SEARCH

  • [:en]Recent Posts[:af]Onlangse bydraes

  • [:en]Categories[:af]Kategorieë

  • [:en]Archives[:af]Argiewe

Security

« Older Entries
Newer Entries »

[:en]Zoom not recommended for meetings[:af]ZOOM nie aanbeveel vir vergaderings[:]

Friday, May 8th, 2020

[:en]

Over the past few weeks we’ve had to find new ways of connecting with people. Zoom has become the popular choice for anything from online exercise classes to quizzes. While it is perfectly fine for personal use, we do not recommend Zoom for your official meetings with colleagues or students. Although it’s simple to set up and free, there are multiple security risks.

Why take the risk if Microsoft Teams can do the same safely?

To help you make an informed decision we prepared a comparison table of Adobe Connect, Teams and Zoom. The comparison table shows the strengths and weaknesses of each product and the areas marked in red are serious weaknesses. Do not use a product if any area is marked red. 

SUNStream is based on Adobe Connect and runs on a server on campus which is fully integrated with SUNLearn. It will be zero-rated to allow students to access the system without data costs. This is the preferred streaming platform for lecture use and is particularly suited for larger classed as it uses a very structured approach. Adobe Connect is also fully integrated with SUNLearn.  

Teams has become the University standard for meetings and is also suitable for classes of up to 250 participants. Teams is not just a streaming service; it is an excellent collaboration platform. Teams has also been integrated into SUNLearn, allowing lecturers to use class groups within Teams. Unfortunately it will not be zero-rated soon, since it is running on the Microsoft commercial cloud. 

*  NB. If you record your meetings in teams, keep in mind that the recording will be available to everyone who attended the meeting – even if just for a short while as a guest. Don’t use your current meeting to continue a different meeting, for example with a smaller group. If you do this everyone who attended the initial meeting will be able to listen to your recording.  Rather create a separate one. More on privacy and security in Microsoft Teams.

Zoom has become very popular largely due to its ease of use – but therein lies the risk: security and ease of use are on the opposites of the scale. Zoom places the burden on the users to protect themselves. Two South African ministers have found themselves in trouble when using Zoom, the latest being reported 6 May 2020 in a so-called “Zoombombing” incident. (also see below what “Zoombombing” is) The University regards Zoom as a risk, and will not support its use.  

Also read security expert, Basie von Solms’, article on protecting your video calls on LitNet (unfortunately only available in Afrikaans) and Computerworld’s article on the do’s and don’ts of video conferencing security.

 

ZoombombingZoom-bombing or Zoom raiding[1] is the unwanted intrusion into a video conference call by an individual, causing disruption. The term became popularized in 2020, after the COVID-19 pandemic forced many people to stay at home and videoconferencing was used on a large scale by businesses, schools, and social groups. The term is associated with and derived from the name of the Zoom videoconferencing software program but it has also been used to refer to the phenomenon on other video conferencing platforms.[2][3][4]

SOURCE: Wikipedia

 

[:af]

Gedurende die afgelope paar weke moes die meeste van ons nuwe metodes kry om ons verbindings met ander mense te volhou, Zoom het die gewilde keuse geword vir enigiets van aanlyn oefenklasse tot vasvra-kompetisies. Alhoewel dit voldoende is vir persoonlike gebruik, beveel ons nie Zoom aan vir jou amptelike vergaderings met kollegas of studente nie. Ja, dis gratis en eenvoudig om op te stel, maar die sekuriteitsrisiko’s weeg swaarder as die voordele.

Hoekom die kans waag as jy dieselfde met Microsoft Teams kan doen?

Om jou te help om ʼn ingeligte besluit te neem, het ons ʼn vergelykende tabel opgetrek wat die voor-en nadele van Adobe Connect, Teams en Zoom aandui. Die vergelykende tabel dui die sterk- en swakpunte aan van elke produk. Die areas wat in rooi gemerk is, is ernstige swakplekke en die produk moet in daardie geval nie gebruik word nie. 

SUNStream is gebaseer op Adobe Connect en loop op ʼn kampusbediener wat ten volle geïntegreer is met SUNLearn. Toegang is teen ʼn zero-tarief wat studente toegang tot die stelsel gee sonder enige datakostes. Dis die voorkeur stroom-platform vir lesings en is veral geskik vir groter klasse aangesien dit `n gestruktureerde benadering volg. Adobe Connect is daarbenewens ten volle geïntegreer met SUNLearn.

