The Northern Spy: gone phishing
TweetFollow Us on Twitter

The Northern Spy: gone phishing

By Rick Sutcliffe

This month's column will be short but not entirely sweet. Following much ado about something in the two columns filed here from WWDC, the Spy has less to say this month, but that is not to suggest it has been a slow time.

WWDC

Upon reflection, the Spy remains convinced that the Swift programming language is a major step forward in developer tools. The language has a slight air of being unfinished, as a few spots (the role of modules, for instance) need a little work. However, he believes developers will be using it and its descendants for a long, long time. Of the other announcements for developers, the Home and Health Kits probably represent the greatest opportunities for making new products, and expanding the Apple ecosystem. These will be very big. You heard it here first.

Hacked

Far too much of the Spy's time afterwards was taken up by fixing vandalism. Under another hat he is the proprietor of WebNameHost, a small web services company offering hosting to authors, Christian ministries, businesses, and resellers. This month, during WWDC, and for the first time ever, his main server was hacked, despite all the security tools painstakingly installed to prevent such. Fortunately for his customers, there was nothing on the server of interest to the intruder. The vandal hijacked the DNS of a few accounts and installed redirects to a phishing site designed to steal bank passwords.

We started getting messages from a supposed Spanish security company telling us of the phishing redirects and inviting us to click on a link to verify--something no one would ever do, for it would be in most cases itself a malware site. We checked, but not carefully enough, for the redirects were more cleverly done than one might expect. As a result, the warnings were not at first believed.

Unfortunately, they were accurate. The Atjeu data centre physical location of the server) suggested that they build a replacement server and I move all the accounts (about one hundred). There seemed little choice, so we agreed. The first replacement candidate was compromised by the same attack even before being handed over. Atjeu started again, this time with the Spy's instructions to install the firewall before attaching it to the net, disable root logon and other measures added (not discussed in detail here for obvious reasons).

Seven more man days of work got (almost) all the software installed and the customers migrated, thought there were a number of minor issues still needing resolution, and the mail scanner lost its database from the old machine, so needs to re-learn what constitutes spam. Heroine of the move: Sarah at ConfigServer, who graciously re-installed the company's packages without additional charge for the second version of the replacement server.

Dubious distinction award to Atjeu--yes they did some heavy listing on our behalf, but no they didn't prevent the first candidate box from being infected by the same vandal, and then got confused, billing for an additional server rather than not for a replacement. Heavy brickbats to the Spy himself for not catching the problem sooner--but would you believe some one who writes to you about phishing sites and signs his name "Fraude"?

The Spy has a pretty good idea how the box was compromised, but will not discuss that here either--no sense giving his reader ideas. However, he offers these recommendations--many of them not relevant to this attack, but...

Never
- click on a link in an email. Type it.
- use FTP or fetch mail insecurely. Always use SFTP.
- give a username or password on an insecure site. Make sure the URL starts with https.
- connect anything to the net without a firewall--hardware, software, or both.
- connect to a router that isn't locked up in a physically secure location. Hard to guarantee, but if you see it just lying around (as they were at WWDC) then complain.
- use a password that contains easy-to-guess information such as your user name, birthdate, address, age, or personal name. Use both upper and lower case, at least one numeral and at least one or two symbols. Change it periodically.

The bottom line:

People who use their knowledge to abuse the net for criminal profit are akin to all other abusers, whether of children, of spouses, or authority, of substances, etc. They care only for self gratification, and have no interest in the concerns of others, no empathy, no morality. For a time, they may escape accountability, but eventually they will face the Judge, and there will be no escape. Meanwhile, the rest of us try to clean up the damage left in the wake of any such who interacts with us.

The rest of the month was spent camping with our sons' families--including five grandchildren aged five and under at the fabulous Shuswap Lake Provincial Park. Highly recommended for the removal of stress. Today (2014 07 03) is a national holiday in our house and comes between Canada's July 1 and the Excited States' July 4. It is the Spy's birthday of course, and he has much for which to give thanks. More next month, likely including comments on some announcements from Apple.

--The Northern Spy

Opinions expressed here are entirely the author's own, and no endorsement is implied by any community or organization to which he may be attached. Rick Sutcliffe, (a.k.a. The Northern Spy) is professor of Computing Science and Mathematics at Canada's Trinity Western University. He has been involved as a member or consultant with the boards of several community and organizations, and participated in developing industry standards at the national and international level. He is a co-author of the Modula-2 programming language R10 dialect. He is a long time technology author and has written two textbooks and nine novels, one named best ePublished SF novel for 2003. His columns have appeared in numerous magazines and newspapers (paper and online), and he's a regular speaker at churches, schools, academic meetings, and conferences. He and his wife Joyce have lived in the Aldergrove/Bradner area of BC since 1972.

