-fi sekuur is.

5. SPYWARE

Sonder `n wagwoord kan kuberkriminele spyware op jou selfoon laai en jou sms’e, e-posse, banktransaksies en ligging maklik nagaan. Om te voorkom dat daar spyware op jou selfoon beland, aktiveer `n wagwoord of PIN, maar laai ook op Google Play of iTunes vir jou `n betroubare toepassing af wat spyware en virusse kan opspoor en verwyder.

Meer gedetaileerde inligting oor selfoonsekuriteit is beskikbaar op wikipedia.

[BRONNE: www.rd.com, www.computerworld.com]

Tags: mobile security, security
Posted in E-mail, Security | Comments Off on Lose your cellphone, lose your infoVerloor jou selfoon, verloor jou inligting

How to be safe on the internetHoe om veilig die internet te gebruik

Friday, October 10th, 2014

In a recent article on Memeburn it was stated that, according to Kaspersky Lab’s report on cyber threats in Africa, “there were over 4.6 million cyber-attacks and malware infections on the computers and mobile devices of users in South Africa in the first quarter of 2014.” If you think you were safe from cyber criminals because they only target countries with higher income levels, you’re wrong.

cone But before you start panicking, there are precautions you can take to ensure you don’t become one of Kaspersky’s statistics.

The best defense against spyware and other unwanted software is not to download it in the first place. Here are a few tips that can help you avoid downloading software that you don’t want –

Download programs only from websites you trust. If you’re not sure whether to trust a program you are considering downloading, enter the name of the program into your favorite search engine to see if anyone else has reported that it contains spyware. Files that end in the extensions .exe or .scr commonly hide malware. However, even files with familiar extensions such as .docx, .xlsx, and .pdf can be dangerous.
Read all security warnings, license agreements, and privacy statements associated with any software you download. Before you install something, consider the risks and benefits of installing it, and be aware of the fine print. For example, make sure that the license agreement does not conceal a warning that you are about to install software with unwanted behaviour.
Never click “Agree” or “OK” to close a window. Instead, click the red “x” in the corner of the window or press Alt + F4 on your keyboard to close a window.
Be wary of popular “free” music and movie file-sharing programs, and be sure you understand all of the software that is packaged with those programs.
Use a standard user account instead of an administrator account on your PC. This will prevent unwanted software from being installed without your knowledge.
Don’t click links on suspicious websites or in email messages. Instead, type the website address directly into your browser, or use bookmarks.
Don’t automatically trust that instant messages, email messages, or messages on social networking websites are from the person they appear to be from. Even if they are from someone you know, contact the person before you click the link to ensure that they intended to send it.

If you think your PC has been infected with unwanted software, do not hesitate to contact us at 808 4367 or helpinfo@sun.ac.za. If you’re unsure whether your PC has been infected, read our article on how to detect malware.

Source: http://www.microsoft.com/security/pc-security/antivirus.aspx

Die webwerf Memeburn het onlangs, in `n artikel oor internetsekuriteit genoem dat, volgens `n Kaspersky Lab-verslag, was daar meer as 4.6 miljoen kuberaanvalle en “malware”-infeksies op rekenaars en mobiele toestelle van gebruikers in Suid-Afrika gerapporteer in die eerste vier maande van dié jaar. As jy gedink het jy is veilig, omdat kuberkriminele net lande teiken met hoë inkomstegroepe, is jy verkeerd.

cone Maar voordat jy paniekerig begin raak, daar is `n paar maatreëls wat jy kan tref om te voorkom dat jy een van Kaspersky se statistieke word.

