Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

Security

« Older Entries
Newer Entries »

LAVA tablets not approved by SU

Thursday, May 30th, 2013

Over the past few days Lava, a company based in India, has been soliciting students of Stellenbosch University, trying to sell their tablets.

According to the company, Stellenbosch University approved the sale of their tablets to students. This is completely false. Stellenbosch University has no
knowledge of any correspondence or contract with Lava to sell their tablets.

As tempting as it may seem to buy a very cheap tablet from the company, please do not supply them with your personal or bank details when asked or conduct any business with them.

Your security and personal information is of the utmost importance to us. We will never give any personal information, including contact details of our students to ANY company for soliciation purposes.

If you have been contacted and have any information, please contact Ilse de Kock (idk@sun.ac.za).

Email

Posted in Security | Comments Off on LAVA tablets not approved by SU

Access control on SU and private devices

Friday, April 26th, 2013

With choice and freedom, inevitably comes some guidelines, rules or policies. This is also the case with the university’s  approach to the usage of electronic equipment, such as laptops, phones and tablets in the near future.

Due to our ever changing technological landscape Information Technology recently saw the need to  compile a policy to act as a guide for the use of SU and private devices. (Read our previous article on BYOD.)

Then End-user equipment and media policy establishes rules for the appropriate use of end-user equipment and media in the Stellenbosch University environment in order to protect the confidentiality and the integrity of academic and institutional information and applications as well as the availability of services at the University. It specifies the University and individual user responsibilities for processing, managing, and securing academic and institutional information on University and privately owned equipment (devices) and media.

These guidelines apply to all staff, students and associates who access the University network and information that relates to University owned or privately owned end-user equipment that will be used to connect to, access and/or process academic and institutional information.

This week we’ll look at the measures that have to be taken when it comes to access control to devices.

Prior to initial use via a physical connection to the University internal network or related infrastructure, all end-user equipment (with the exception of devices that are used to connect via Virtual Private Network (VPN)) must be registered with University Information Technology (IT) Division.

The IT Organisation reserves the right to:

– Refuse, by physical and non-physical means, the ability to connect privately owned or non-sanctioned end-user equipment to the University Network. The IT Organisation will engage in such action if it feels such equipment is being, or may be, used in a way that puts the University’s systems, information or users at risk.

– Summarily ban the use of a privately owned end-user device at any time. The IT Organisation need not provide a reason for doing so, as protection of the University Network and information is of the highest priority.

– Physically disable communication ports (such as Universal Serial Bus (USB) ports, other ports that can connect to storage devices or media) on University-owned IT assets to limit physical and virtual access to University systems and information.

– Users who wish to connect privately owned or non-sanctioned end-user equipment to the University Network to gain access to University applications or information and/or the Internet must implement, for their devices and related infrastructure, appropriate and up-to-date:

* personal firewall;

* anti-virus software;

* anti-malware software;

* any other security measure deemed necessary by the IT Organisation;

* operating systems (e.g. Microsoft Windows, Android, Apple iOS, etc.) and operating system updates.

– Users must implement physical security practices to prevent the theft or loss of end-user equipment and media, especially mobile devices, and academic and institutional information, including:

– If it is absolutely necessary to leave a portable device unattended, it should be secured with a cable lock or similar security device,

– Ensure that portable devices are not visible when left in a vehicle. If portable devices are left unattended in a vehicle it is recommended that they be locked in the boot.

– Lock portable devices away when not in use.

– Portable end-user media or devices which contain confidential academic and institutional information must be protected by an access control mechanism (e.g. password, biometric, PIN code or pattern lock, etc.). If the latter is not possible, access to data files on these devices or media, must be protected by an access control mechanism. Devices that are unprotected by an access control mechanism may not hold confidential1 academic and institutional information.

Email

Posted in Connectivity, Security | Comments Off on Access control on SU and private devices

ABSA phishing now also in Afrikaans!

Tuesday, March 19th, 2013

Just because an e-mail from a “bank” is sent to you and it is in perfect Afrikaans, don’t be fooled into thinking it is legitimate.

The following e-mail was sent to a number of South African addresses and is a very clever and convincing attempt to obtain users banking details and PIN codes. What is frightening about this mail is that it is written in near-perfect Afrikaans and would fool most people including myself – if I weren’t so paranoid.

Take a look at the following mail message. It looks very convincing but some spelling mistakes give it away but are not easily seen!

Subject: Absa Kredietkaart Rekening Staat -Fooi Afgetrek

absa-afrikaanse phishing

There is an attached .html file (a web page) which immediately should tell you that something is wrong.

Here is what the web page looks like:

absa-afrikaanse phishing2

On closer inspection of the webpage coding reveals that this is a phishing scam run by a syndicate whose servers are currently in Italy.

