The Northern Spy: gone phishing
TweetFollow Us on Twitter

The Northern Spy: gone phishing

By Rick Sutcliffe

This month's column will be short but not entirely sweet. Following much ado about something in the two columns filed here from WWDC, the Spy has less to say this month, but that is not to suggest it has been a slow time.

WWDC

Upon reflection, the Spy remains convinced that the Swift programming language is a major step forward in developer tools. The language has a slight air of being unfinished, as a few spots (the role of modules, for instance) need a little work. However, he believes developers will be using it and its descendants for a long, long time. Of the other announcements for developers, the Home and Health Kits probably represent the greatest opportunities for making new products, and expanding the Apple ecosystem. These will be very big. You heard it here first.

Hacked

Far too much of the Spy's time afterwards was taken up by fixing vandalism. Under another hat he is the proprietor of WebNameHost, a small web services company offering hosting to authors, Christian ministries, businesses, and resellers. This month, during WWDC, and for the first time ever, his main server was hacked, despite all the security tools painstakingly installed to prevent such. Fortunately for his customers, there was nothing on the server of interest to the intruder. The vandal hijacked the DNS of a few accounts and installed redirects to a phishing site designed to steal bank passwords.

We started getting messages from a supposed Spanish security company telling us of the phishing redirects and inviting us to click on a link to verify--something no one would ever do, for it would be in most cases itself a malware site. We checked, but not carefully enough, for the redirects were more cleverly done than one might expect. As a result, the warnings were not at first believed.

Unfortunately, they were accurate. The Atjeu data centre physical location of the server) suggested that they build a replacement server and I move all the accounts (about one hundred). There seemed little choice, so we agreed. The first replacement candidate was compromised by the same attack even before being handed over. Atjeu started again, this time with the Spy's instructions to install the firewall before attaching it to the net, disable root logon and other measures added (not discussed in detail here for obvious reasons).

Seven more man days of work got (almost) all the software installed and the customers migrated, thought there were a number of minor issues still needing resolution, and the mail scanner lost its database from the old machine, so needs to re-learn what constitutes spam. Heroine of the move: Sarah at ConfigServer, who graciously re-installed the company's packages without additional charge for the second version of the replacement server.

Dubious distinction award to Atjeu--yes they did some heavy listing on our behalf, but no they didn't prevent the first candidate box from being infected by the same vandal, and then got confused, billing for an additional server rather than not for a replacement. Heavy brickbats to the Spy himself for not catching the problem sooner--but would you believe some one who writes to you about phishing sites and signs his name "Fraude"?

The Spy has a pretty good idea how the box was compromised, but will not discuss that here either--no sense giving his reader ideas. However, he offers these recommendations--many of them not relevant to this attack, but...

Never
- click on a link in an email. Type it.
- use FTP or fetch mail insecurely. Always use SFTP.
- give a username or password on an insecure site. Make sure the URL starts with https.
- connect anything to the net without a firewall--hardware, software, or both.
- connect to a router that isn't locked up in a physically secure location. Hard to guarantee, but if you see it just lying around (as they were at WWDC) then complain.
- use a password that contains easy-to-guess information such as your user name, birthdate, address, age, or personal name. Use both upper and lower case, at least one numeral and at least one or two symbols. Change it periodically.

The bottom line:

People who use their knowledge to abuse the net for criminal profit are akin to all other abusers, whether of children, of spouses, or authority, of substances, etc. They care only for self gratification, and have no interest in the concerns of others, no empathy, no morality. For a time, they may escape accountability, but eventually they will face the Judge, and there will be no escape. Meanwhile, the rest of us try to clean up the damage left in the wake of any such who interacts with us.

The rest of the month was spent camping with our sons' families--including five grandchildren aged five and under at the fabulous Shuswap Lake Provincial Park. Highly recommended for the removal of stress. Today (2014 07 03) is a national holiday in our house and comes between Canada's July 1 and the Excited States' July 4. It is the Spy's birthday of course, and he has much for which to give thanks. More next month, likely including comments on some announcements from Apple.

--The Northern Spy

Opinions expressed here are entirely the author's own, and no endorsement is implied by any community or organization to which he may be attached. Rick Sutcliffe, (a.k.a. The Northern Spy) is professor of Computing Science and Mathematics at Canada's Trinity Western University. He has been involved as a member or consultant with the boards of several community and organizations, and participated in developing industry standards at the national and international level. He is a co-author of the Modula-2 programming language R10 dialect. He is a long time technology author and has written two textbooks and nine novels, one named best ePublished SF novel for 2003. His columns have appeared in numerous magazines and newspapers (paper and online), and he's a regular speaker at churches, schools, academic meetings, and conferences. He and his wife Joyce have lived in the Aldergrove/Bradner area of BC since 1972.