Die beste verweer teen loerware en ander ongewensde sagteware is om dit net eenvoudig nie af te laai nie. Hier is `n paar wenke om te help keer dat jy sagteware aflaai wat jy in die eerste plek nie wou hê nie –

Gebruik slegs webwerwe wat jy vertrou om sagteware by af te laai. As jy steeds onseker is oor die program wat jy wil aflaai, doen `n internet soektog met en kyk of enigiemand anders probleme daarmee ondervind het of loerware teëkom het. Leêrs wat eindig met die verlengings .exe of .scr word algemeen gebruik om “malware” te stoor. Leêrs wat eindig met .docx, .xlsx, en .pdf kan egter netsoveel gevaar inhou.
Lees alle sekuriteitwaarskuwings. lisensie-ooreenkomste en privaatheidverklarings geassosieer met enige sagteware wat jy aflaai. Voordat jy iets installeer, weeg die risikos en voordele op wat die installasie vir jou gaan inhou en wees bewus van die fynskrif. Maak byvoorbeeld seker dat die lisensie-ooreenkoms nie `n waarskuwing insluit wat aandui dat jy juis sagteware gaan installeer wat ongewens mag optree nie.
Moet nooit op “Agree” of “OK” kliek om `n venster toe te maak nie. Kliek eerder op die rooi kruisie in die hoek of druk Alt + F4 op jou sleutelbord om `n program toe te maak.
Wees versigtig vir populêre musiek en fliek deelprogramme en maak seker jy verstaan watter sagteware verpak is binne daardie sagteware.
Gebruik `n standaard-rekening in plaas van `n administrateur-rekening op jou rekenaar. Dit sal voorkom dat ongewensde sagteware sonder jou medewete installeer word.
Moenie op bedenklike webwerwe of e-posboodskappe kliek nie. Tik eerder die webwerf-adres direk in jou webblaaier in of gebruik boekmerke.
Moenie sommer-net vertrou dat kitsboodskappe, e-pos boodskappe of boodskappe op sosiale netwerke werklik van die persoon is wie se naam daarop verskyn nie. Selfs al is dit van iemand wat jy ken, kontak eers die persoon voordat jy daarop kliek om seker te maak hulle het wel bedoel om dit vir jou te stuur.

Indien jy vermoed jou rekenaar is besmet met ongewensde sagteware, kontak ons gerus by 808 4367 of helpinfo@sun.ac.za. As jy twyfel of jou rekenaar besmet is, lees ons vorige artikel om vas te stel wat die moontlike simptome kan wees.

[BRON: http://www.microsoft.com/security/pc-security/antivirus.aspx]

Posted in Security | Comments Off on How to be safe on the internetHoe om veilig die internet te gebruik

What’s wrong with your password?Wat is verkeerd met jou wagwoord?

Friday, October 10th, 2014

Passwords are an important aspect of computer security and your electronic key to the network of Stellenbosch University. But which passwords work best?

Lorrie Faith Cranor is a security researcher and an Associate Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University. In March of this year she presented a TED talk on her study of thousands of real passwords to figure out the surprising, very common mistakes that users — and secured sites — make to compromise security.

Watch her very interesting talk on her research on passwords below. After watching Lorrie’s talk you might also want to change your own password. On how to do that and more password tips, have a look at our wiki or make use of the self help function online.

http://www.ted.com/talks/lorrie_faith_cranor_what_s_wrong_with_your_pa_w0rd

Wagwoorde is `n belangrike komponent van rekenaarsekuriteit en jou elektroniese sleutel to Universiteit Stellenbosch se netwerk. Maar watter wagwoorde is die mees effektief?

Lorrie Faith Cranor is `n sekuriteitsnavorser en `n Mede-professor in Rekenaarwetenskap en van Ingenieurswese en Openbare beleid by die Carnegie Mellon Universiteit. In Maart vanjaar het sy `n TED Talks aanbieding gegee oor haar studie van duisende oorspronklike wagwoorde om vas te stel watter verrassende, baie algemene foute gebruikers, sowel as veilige webwerwe, maak en sekuriteitsrisikos veroorsaak.

Kyk gerus onder na haar interessante gevolgtrekkings oor wagwoorde. Jy mag moontlik daarna jou eie wagwoord wil hersien. Instruksies oor hoe om dit te doen kan op ons wiki gedoen word of probeer die selfhelp-funksie aanlyn.

http://www.ted.com/talks/lorrie_faith_cranor_what_s_wrong_with_your_pa_w0rd

Tags: online security, password
Posted in Security | Comments Off on What’s wrong with your password?Wat is verkeerd met jou wagwoord?

IT links

SU Links

[:en]Recent Posts[:af]Onlangse bydraes

[:en]Categories[:af]Kategorieë

[:en]Archives[:af]Argiewe