Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

Security

« Older Entries
Newer Entries »

Another phishing scam – this time from an university account

Tuesday, February 25th, 2014

Below is an example of an phishing scam that has been sent out seemingly by a legitimate University-based e-mail account. Unfortunately this time, the e-mail message has been sent to other institution’s addresses and the university is being wrongly criticised for “allowing” this.

Remember: The only purpose of a phishing scam is to get victims to provide their personal information and thereby gain access and control of passwords, bank account numbers and personal details.

Information Technology will be investigating this incident but keep this in mind:

  1. Many times an automatic program is used to “spoof” or forge a phony e-mail address to disguise the real sender The address is often pulled from a database of “stolen addresses”.
  2. This university e-mail account owner might be a victim themselves of a phishing scam, and have provided their details to scammers, resulting in their address or computer being “hijacked” by the phishers.
  3. In some cases an e-mail address owner is employed by the phishers to operate and send out phishing mails on their behalf with the promise of earning money for their services. (Earn $10 000 per month and work from home) in this case it is unlikely, but nevertheless a risk. 

In the screen grab below note the “honeypot”:

…There is no Subject line

…It seems to come from a university employee but the reply to address is some other address

…It promises that you have won a large amount of money. That always attracts people.

spam

 

[ARTICLE BY DAVID WILES]

 

 

 

Email

Posted in Communication, E-mail, Security | Comments Off on Another phishing scam – this time from an university account

Honey pots – trapping hackers

Thursday, November 28th, 2013

Apparently bears find honey irresistible and in the same way hackers can’t resist the challenge to gain access to a computer or system.

A  Honey pot is a computer system set up as a trap for hackers, crakers and scriptkiddies trying to gain unauthorised access to other people or a company’s computers or systems.  The trap is set up to detect, deflect and counteract unlawful usage of information systems.

The trap consists of a computer, data or a network site with valuable information for hackers and crackers. It appears to be part of a network, but in fact, runs completely isolated and is monitored and discreetly regulated.

Maintenance of a honey pot requires a large amount of attention and won’t necessarily guarantee a successful outcome. In some case it will only serve as a learning experience and hackers won’t necessarily be cornered.

A network of these traps set up in a production environment, is called a  honeynet. The term originated in 1999 from a paper by Lance Spitzner, founder of the Honeynet Project, called To build a Honeypot. (Read Spitzner’s interesting article here)

[SOURCES: http://searchsecurity.techtarget.com & www.wikipedia.org]

Email

Posted in Security | Comments Off on Honey pots – trapping hackers

PC in need of slimming down?

Friday, November 15th, 2013

Thought it’s only you who felt the need to lose weight after last night’s McDonald’s happy meal? Your computer feels the same way, but for different reasons.

We’d like to introduce you to another new tech term – bloatware.

Manufacturers, such as Dell or Lenovo, install unnecessary software along with Windows on their PCs.

This includes trial antivirus packages or nagware which mostly runs when you boot your pc and therefore slows down it’s performance dramatically. Manufacturers are in some cases paid to include software in this way.

Most users only need a small amount of the software loaded on their systems and regard the rest as unnecessary bloat.

A second variation of software bloat occurs when successive versions of a computer programme becomes slower and slower, using more memory or processing power. Your pc might suddenly also have higher hardware requirements than before.

Part of the problem is caused by unwanted and unused software that stays on the PC after initial installation. Even though programmes are uninstalled, some data remains. Over time this unnecessary software not only takes up space on the hard drive, but also uses valuable memory and wastes processing time, causing start up and shut down delays.

Apple iTunes and Microsoft Windows have both been accused of being culprits. Windows 8 has started to address the problem by adding options that allow users to reset and refresh PC’s, but bloatware remains a big problem for Windows PCs. Most PCs sold with Windows still come with added unnecessary software adding clutter and making your computer sluggish.

[SOURCE: www.wikipedia.org & www.howtogeek.com]

Email

Posted in Security | 2 Comments »

Latest phishing mail sent to SU staff

Tuesday, October 29th, 2013

 Please take note that this is not an e-mail sent by Stellenbosch University’s IT department. Do not click on the link or reply, just ignore and delete the message.

 

Dear: Stellenbosch University Email Account User.

This E-mail is sent by System Administrator Email HelpDesk IT Support for notification and email update purposes of your Email Account, all email users are expected to click the link for upgrade to migrate your email account to the new 2013 web mail Server, your are advice to click the below link for upgrade of your email to our new 25GB Mail Quota.

http://fakeaddress.com

This is free and you do not need to Pay for this. Your account will remain active after you have successfully Increase your Mail Quota.

NOTE:If unable to click the link, you are advised to copy and paste it in a new browser, Failure to do so immediately will lead to SUSPENSION OF YOUR ACCOUNT.

Regards,

Mail System Administrator

Copyright 2013 E-mail Account Upgrade.

Email

Posted in E-mail, Security | Comments Off on Latest phishing mail sent to SU staff

Hackers and crackers

Friday, October 18th, 2013

We all remember Lisbeth Salander from the The Girl with the Dragon tattoo movie or Neo in The Matrix – both hackers.

Earlier this week even SU websites were targeted by the 747crew, who used it to proclaim their political and religious convictions. 

But apparently there’s a difference between hackers and crackers. In the context of computer security a hacker is seen as someone who pinpoints the weaknesses in a computer system or network and exploits them. His motivation can be financial gain, a platform for protest or purely because it’s a challenge.

Over time, and partly thanks to the media, the association with the word “hacker” predominantly became a negative one. Eric S. Raymond (author of The New Hacker’s Dictionary) believes that members of the computer underground should be called crackers.  According to R.D. Clifford (2006) a cracker is someone who illegally gained access to a computer with the intent of committing a crime, for example destroying data on a particular system.

 More recently the word hacker has been reclaimed by computer programmers who agree with Raymond that those who hack with criminal intent, should be called a cracker. Several subgroups of this subculture have different approaches and also use different terms to distinguish themselves from others.

A white hat won’t break into a system with malicious intent, but rather to test their own security or for a company manufacturing security software. The term white hat in internet slang refers to an ethical hacker.

A black hat hacker violates computer security for his own benefit. These are the stereotypical characters we see depicted in popular culture, like movies. Black hats break into secure networks to destroy data or to render the network unusable for those who need to access it.

A grey hat surfs the internet and breaks into a system only to notify it’s administrator that it has a security defect and then offer to fix it at a price.

A blue hat assists with the testing of a system before it’s launched to establish it’s weaknesses. Usually he’s not part of a computer security company.

Other terms include a script kiddie (someone who’s not an expert and uses other people’s software to hack) and a neophyte, “n00b”, or “newbie” is a novice who’s still in training.  

Hacktivist is a hacker who misuses technology to convey his social, ideological and political message. The defacement of the SU webpages earlier this week is an example of hactivism.

[SOURCE: www.wikipedia.org]

 

Email

Tags:
Posted in Security | Comments Off on Hackers and crackers

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.