  • If you use this page to type in your Account number, PIN code and password, you will have given the criminals free and open access to your bank account (if you were with ABSA)
  • ABSA, or any bank, would never send you e-mail containing links and ask you to click on that link to verify ANY personal information, especially account numbers or PIN codes.
  • Embedded html pages would never be included because they can be easily compromised (like this one)
  • Don’t be fooled by alarming subjects like “Fooi Afgetrek”, “Security Upgrade”, “Illegal Access to your account” or if the mail is in Afrikaans!

(INFORMATION SUPPLIED BY DAVID WILES)

Email

Tags:
Posted in E-mail, Security | Comments Off on ABSA phishing now also in Afrikaans!

Beware of SIM card swap fraud

Friday, February 22nd, 2013

 

Although it is a known scam, when it hits one of your colleagues, it makes you aware that there are very real dangers out there. A SIM card swap fraud occurs when criminals obtain and utilise a replacement SIM card to acquire security messages and one-time passwords (OTP) sent to you by the bank. Using the OTP, criminals are able to change, add beneficiaries and transfer money out of your account using your personal information that they would have obtained through phishing. One of our colleagues lost R20 000 over the holidays and asked us to warn other staff as well:

How does a SIM swap scam work?

  • The SIM swap takes place after the fraudsters have received a your bank logon details as a result of the you responding to, for example, a Phishing e-mail. (this is why phishing e-mails are so dangerous and you should never ever respond or click on links contained in these phishing e-mails.)
  • Once the fraudsters have the your cell phone number and other personal information, the fraudster can pose as you, requesting a new SIM card from a cellular service provider.
  • The cellular service provider transfers the your SIM card identity to the new SIM card, cancelling your old SIM card in the process.
  • The result is that there is no signal on the old SIM card, which means the you cannot receive / make phone calls or send SMS messages. (This ought to be the first sign of something wrong, so if you get  “SIMCARD INVALID” error on your cell phone)
  • The SMS authorisation reference number, which is normally sent to the client, reaches the fraudster instead of you, the legitimate owner, and the fraudster is able to make once-off payments and create beneficiaries fraudulently

What should I do if I suspect an unlawful SIM swap?

  • If you fall prey to an unlawful SIM swap, or suspect that you have, contact your cellular service provider for assistance.
  • Also contact the internet banking helpdesk to request that your internet banking access be suspended with immediate effect. This will prevent fraudsters from gaining access and transacting on your accounts.

What can I do to prevent SIM swap fraud?

  • Protect your information – all your information.
  • Do not disclose your ID number on websites unless you have verified the legitimacy of the site. The bank already knows your ID number and will not require you to give it to us again.
  • Do not disclose your cell number on websites unless you have verified the legitimacy of the site. Phishing sites often request for information such as ID Number, email address and email address password, physical address, etc.
  • Always make sure that your contact details on Internet banking are valid and correct. You know when your details have changed, so when you are ready, you can update the information on Internet banking or at a local bank branch.

[INFORMATION SUPPLIED BY DAVID WILES]

 

Email

Tags: , ,
Posted in Communication, Security | Comments Off on Beware of SIM card swap fraud

Keep your cell phone secure

Friday, February 22nd, 2013

These days your smartphone is just as powerful as your laptop or pc a few years back. You store more personal and work information on your device and it’s always connected to the internet.

It’s exactly this convenience that puts you as a smartphone user at risk. Cooltech, iAfrica’s tech section, has a few ideas to minimise risk and ensure your personal information stays, well, personal and safe from malware and cybercriminals and other security risks.

Set up a password

Your first line of defense is to simply set up a password on your phone. Most cellphone providers allow you to type in a pin number each time you switch on your phone or after a period on inactivity.

Install security software

Since smart phones are no longer just for storing phone numbers and sms’s, but also bankdetails, they’re also an easy and perfect target for cybercriminals.

Consider installing anti virus software to protect your device against malware. F-Secure, Norton and other large security software vendors each have their own version for the main smartphone platforms.

Activate the remote wipe function

The biggest risk is the the theft or loss of your device. Rather than worry about a stranger snooping through your information, activate the remore wipe function.

This function will allow you, by means of an internet connection, to delete your photos, business contacts and e-mails when you suspect you might not be able to recover your phone.

Some manufacturers like BlackBerry and Apple offer the remote wipe function and location applications for their latest devices, while third party applications are available for other platforms.

Download safe and approved applications

The temptation to download a free, unofficial application on your iPhone or Android instead of purchasing one through iStore, is big, but do you really want to take the risk and expose your phone to malware.  Rather stick legitimate sources where proper quality control is done and applications don’t come with added nasty surprises.

Backup your data

As we’ve already established, a substantial amount of your life is on your smart phone – e-mail, phone contacts, documents, photos and much more. Just as you back up your computer (hopefully!), do the same with your cell phone so you won’t lose everything if you lose your phone.  Many smartphones allow you to make a thorough backup from your device to your pc or at least sync the most important data and settings to an online service.  Many smartphones allow you to make a comprehensive backup of your device to a computer, or to sync your most critical data and settings to an online service.

Email

Tags: ,
Posted in Communication, Connectivity, Security | 2 Comments »

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.