Teams het die Universiteit-standaard geword vir vergaderings en is ook geskik vir klasse van tot 250 deelnemers. Teams is nie net ʼn stroom-platform nie, dis ʼn uitstekende platform vir samewerking. Teams is ook geïntegreer met SUNLearn en laat dosente toe om klasgroepe te gebruik binne Teams. Ongelukkig sal dit nie binnekort teen ʼn zero-tarief beskikbaar wees nie aangesien dit op die kommersiële Microsoft-wolk is.

* NB. Indien jy vergaderings opneem in Teams, hou in gedagte dat die opname beskikbaar gestel word aan almal wat die vergadering bygewoon het – selfs net vir ʼn kort tydperk as ʼn gas. Moenie jou huidige vergadering gebruik om aan te gaan met ʼn volgende vergadering nie. Wanneer jy dit doen sal almal wat die oorspronklike vergadering bygewoon het steeds toegang hê tot die opname. Skep liewer ʼn nuwe sessie vir elke vergadering.  Meer oor privaatheid en sekuriteit in Microsoft Teams.

Zoom is hoofsaaklik populêr weens sy gemak van gebruik – maar dit is die risiko: sekuriteit en gemak van gebruik lê aan teenoorgestelde pole. Zoom plaas die las op gebruikers om hulleself te beskerm. Onlangs het twee Suid-Afrikaanse ministers met rooi gesigte gesit toe hulle  Zoom-vergadering ge”Zoombomb” is. (sien ook onder wat “Zoombombing” is) Die Universiteit beskou Zoom as `n risiko en sal nie die gebruik daarvan ondersteun nie.  

Lees ook sekuriteitsdeskundige, Basie von Solms, se LitNet-artikel oor sekuriteit tydens video-oproepe en Computerworld se artikel oor die moets en moenies van videokonferensies.

 

ZoombombingZoom-bombing or Zoom raiding[1] is the unwanted intrusion into a video conference call by an individual, causing disruption. The term became popularized in 2020, after the COVID-19 pandemic forced many people to stay at home and videoconferencing was used on a large scale by businesses, schools, and social groups. The term is associated with and derived from the name of the Zoom videoconferencing software program but it has also been used to refer to the phenomenon on other video conferencing platforms.[2][3][4]

SOURCE: Wikipedia

 

 

 

[:]

Email

Posted in General, Notices, Security | Comments Off on [:en]Zoom not recommended for meetings[:af]ZOOM nie aanbeveel vir vergaderings[:]

[:en]Phishing attack from compromised staff account with attached “Secure Message”[:]

Wednesday, May 6th, 2020

[:en]

With most students and personnel all working from home during the national lockdown, and with the reduced security (and watchfulness) of home computers and personnel/students in their home environment, and with many forced to use unfamiliar means of communication and collaboration like Teams, Zoom, Skype and Skype For Business, the environment is ripe for exploitation by phishers.

The following e-mail (with an infected attachment) is making its rounds at the moment from  a staff email.

If you get an email that look like the following do not open or respond to it. It is quite likely that the personnel doesn’t even know his account is compromised.

Please be careful when opening up attachments “sent” by colleagues especially if they are unannounced or the e-mail makes you feel a bit suspicious. Always trust your instincts.

[:]

Email

Tags:
Posted in E-mail, News, Security | Comments Off on [:en]Phishing attack from compromised staff account with attached “Secure Message”[:]

[:en]“Sextortion” scams[:]

Tuesday, April 28th, 2020

[:en]

There has been a resurgence of “sextortion” phishing scams recently but with a slight twist.

“Extortion phishing” or “sextortion” is an aggressive form of a phishing attack that targets potential victims in an e-mail demanding bitcoin in exchange for a promise of non-disclosure of an alleged sexual offence.

The aim of these sextortion e-mails is clear – to force their intended victims to pay up for their silence, or the footage will be shared on social networks. Ultimately this is a typically insidious scam that could easily snare an unsuspecting user.

This variant however has an added twist, in that the phishing scammers are displaying a stolen password (from other websites) that their victims use, to grab their victim’s attention.

It is usually those other websites (e,g,. hotmail, Instagram, Paycity or Facebook) that hackers use to gain access to our data, so changing those passwords are very important.