Want to discuss this and other Northern Spy columns? Surf on over to ArjayBB.com. Participate and you could win free web hosting from the WebNameHost.net subsidiary of Arjay Web Services. Rick Sutcliffe's fiction can be purchased in various eBook formats from Fictionwise, and in dead tree form from Amazon's Booksurge.

URLs for Rick Sutcliffe's Arjay Enterprises:
The Northern Spy Home Page: http://www.TheNorthernSpy.com
opundo : http://opundo.com
Sheaves Christian Resources : http://sheaves.org
WebNameHost : http://www.WebNameHost.net
WebNameSource : http://www.WebNameSource.net
nameman : http://nameman.net

General URLs for Rick Sutcliffe's Books:
Author Site: http://www.arjay.ca
Publisher's Site: http://www.writers-exchange.com/Richard-Sutcliffe.html
The Fourth Civilization--Ethics, Society, and Technology (4th 2003 ed.): http://www.arjay.bc.ca/EthTech/Text/index.html
URLs for items mentioned in this column
WWDC: https://developer.apple.com/wwdc/
ConfigServer: https://http://configserver.com/
Atjeu: https://ssl.atjeu.com/

 
AAPL
$111.01
Apple Inc.
+1.60
MSFT
$46.98
Microsoft Corpora
+1.24
GOOG
$509.20
Google Inc.
+4.31

MacTech Search:
Community Search:

Software Updates via MacUpdate

BBEdit 11.0.2 - Powerful text and HTML e...
BBEdit is the leading professional HTML and text editor for the Mac. Specifically crafted in response to the needs of Web authors and software developers, this award-winning product provides a... Read more
ExpanDrive 4.2.1 - Access cloud storage...
ExpanDrive builds cloud storage in every application, acts just like a USB drive plugged into your Mac. With ExpanDrive, you can securely access any remote file server directly from the Finder or... Read more
Adobe After Effects CC 2014 13.2 - Creat...
After Effects CC 2014 is available as part of Adobe Creative Cloud for as little as $19.99/month (or $9.99/month if you're a previous After Effects customer). After Effects CS6 is still available... Read more
Command-C 1.1.7 - Clipboard sharing tool...
Command-C is a revolutionary app which makes easy to share your clipboard between iOS and OS X using your local WiFi network, even if the app is not currently opened. Copy anything (text, pictures,... Read more
Tidy Up 4.0.2 - Find duplicate files and...
Tidy Up is a complete duplicate finder and disk-tidiness utility. With Tidy Up you can search for duplicate files and packages by the owner application, content, type, creator, extension, time... Read more
Typinator 6.3 - Speedy and reliable text...
Typinator turbo-charges your typing productivity. Type a little. Typinator does the rest. We've all faced projects that require repetitive typing tasks. With Typinator, you can store commonly used... Read more
GraphicConverter 9.5 - Graphics editor w...
GraphicConverter is an all-purpose image-editing program that can import 200 different graphic-based formats, edit the image, and export it to any of 80 available file formats. The high-end editing... Read more
Toast Titanium 12.0.1 - The ultimate med...
Toast Titanium goes way beyond the very basic burning in the Mac OS and iLife software, and sets the standard for burning CDs, DVDs, and now Blu-ray discs on the Mac. Create superior sounding audio... Read more
QuickBooks 2015 16.0.2.1422 R3 - Financi...
Save 20% on QuickBooks Pro for Mac today through this special discount link QuickBooks Pro 2013 helps you manage your business easily and efficiently. Organize your finances all in one place, track... Read more
Remotix 3.0.6 - Access all your computer...
Remotix is a fast and powerful application to easily access multiple Macs (and PCs) from your own Mac. Features: Complete Apple Screen Sharing support - including Mac OS X login, clipboard... Read more

