The Northern Spy: gone phishing
TweetFollow Us on Twitter

The Northern Spy: gone phishing

By Rick Sutcliffe

This month's column will be short but not entirely sweet. Following much ado about something in the two columns filed here from WWDC, the Spy has less to say this month, but that is not to suggest it has been a slow time.

WWDC

Upon reflection, the Spy remains convinced that the Swift programming language is a major step forward in developer tools. The language has a slight air of being unfinished, as a few spots (the role of modules, for instance) need a little work. However, he believes developers will be using it and its descendants for a long, long time. Of the other announcements for developers, the Home and Health Kits probably represent the greatest opportunities for making new products, and expanding the Apple ecosystem. These will be very big. You heard it here first.

Hacked

Far too much of the Spy's time afterwards was taken up by fixing vandalism. Under another hat he is the proprietor of WebNameHost, a small web services company offering hosting to authors, Christian ministries, businesses, and resellers. This month, during WWDC, and for the first time ever, his main server was hacked, despite all the security tools painstakingly installed to prevent such. Fortunately for his customers, there was nothing on the server of interest to the intruder. The vandal hijacked the DNS of a few accounts and installed redirects to a phishing site designed to steal bank passwords.

We started getting messages from a supposed Spanish security company telling us of the phishing redirects and inviting us to click on a link to verify--something no one would ever do, for it would be in most cases itself a malware site. We checked, but not carefully enough, for the redirects were more cleverly done than one might expect. As a result, the warnings were not at first believed.

Unfortunately, they were accurate. The Atjeu data centre physical location of the server) suggested that they build a replacement server and I move all the accounts (about one hundred). There seemed little choice, so we agreed. The first replacement candidate was compromised by the same attack even before being handed over. Atjeu started again, this time with the Spy's instructions to install the firewall before attaching it to the net, disable root logon and other measures added (not discussed in detail here for obvious reasons).

Seven more man days of work got (almost) all the software installed and the customers migrated, thought there were a number of minor issues still needing resolution, and the mail scanner lost its database from the old machine, so needs to re-learn what constitutes spam. Heroine of the move: Sarah at ConfigServer, who graciously re-installed the company's packages without additional charge for the second version of the replacement server.

Dubious distinction award to Atjeu--yes they did some heavy listing on our behalf, but no they didn't prevent the first candidate box from being infected by the same vandal, and then got confused, billing for an additional server rather than not for a replacement. Heavy brickbats to the Spy himself for not catching the problem sooner--but would you believe some one who writes to you about phishing sites and signs his name "Fraude"?

The Spy has a pretty good idea how the box was compromised, but will not discuss that here either--no sense giving his reader ideas. However, he offers these recommendations--many of them not relevant to this attack, but...

Never
- click on a link in an email. Type it.
- use FTP or fetch mail insecurely. Always use SFTP.
- give a username or password on an insecure site. Make sure the URL starts with https.
- connect anything to the net without a firewall--hardware, software, or both.
- connect to a router that isn't locked up in a physically secure location. Hard to guarantee, but if you see it just lying around (as they were at WWDC) then complain.
- use a password that contains easy-to-guess information such as your user name, birthdate, address, age, or personal name. Use both upper and lower case, at least one numeral and at least one or two symbols. Change it periodically.

The bottom line:

People who use their knowledge to abuse the net for criminal profit are akin to all other abusers, whether of children, of spouses, or authority, of substances, etc. They care only for self gratification, and have no interest in the concerns of others, no empathy, no morality. For a time, they may escape accountability, but eventually they will face the Judge, and there will be no escape. Meanwhile, the rest of us try to clean up the damage left in the wake of any such who interacts with us.

The rest of the month was spent camping with our sons' families--including five grandchildren aged five and under at the fabulous Shuswap Lake Provincial Park. Highly recommended for the removal of stress. Today (2014 07 03) is a national holiday in our house and comes between Canada's July 1 and the Excited States' July 4. It is the Spy's birthday of course, and he has much for which to give thanks. More next month, likely including comments on some announcements from Apple.

--The Northern Spy

Opinions expressed here are entirely the author's own, and no endorsement is implied by any community or organization to which he may be attached. Rick Sutcliffe, (a.k.a. The Northern Spy) is professor of Computing Science and Mathematics at Canada's Trinity Western University. He has been involved as a member or consultant with the boards of several community and organizations, and participated in developing industry standards at the national and international level. He is a co-author of the Modula-2 programming language R10 dialect. He is a long time technology author and has written two textbooks and nine novels, one named best ePublished SF novel for 2003. His columns have appeared in numerous magazines and newspapers (paper and online), and he's a regular speaker at churches, schools, academic meetings, and conferences. He and his wife Joyce have lived in the Aldergrove/Bradner area of BC since 1972.