As in the example below we received earlier this week:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Several students and personnel say that they have also received similar phishing e-mails, and that password that they had used were displayed in the subject line. They were all concerned that their network account was under attack.

If you receive such a mail, there is little danger to you UNLESS you

  1. respond to the sender
  2. still use that same password for other non-university accounts and use a variation of that password.

If it is an old password that they are displaying, then the danger to you is relatively small, but if you are still using it on a different website or application please change and update immediately.

[ARTICLE BY DAVID WILES]

[:]

Email

Posted in E-mail, Security | Comments Off on [:en]“Sextortion” scams[:]

[:en]Phishing emails, SMS and WhatApp messages offering payment relief during lock down[:]

Wednesday, April 1st, 2020

[:en]

A new potential threat has emerged as we enter the 2nd week of the national lock down and facing the beginning of the new month with bills  to be paid.

Phishers are already targeting the South African public with so-called COVID-19 phishing scams, attaching malware infected attachments and encouraging victims to click on a link to download “important information about the COVID-19 pandemic”.

However this week’s scam involves emails, SMS and WhatsApp messages being sent with information about “Payment Relief” from South African banks.

While it is true that most major South African banks are offering payment relief measures to their customers, phishing scammers have grasped this opportunity and adapted their tactics to send emails with content like the following:

“Dear Valued Customer,

“At ABSA Bank, we realise that this is a difficult time for our customers and businesses whose financial means are being negatively affected. After careful consideration and engagements with The Minister of Finance the, Hon. Tito Titus Mboweni, we are pleased to offer you, as a valued customer, a once-off access to a comprehensive relief programme. Please click on the following link to see if you qualify for payment relief.

VERIFY YOUR ACCOUNT

This is a once-off offer made to selected customers and will close at midnight on 2 April 2020.”

This is one such e-mail, but similar scams with forged identities from other South African banks, as well as Whatsapp and SMS messages will also surface. Note the specific deadline and the call to verify your account. Your bank won’t ever ask you to verify your account by email and certainly won’t give you a day to make such a decision. 

If you need to make use of a relief programme, rather contact your bank directly than reply to an online message. 

Here is a collection of the current verified details for payment relief from South Africa’s 4 major banks:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 [ARTICLE BY DAVID WILES]

[:]

Email

Posted in E-mail, Notices, Security | Comments Off on [:en]Phishing emails, SMS and WhatApp messages offering payment relief during lock down[:]

[:en]Phishing email with subject “SUNCOM”[:af]Phishing-poging met die onderwerp “SUNCOM” [:]

Wednesday, February 5th, 2020

[:en]

An email from a sun.ac.za address with the subject “SAFECOM – 5 / FEBRUARY / 2020” has been sent to staff and students. The email asks you to open a message received from “SUNCOM” (also see image below)

This is not a legitimate email, but a phishing attempt which will lead you to a fake website.

By clicking on links and providing your information, you give criminals access to your personal information and your accounts. If you think your account or device has been compromised or you notice suspicious activity:

  • Immediately change your password on www.sun.ac.za/password.
  • Contact the IT Service Desk by logging a request or calling 808 4367.
  • More information is available on our blog and Twitter.

[:af]

’n E-pos vanaf `n sun.ac.za adres met die onderwerp “SAFECOM – 5 / FEBRUARY / 2020” is aan personeel en studente versend. Die e-pos vra dat jy op ʼn skakel kliek om `n boodskap van “SAFECOM” te lees. (sien ook voorbeeld onder)

Hierdie is nie ’n geldige e-pos nie, maar ’n strikroofpoging wat jou sal lei na ’n vals webadres.

Deur op skakels in strikroof e-posse te kliek en jou inligting te verskaf, gee jy aan misdadigers toegang tot jou persoonlike inligting en rekeninge. Indien jy vermoed dat jou rekening of toestel gekompromitteer is of jy agterdogtige aktiwiteite oplet:

  • Verander dadelik jou wagwoord by www.sun.ac.za/password.
  • Kontak die IT Dienstoonbank deur ʼn versoek aan te meld of 808 4367 te skakel.
  • Meer inligting is beskikbaar op ons blog en Twitter.

[:]

Email

Tags:
Posted in General, Security | Comments Off on [:en]Phishing email with subject “SUNCOM”[:af]Phishing-poging met die onderwerp “SUNCOM” [:]

« Older Entries
Newer Entries »