Security « Informasietegnologie

Security

Phishing scam warning: Your Apple Profile Suspension

Monday, November 3rd, 2014

Scammers have trawled the university web pages and perhaps even obtained e-mail addresses via compromised computers within the university, and are using these stolen addresses to create a phishing scam that can be dangerous, if you respond, especially if you have an Apple device and use iCloud etc.

The Subject will be “Your Apple Profile Suspension” (Notice the use of capitals for each word, already a sign that something is not right…)

Below is an example of such a mail. Do not respond to this mail, click on any of the links and fill in any details, on any page you might be directed to. This is a scam and you should firstly add the sender to your Blacklist, blacklist the subject line and consign the mail to your junkmail folder.

Here is the mail with the dangerous stuff filtered out, just in case you like clicking on links!…

From: Apple Accounts [mailto:hackedaddress@sun.ac.za]
Sent: Friday, 31 October 2014 17:36
To: Stolen US Adress, AN <stolenaddress@sun.ac.za>
Subject: Your Apple Profile Suspension

Dear stolenaddress@sun.ac.za

This email is to to inform you we regret to announce you that your Apple Account (stolenaddress@sun.ac.za) has been temporarily locked until we can certify your Apple ID details on file. This security measure to safeguard your iCloud Account from unapproved usage. We apologise for any inconvenience.
How do I validate my Apple ID and unsuspended my Apple ID?
Just click the link below to verify ownership of your Apple ID. Log-in in using your iCloud Account and password, then read the instructions.>> Validate My Apple/iCloud Account

When using Apple devices and services, you’ll still sign in with your usual email account as your Apple login.

If you have questions or want support, visit the Apple ID Support site.

Kind Regards,
Apple Identity Verification

Resolution ID: #H8MND945-ID129

Apple Account | Support | Privacy Policy | Manage Subscriptions

[INFORMATION SUPPLIED BY DAVID WILES]

Posted in E-mail, Security | Comments Off on Phishing scam warning: Your Apple Profile Suspension

What is PoPI or PPI?

Friday, October 24th, 2014

PoPI or PPI is the Protection of Personal Information Act, an act approved by government at the end of 2013. The purpose of this act is to ensure that all South African institutions collect, process, save and share the personal information of entities in a responsible way.

The act deems institutions responsible if any personal information is abused or compromised. This is to your advantage as individual and owner of your personal information and gives you certain rights to be protected and also control of how your information can be used.

But what, according to PoPI, is personal information (PI)?

This is information pertaining to a living, natural person and where applicable an existing juristic person and includes the following:

Race, gender, sex, pregnancy, marital status, national or ethnic origin, colour, sexual orientation, age, physical or mental health, disability, religion, conscience, belief, culture, language and birth of a person;
Education, medical, financial, criminal or employment history;
Biometric information of the person; personal opinions, views or preferences; ID number, student number, e-mail address, physical address, telephone number;
Private or confidential correspondence. PI such as biometric information, medical status, religion, among others, are considered as Special PI (as described in section 26 of the act). Special PI is subject to stricter security measures.

8 informormation protection principles exist in PI according to PoPI. These principles can be illustrated by looking at a few examples within the university context:

PRINCIPLE	DESCRIPTION	EXAMPLE
Accountability	The organisation must ensure that the principles and measures in the Act are complied with.	SU establishes accountability and responsibilities, roles and organisation, policies and procedure to adhere to PoPI’s regulations.
Processing limitation	PI may only be processed in a fair and lawful manner with the consent of individuals.	US may only, for example, process the necessary PI of a prospective student, student and alumni, with the person’s permission.
Purpose specification	PI may only be processed for specific, explicitly defined and legitimate reasons.	Each PI item in an application form should have a specific and legitimate reason to be processed for the purposes of prospective study. “Religious belief” would therefore be questioned.
Further processing limitation	PI may not be processed for a seconday purpose unless that processing is compatible with the original purpose.	PI forming part of research data, processed for a specific research project, may not be used for another research project.
Information quality	The organisation must ensure that PI is accurate, reliable and up=to-date.	The responsibility lies with SU to ensure all PI regarding alumni, students, prospective students, scholars, etc. is accurate and up to date.
Openness	The Regulator and the data subject to be aware that PI is being collected by the organisation.	Potential prospective students have the right to be informed about SU’s intention to process their PI and for which reason.
Security safeguards	PI must be kept secure against the risks of loss, unauthorised access, interference, modification, destruction or disclosure.	The IT Division ensures that all policies, tools and control measures are in place and supplied to users to prevent leakage or unauthorised access to PI.
Data subject participation.	Data subjects may request the correction/deletion of any PI held about them that may be inaccurate or misleading.	This implies that alumni have the right to know what PI SU has of them and request that errors be corrected or that the item(s) be removed.

It is expected that PoPI will be fully promulgated early in 2015 and the University will be given granted 12 months to comply.

The project to comply to PoPI was launched at SU during 2013. Over a period of a year a multi-disciplinary project team, under leadership of mr Ralph Pina, Director: IT (Development) and Mobius Consulting, conducted a gap analysis and developed a road map. This phase has just been completed and the report was submitted last week. The remedial phase will be executed during this coming year.

Posted in General, Security | Comments Off on What is PoPI or PPI?

Lose your cellphone, lose your info

Friday, October 24th, 2014

If you lost your cellphone today, what would a criminal have access to? Your smses? Your banking details? Your private documents saved in your e-mail? Or sensitive work documents even?