Want to discuss this and other Northern Spy columns? Surf on over to ArjayBB.com. Participate and you could win free web hosting from the WebNameHost.net subsidiary of Arjay Web Services. Rick Sutcliffe's fiction can be purchased in various eBook formats from Fictionwise, and in dead tree form from Amazon's Booksurge.

URLs for Rick Sutcliffe's Arjay Enterprises:
The Northern Spy Home Page: http://www.TheNorthernSpy.com
opundo : http://opundo.com
Sheaves Christian Resources : http://sheaves.org
WebNameHost : http://www.WebNameHost.net
WebNameSource : http://www.WebNameSource.net
nameman : http://nameman.net

General URLs for Rick Sutcliffe's Books:
Author Site: http://www.arjay.ca
Publisher's Site: http://www.writers-exchange.com/Richard-Sutcliffe.html
The Fourth Civilization--Ethics, Society, and Technology (4th 2003 ed.): http://www.arjay.bc.ca/EthTech/Text/index.html
URLs for items mentioned in this column
WWDC: https://developer.apple.com/wwdc/
ConfigServer: https://http://configserver.com/
Atjeu: https://ssl.atjeu.com/

 

Community Search:
MacTech Search:

Software Updates via MacUpdate

Fantastical 2.3.6 - Create calendar even...
Fantastical 2 is the Mac calendar you'll actually enjoy using. Creating an event with Fantastical is quick, easy, and fun: Open Fantastical with a single click or keystroke Type in your event... Read more
Creative Kit 1.1 - $149.99
Creative Kit 2016--made exclusively for Mac users--is your ticket to the most amazing images you've ever created. With a variety of powerful tools at your fingertips, you'll not only repair and fine-... Read more
iMazing 2.2.3 - Complete iOS device mana...
iMazing (was DiskAid) is the ultimate iOS device manager with capabilities far beyond what iTunes offers. With iMazing and your iOS device (iPhone, iPad, or iPod), you can: Copy music to and from... Read more
Apple Configurator 2.4 - Configure and d...
Apple Configurator makes it easy to deploy iPad, iPhone, iPod touch, and Apple TV devices in your school or business. Use Apple Configurator to quickly configure large numbers of devices connected to... Read more
WhatRoute 2.0.18 - Geographically trace...
WhatRoute is designed to find the names of all the routers an IP packet passes through on its way from your Mac to a destination host. It also measures the round-trip time from your Mac to the router... Read more
Posterino 3.3.5 - Create posters, collag...
Posterino offers enhanced customization and flexibility including a variety of new, stylish templates featuring grids of identical or odd-sized image boxes. You can customize the size and shape of... Read more
Skim 1.4.28 - PDF reader and note-taker...
Skim is a PDF reader and note-taker for OS X. It is designed to help you read and annotate scientific papers in PDF, but is also great for viewing any PDF file. Skim includes many features and has a... Read more
Apple macOS Sierra 10.12.4 - The latest...
With Apple macOS Sierra, Siri makes its debut on Mac, with new features designed just for the desktop. Your Mac works with iCloud and your Apple devices in smart new ways, and intelligent... Read more
Apple Numbers 4.1 - Apple's spreads...
With Apple Numbers, sophisticated spreadsheets are just the start. The whole sheet is your canvas. Just add dramatic interactive charts, tables, and images that paint a revealing picture of your data... Read more
Xcode 8.3 - Integrated development envir...
Xcode includes everything developers need to create great applications for Mac, iPhone, iPad, and Apple Watch. Xcode provides developers a unified workflow for user interface design, coding, testing... Read more

Power Rangers: Legacy Wars beginner...
Rita Repulsa is back, but this time she's invading your mobile phone in Power Rangers: Legacy Wars. What looks to be a straightforward beat 'em up is actually a tough-as-nails multiplayer strategy game that requires some deft tactical maneuvering.... | Read more »
Hearthstone celebrates the upcoming Jour...
Hearthstone gets a new expansion, Journey to Un'Goro, in a little over a week, and they'll be welcoming the Year of the Mammoth, the next season, at the same time. There's a lot to be excited about, so Blizzard is celebrating in kind. Players will... | Read more »
4 smart and stylish puzzle games like Ty...
TypeShift launched a little over a week ago, offering some puzzling new challenges for word nerds equipped with an iOS device. Created by Zach Gage, the mind behind Spelltower, TypeShift boasts, like its predecessor, a sleak design and some very... | Read more »
The best deals on the App Store this wee...
Deals, deals, deals. We're all about a good bargain here on 148Apps, and luckily this was another fine week in App Store discounts. There's a big board game sale happening right now, and a few fine indies are still discounted through the weekend.... | Read more »
The best new games we played this week
It's been quite the week, but now that all of that business is out of the way, it's time to hunker down with some of the excellent games that were released over the past few days. There's a fair few to help you relax in your down time or if you're... | Read more »
Orphan Black: The Game (Games)
Orphan Black: The Game 1.0 Device: iOS Universal Category: Games Price: $4.99, Version: 1.0 (iTunes) Description: Dive into a dark and twisted puzzle-adventure that retells the pivotal events of Orphan Black. | Read more »
The Elder Scrolls: Legends is now availa...
| Read more »
Ticket to Earth beginner's guide: H...
Robot Circus launched Ticket to Earth as part of the App Store's indie games event last week. If you're not quite digging the space operatics Mass Effect: Andromeda is serving up, you'll be pleased to know that there's a surprising alternative on... | Read more »
Leap to victory in Nexx Studios new plat...
You’re always a hop, skip, and a jump away from a fiery death in Temple Jump, a new platformer-cum-endless runner from Nexx Studio. It’s out now on both iOS and Android if you’re an adventurer seeking treasure in a crumbling, pixel-laden temple. | Read more »
Failbetter Games details changes coming...
Sunless Sea, Failbetter Games' dark and gloomy sea explorer, sets sail for the iPad tomorrow. Ahead of the game's launch, Failbetter took to Twitter to discuss what will be different in the mobile version of the game. Many of the changes make... | Read more »