Want to discuss this and other Northern Spy columns? Surf on over to ArjayBB.com. Participate and you could win free web hosting from the WebNameHost.net subsidiary of Arjay Web Services. Rick Sutcliffe's fiction can be purchased in various eBook formats from Fictionwise, and in dead tree form from Amazon's Booksurge.

URLs for Rick Sutcliffe's Arjay Enterprises:
The Northern Spy Home Page: http://www.TheNorthernSpy.com
opundo : http://opundo.com
Sheaves Christian Resources : http://sheaves.org
WebNameHost : http://www.WebNameHost.net
WebNameSource : http://www.WebNameSource.net
nameman : http://nameman.net

General URLs for Rick Sutcliffe's Books:
Author Site: http://www.arjay.ca
Publisher's Site: http://www.writers-exchange.com/Richard-Sutcliffe.html
The Fourth Civilization--Ethics, Society, and Technology (4th 2003 ed.): http://www.arjay.bc.ca/EthTech/Text/index.html
URLs for items mentioned in this column
WWDC: https://developer.apple.com/wwdc/
ConfigServer: https://http://configserver.com/
Atjeu: https://ssl.atjeu.com/

 
AAPL
$102.13
Apple Inc.
+1.24
MSFT
$44.87
Microsoft Corpora
-0.14
GOOG
$571.00
Google Inc.
-6.86

MacTech Search:
Community Search:

Software Updates via MacUpdate

Viber 4.2.2 - Send messages and make cal...
Viber lets you send free messages and make free calls to other Viber users, on any device and network, in any country! Viber syncs your contacts, messages and call history with your mobile device,... Read more
Cocktail 7.6 - General maintenance and o...
Cocktail is a general purpose utility for OS X that lets you clean, repair and optimize your Mac. It is a powerful digital toolset that helps hundreds of thousands of Mac users around the world get... Read more
LaunchBar 6.1 - Powerful file/URL/email...
LaunchBar is an award-winning productivity utility that offers an amazingly intuitive and efficient way to search and access any kind of information stored on your computer or on the Web. It provides... Read more
Maya 2015 - Professional 3D modeling and...
Maya is an award-winning software and powerful, integrated 3D modeling, animation, visual effects, and rendering solution. Because Maya is based on an open architecture, all your work can be scripted... Read more
BBEdit 10.5.12 - Powerful text and HTML...
BBEdit is the leading professional HTML and text editor for the Mac. Specifically crafted in response to the needs of Web authors and software developers, this award-winning product provides a... Read more
Microsoft Office 2011 14.4.4 - Popular p...
Microsoft Office 2011 helps you create professional documents and presentations. And since Office for Mac 2011 is compatible with Office for Windows, you can work on documents with virtually anyone... Read more
TextWrangler 4.5.10 - Free general purpo...
TextWrangler is the powerful general purpose text editor, and Unix and server administrator's tool. Oh, and also, like the best things in life, it's free. TextWrangler is the "little brother" to... Read more
BitTorrent Sync 1.4.72 - Sync files secu...
BitTorrent Sync allows you to sync unlimited files between your own devices, or share a folder with friends and family to automatically sync anything. File transfers are encrypted. Your information... Read more
Cyberduck 4.5.2 - FTP and SFTP browser....
Cyberduck is a robust FTP/FTP-TLS/SFTP browser for the Mac whose lack of visual clutter and cleverly intuitive features make it easy to use. Support for external editors and system technologies such... Read more
Tinderbox 6.0.3 - Store and organize you...
Tinderbox is a personal content management assistant. It stores your notes, ideas, and plans. It can help you organize and understand them. And Tinderbox helps you share ideas through Web journals... Read more