And yet, we carry this invaluable information with us every day. We absentmindedly wander around talking in public while we’re within reaching distance of any opportunistic criminal. But there are also other ways to access information on your phone by means of spyware and other suspicious software.

We use our cellphones more and more to organise and plan our lives and at the same time, make ourselves more vulnerable.

However, there are a few measures you can take to ensure you don’t become a victim.

1. PASSWORD OR PIN

This is your most important first line of defense. Without a PIN or password, anyone can get hold of your cellphone, access your e-mail, bank details, sms and personal information.

And Microsoft’s head of online security agrees.”Using a PIN or unique password is the single most important thing to do as a user of a smartphone to protect the device, the data and your reputation.” According to Beauchere the data on your phone is also more recent than the data on your desktop or laptop. This increases the risk even more.

Last year Microsoft conducted a worldwide online survey regarding the usage of PINs. 10 000 desktop and mobile device users from 20 countries took part. Only 28% of these used a PIN on a device.

2.CELLPHONE APPS

Be very careful which apps you download and where you download them from. It’s great having an app to streamline your life or one to entertain you, but weigh the pros and cons against each other.

Even if an app looks nifty, rather download a similar one from renowned app shops like iTunes, Google Play and Amazon. So some research. Read other readers’ comments, how they rate the app and if they experienced any problems with it.

3. DUBIOUS LINKS

According to research people are 3 times more likely to click on a link on their phone than one on their PCs. The fact that the screen is smaller and dubious links not as easily recognised could be the reason. Be suspicious of request for personal information you receive via links in sms, e-mail or social networks. By clicking on them, you run the risk of identity theft.

4. UNPROTECTED WI-FI

When you use an open WI-FI network in coffee shops, malls and other public places you information isn’t securely sent through the air. Any other person can intercept it during transmission. If you have to do banking on your phone or work with sensitive information, rather wait till your at work or home and have access to a secure WI-FI network.

5. SPYWARE

Without a password cyber criminals can load spyware on your phone and track your sms records, e-mails, banking transactions and location. To prevent this from happening, activate a password or PIN on your phone or download an app from a reputable store to scan for and remove spyware and viruses.

If you’d like to read more on cellphone security, wikipedia has extensive information.

[SOURCES: www.rd.com, www.computerworld.com]

Tags: mobile security, security
Posted in E-mail, Security | Comments Off on Lose your cellphone, lose your info

How to be safe on the internet

Friday, October 10th, 2014

In a recent article on Memeburn it was stated that, according to Kaspersky Lab’s report on cyber threats in Africa, “there were over 4.6 million cyber-attacks and malware infections on the computers and mobile devices of users in South Africa in the first quarter of 2014.” If you think you were safe from cyber criminals because they only target countries with higher income levels, you’re wrong.

cone But before you start panicking, there are precautions you can take to ensure you don’t become one of Kaspersky’s statistics.

The best defense against spyware and other unwanted software is not to download it in the first place. Here are a few tips that can help you avoid downloading software that you don’t want –

Download programs only from websites you trust. If you’re not sure whether to trust a program you are considering downloading, enter the name of the program into your favorite search engine to see if anyone else has reported that it contains spyware. Files that end in the extensions .exe or .scr commonly hide malware. However, even files with familiar extensions such as .docx, .xlsx, and .pdf can be dangerous.
Read all security warnings, license agreements, and privacy statements associated with any software you download. Before you install something, consider the risks and benefits of installing it, and be aware of the fine print. For example, make sure that the license agreement does not conceal a warning that you are about to install software with unwanted behaviour.
Never click “Agree” or “OK” to close a window. Instead, click the red “x” in the corner of the window or press Alt + F4 on your keyboard to close a window.
Be wary of popular “free” music and movie file-sharing programs, and be sure you understand all of the software that is packaged with those programs.
Use a standard user account instead of an administrator account on your PC. This will prevent unwanted software from being installed without your knowledge.
Don’t click links on suspicious websites or in email messages. Instead, type the website address directly into your browser, or use bookmarks.
Don’t automatically trust that instant messages, email messages, or messages on social networking websites are from the person they appear to be from. Even if they are from someone you know, contact the person before you click the link to ensure that they intended to send it.

If you think your PC has been infected with unwanted software, do not hesitate to contact us at 808 4367 or helpinfo@sun.ac.za. If you’re unsure whether your PC has been infected, read our article on how to detect malware.

Source: http://www.microsoft.com/security/pc-security/antivirus.aspx

Posted in Security | Comments Off on How to be safe on the internet

What’s wrong with your password?

Friday, October 10th, 2014

Passwords are an important aspect of computer security and your electronic key to the network of Stellenbosch University. But which passwords work best?

Lorrie Faith Cranor is a security researcher and an Associate Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University. In March of this year she presented a TED talk on her study of thousands of real passwords to figure out the surprising, very common mistakes that users — and secured sites — make to compromise security.

Watch her very interesting talk on her research on passwords below. After watching Lorrie’s talk you might also want to change your own password. On how to do that and more password tips, have a look at our wiki or make use of the self help function online.

http://www.ted.com/talks/lorrie_faith_cranor_what_s_wrong_with_your_pa_w0rd

Tags: online security, password
Posted in Security | Comments Off on What’s wrong with your password?

IT links

SU Links

Recent Posts

Categories

Archives