Price Scanner via MacPrices.net

Is A New 10.5-inch iPad Still Coming In April...
There was no sign or mention of a long-rumored and much anticipated 10.5-inch iPad Pro in Apple’s product announcements last week. The exciting iPad news was release of an upgraded iPad Air with a... Read more
T-Mobile’s Premium Device Protection Now Incl...
Good news for T-Mobile customers who love their iPhones and iPads. The “Un-carrier” has become the first national wireless company to give customers AppleCare Services at zero additional cost as part... Read more
FileWave Ensures Support for Latest Apple OS...
FileWave multi-platform device management providers announced support for Apple’s release yesterday of iOS 10.3, macOS Sierra 10.12.4, and tvOS 11.2. FileWave has a history of providing zero-day... Read more
Use Apple’s Education discount to save up to...
Purchase a new Mac or iPad using Apple’s Education Store and take up to $300 off MSRP. All teachers, students, and staff of any educational institution qualify for the discount. Shipping is free: -... Read more
Apple refurbished Apple Watches available sta...
Apple is now offering Certified Refurbished Series 1 and Series 2 Apple Watches for 14-16% off MSRP, starting at $229. An Apple one-year warranty is included with each watch. Shipping is free: Series... Read more
9-inch 32GB Space Gray iPad Pro on sale for $...
B&H Photo has the 9.7″ 32GB Space Gray Apple iPad Pro on sale for $549 for a limited time. Shipping is free, and B&H charges NY sales tax only. Their price is $50 off MSRP. Read more
13-inch MacBook Airs on sale for $100-$150 of...
B&H Photo has 13″ MacBook Airs on sale for up to $150 off MSRP. Shipping is free, and B&H charges NY sales tax only: - 13″ 1.6GHz/128GB MacBook Air (MMGF2LL/A): $899 $100 off MSRP - 13″ 1.... Read more
13-inch MacBook Airs, Apple refurbished, in s...
Apple has Certified Refurbished 2016 13″ MacBook Airs available starting at $849. An Apple one-year warranty is included with each MacBook, and shipping is free: - 13″ 1.6GHz/8GB/128GB MacBook Air: $... Read more
12-inch Retina MacBooks on sale for $1199, sa...
B&H has 12″ 1.1GHz Retina MacBooks on sale for $100 off MSRP. Shipping is free, and B&H charges NY sales tax only: - 12″ 1.1GHz Space Gray Retina MacBook: $1199 $100 off MSRP - 12″ 1.1GHz... Read more
Save up to $260 with Apple refurbished 12-inc...
Apple has Certified Refurbished 2016 12″ Retina MacBooks available for $200-$260 off MSRP. Apple will include a standard one-year warranty with each MacBook, and shipping is free. The following... Read more

Jobs Board

Fulltime aan de slag als shopmanager in een h...
Ben jij helemaal gek van Apple -producten en vind je het helemaal super om fulltime shopmanager te zijn in een jonge en hippe elektronicazaak? Wil jij werken in Read more
Desktop Analyst - *Apple* Products - Montef...
…technology to improve patient care. JOB RESPONSIBILITIES: Provide day-to-day support for Apple Hardware and Software in the environment based on the team's support Read more
*Apple* Mobile Master - Best Buy (United Sta...
**493168BR** **Job Title:** Apple Mobile Master **Location Number:** 000827-Denton-Store **Job Description:** **What does a Best Buy Apple Mobile Master do?** At Read more
Fulltime aan de slag als shopmanager in een h...
Ben jij helemaal gek van Apple -producten en vind je het helemaal super om fulltime shopmanager te zijn in een jonge en hippe elektronicazaak? Wil jij werken in Read more
*Apple* Mobile Master - Best Buy (United Sta...
**492889BR** **Job Title:** Apple Mobile Master **Location Number:** 000886-Norwalk-Store **Job Description:** **What does a Best Buy Apple Mobile Master do?** Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.