Latest Forum Discussions

See All

Mobile Convolution (Music)
Mobile Convolution 1.0.0 Device: iOS Universal Category: Music Price: $9.99, Version: 1.0.0 (iTunes) Description: | Read more »
Invaders! From Outer Space Review
Invaders! From Outer Space Review By Rob Thomas on August 27th, 2014 Our Rating: :: RETRO NOSTALGIAUniversal App - Designed for iPhone and iPad It’s a shame that Invaders! doesn’t offer deeper gameplay, as this retro-inspired... | Read more »
Spooklands Review
Spooklands Review By Jennifer Allen on August 27th, 2014 Our Rating: :: ONE-TOUCH SHOOTERUniversal App - Designed for iPhone and iPad One-touch simultaneously controls your direction and your weapon in this unique arena shooter.   | Read more »
Heroes of Order & Chaos Add Twitch I...
Heroes of Order & Chaos Add Twitch Integration, New Heroes, and More Posted by Ellis Spice on August 27th, 2014 [ permalink ] | Read more »
Foodie Yama Review
Foodie Yama Review By Jennifer Allen on August 27th, 2014 Our Rating: :: BRIEFLY HOOKSUniversal App - Designed for iPhone and iPad Foodie Yama will draw you in for a brief while, and you’ll never be entirely sure why.   | Read more »
Spotify Connect Turns One, Now Supports...
Spotify Connect Turns One, Now Supports New Devices Posted by Ellis Spice on August 27th, 2014 [ permalink ] Universal App - Designed for iPhone and iPad | Read more »
The Rise of PicsaStock and How You Can M...
We all take plenty of photos, right? That’s the joy of having a reasonably powerful camera in your pocket, thanks to your trusty iPhone and a bevy of similarly useful apps. Wouldn’t it be great to make some money out of those snaps? While your... | Read more »
Appointment With F.E.A.R Review
Appointment With F.E.A.R Review By Jennifer Allen on August 27th, 2014 Our Rating: :: CAMP DELIGHTUniversal App - Designed for iPhone and iPad Ever wanted to be a superhero? Appointment With F.E.A.R is a fine way to live that dream... | Read more »
Indie MOBA ÆRENA’s 2.0 Summer Update Bri...
Indie MOBA ÆRENA’s 2.0 Summer Update Brings New Missions, Skins, and a Champion Posted by Jessica Fisher on August 27th, 2014 [ permalink | Read more »
Ultra Drift Review
Ultra Drift Review By Rob Thomas on August 27th, 2014 Our Rating: :: ULTRA DULLUniversal App - Designed for iPhone and iPad Ultra Drift is fine in concept, but the execution runs head-first into the wall. And so will you. Over and... | Read more »

Price Scanner via MacPrices.net

The iPad’s Real Competitive Challenger (Not S...
It’s been my contention for some time that the iPad is suffering from something of an identity crisis, and I suspect that may be a factor in slackening sales this year. Apple can’t seem to decide... Read more
13-inch 2.6GHz/256GB Retina MacBook Pro on sa...
B&H Photo has the 13″ 2.6GHz/256GB Retina MacBook Pro on sale for $1379 including free shipping plus NY sales tax only. Their price is $120 off MSRP. Read more
Life Inventory iOS Apps – Learn to Know Thyse...
James Hollender’s Life Inventory apps s are now on sale with 20% off thru Labor Day, 09/01/2014. This is a great opportunity to get started on that Moral Inventory you’ve been putting off doing for... Read more
Pocket Watch, LLC. Reveals Cloud Server For P...
Beaumont, Texas based Pocket Watch, LLC. has announced the availability of its new ActivePrint Cloud Server Powered by Raspberry Pi. With this small standalone box almost any USB printer or available... Read more
902it Simplifies Area Code Changes For Nova S...
The east coast Canadian provinces of Nova Scotia and Prince Edward Island are phasing in 10 digit telephone dialing, to be fully in place by November, in order to accommodate a second area code to... Read more
Boomerang iPad Stand Mounts Your iPad Anywher...
Boomerang, a Mountable Stand with Multiple Viewing Angles, is now available for iPad Air. Boomerang combines several functions that aim to expand your iPad’s potential in one, elegant product. The... Read more
Retina MacBook Pros available starting at $10...
The Apple Store has Apple Certified Refurbished 13″ and 15″ MacBook Pros available starting at $929. Apple’s one-year warranty is standard, and shipping is free: - 13″ 2.5GHz MacBook Pros (4GB RAM/... Read more
Apple 27-inch Thunderbolt Display (refurbishe...
The Apple Store has Apple Certified Refurbished 27″ Thunderbolt Displays available for $799 including free shipping. That’s $200 off the cost of new models. Read more
Apple offers free $25 iTunes gift card with p...
The Apple Store is offering a free $25 iTunes Gift Card with the purchase of a $99 Apple TV for a limited time. Shipping is free. Read more
Apple’s 2014 Back to School promotion: $100 g...
 Apple’s 2014 Back to School promotion includes a free $100 App Store Gift Card with the purchase of any new Mac (Mac mini excluded), or a $50 Gift Card with the purchase of an iPad or iPhone,... Read more

Jobs Board

*Apple* Retail - Multiple Positions (US) - A...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
Senior Event Manager, *Apple* Retail Market...
…This senior level position is responsible for leading and imagining the Apple Retail Team's global event strategy. Delivering an overarching brand story; in-store, Read more
*Apple* Solutions Consultant (ASC) - Apple (...
**Job Summary** The ASC is an Apple employee who serves as an Apple brand ambassador and influencer in a Reseller's store. The ASC's role is to grow Apple Read more
Project Manager / Business Analyst, WW *Appl...
…a senior project manager / business analyst to work within our Worldwide Apple Fulfillment Operations and the Business Process Re-engineering team. This role will work Read more
Position Opening at *Apple* - Apple (United...
…customers purchase our products, you're the one who helps them get more out of their new Apple technology. Your day in the Apple Store is filled with a range of Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.