Latest Forum Discussions

See All

Brothers in Arms 3: Sons of War Review
Brothers in Arms 3: Sons of War Review By Jennifer Allen on December 18th, 2014 Our Rating: :: FUN BUT PUSHYUniversal App - Designed for iPhone and iPad Brothers in Arms 3: Sons of War could be great fun, but its plethora of... | Read more »
The Snow is Falling on the French Countr...
The Snow is Falling on the French Countryside of Carcassonne’s Newest Update Posted by Jessica Fisher on December 18th, 2014 [ permalink ] < | Read more »
Creatures Such As We Review
Creatures Such As We Review By Jennifer Allen on December 18th, 2014 Our Rating: :: INTERESTING DISCUSSIONSUniversal App - Designed for iPhone and iPad Taking a more sedate approach to interactive fiction, Creatures Such As We... | Read more »
Stair: Slide the Blocks to Ascend (Game...
Stair: Slide the Blocks to Ascend 1.0 Device: iOS Universal Category: Games Price: $1.99, Version: 1.0 (iTunes) Description: Slide the blocks to ascend! Stair: Slide the Blocks to Ascend | Read more »
Give It Up! (Games)
Give It Up! 1.0 Device: iOS Universal Category: Games Price: $.99, Version: 1.0 (iTunes) Description: GIVE IT UP is a rather hard game where you have to assist this cheerful, singing Blob in jumping through 9 different tracks.So far... | Read more »
The Drive : Devil's Run (Games)
The Drive : Devil's Run 1.0 Device: iOS Universal Category: Games Price: $.99, Version: 1.0 (iTunes) Description: ON THE ROAD AGAIN! The Drive - Devil’s Run is classic point to point style racing game that pays homage to the classics... | Read more »
Procreate Pocket (Entertainment)
Procreate Pocket 1.01 Device: iOS iPhone Category: Entertainment Price: $2.99, Version: 1.01 (iTunes) Description: Create - anytime, anywhere. Made by the developers of the award-winning Procreate® for iPad®, Procreate Pocket™ allows... | Read more »
IRON FINGER - Mini Games Championship (...
IRON FINGER - Mini Games Championship 1.0 Device: iOS Universal Category: Games Price: $1.99, Version: 1.0 (iTunes) Description: Quick to play, easy to learn yet hard to master.. TAP, SWIPE & TILT your way through mini games that... | Read more »
Pentaction: Medieval (Games)
Pentaction: Medieval 1.0 Device: iOS Universal Category: Games Price: $1.99, Version: 1.0 (iTunes) Description: Pentaction: Medieval is a turn-based strategy board-game about chance and skill on the battlefield. Take control of your... | Read more »
Hipstify Review
Hipstify Review By Jennifer Allen on December 17th, 2014 Our Rating: :: COOL FILTERSUniversal App - Designed for iPhone and iPad Add filters, quotes, and fancy frames to your images, thanks to Hipstify.   | Read more »

Price Scanner via MacPrices.net

KMI MIDI K-Board Great Gift for Amateur &...
The K-Board is a MIDI Nano keyboard for music creation for iPad, Android, And computers; the easiest way to make music with iPads & Android tablets, and Mac, Windows, or Linux computers. Ultra-... Read more
Amazon offers 15-inch 2.2GHz Retina MacBook P...
 Amazon.com has the 15″ 2.2GHz Retina MacBook Pro on sale for $1699 including free shipping. Their price is $300 off MSRP. Stock is limited, so act now if you’re interested. Read more
Holiday sales continue: MacBook Pros for up t...
 B&H Photo has new MacBook Pros on sale for up to $300 off MSRP as part of their Holiday pricing. Shipping is free, and B&H charges NY sales tax only: - 15″ 2.2GHz Retina MacBook Pro: $1699... Read more
Google Search App For iOS Gets A Major Makeov...
Google has given iOS users an early Christmas present with a substantial update of it’s not-very-often-upgraded Google Search app. Google Search has been my go-to tool for Web searches since it was... Read more
ShopKeep Apple Pay And Chip Card Reader Avail...
ShopKeep, a cloud-based technology provider to more than 10,000 small business owners to manage retail shops and restaurants with iPads, has released its new Apple Pay and chip card reader. This... Read more
Holiday sale! 27-inch 5K iMac for $2299, save...
 B&H Photo has the 27″ 3.5GHz 5K iMac in stock today and on sale for $2299 including free shipping plus NY sales tax only. Their price is $200 off MSRP, and it’s the lowest price available for... Read more
Holiday Sale! 3.7GHz Quad Core Mac Pro availa...
 B&H Photo has the 3.7GHz Quad Core Mac Pro on sale for $2599 including free shipping plus NY sales tax only. Their price is $400 off MSRP, and it’s the lowest price for this model from any... Read more
iPhone 6 Number 3 Canadian Google Search Of 2...
CTVNews.ca reports that Apple’s iPhone 6 was the third highest-trending Google Canada search topic of 2014, exceeded only by Robin Williams largely after his death by suicide in August, and the FIFA... Read more
New iPad mini 3 Counter-Top & Wall Mount...
newMacgadgets has announced new secure all-acrylic displays for the iPad mini 3 (also works fine with the mini 2, last year’s iPad mini With Retina Display, and the original iPad mini). The new iPad... Read more
Holiday sales continue, MacBook Airs for up t...
B&H Photo has 2014 MacBook Airs on sale for up to $120 off MSRP, for a limited time, for the Thanksgiving/Christmas Holiday shopping season. Shipping is free, and B&H charges NY sales tax... Read more

Jobs Board

*Apple* Retail - Multiple Positions (US) - A...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
*Apple* Retail - Multiple Positions (US) - A...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
*Apple* Retail - Multiple Positions (US) - A...
Job Description: Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, Read more
*Apple* Retail - Multiple Positions (US) - A...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
Project Manager / Business Analyst, WW *Appl...
…a senior project manager / business analyst to work within our Worldwide Apple Fulfillment Operations and the Business Process Re-engineering team. This role will work Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.