The Northern Spy: gone phishing
TweetFollow Us on Twitter

The Northern Spy: gone phishing

By Rick Sutcliffe

This month's column will be short but not entirely sweet. Following much ado about something in the two columns filed here from WWDC, the Spy has less to say this month, but that is not to suggest it has been a slow time.

WWDC

Upon reflection, the Spy remains convinced that the Swift programming language is a major step forward in developer tools. The language has a slight air of being unfinished, as a few spots (the role of modules, for instance) need a little work. However, he believes developers will be using it and its descendants for a long, long time. Of the other announcements for developers, the Home and Health Kits probably represent the greatest opportunities for making new products, and expanding the Apple ecosystem. These will be very big. You heard it here first.

Hacked

Far too much of the Spy's time afterwards was taken up by fixing vandalism. Under another hat he is the proprietor of WebNameHost, a small web services company offering hosting to authors, Christian ministries, businesses, and resellers. This month, during WWDC, and for the first time ever, his main server was hacked, despite all the security tools painstakingly installed to prevent such. Fortunately for his customers, there was nothing on the server of interest to the intruder. The vandal hijacked the DNS of a few accounts and installed redirects to a phishing site designed to steal bank passwords.

We started getting messages from a supposed Spanish security company telling us of the phishing redirects and inviting us to click on a link to verify--something no one would ever do, for it would be in most cases itself a malware site. We checked, but not carefully enough, for the redirects were more cleverly done than one might expect. As a result, the warnings were not at first believed.

Unfortunately, they were accurate. The Atjeu data centre physical location of the server) suggested that they build a replacement server and I move all the accounts (about one hundred). There seemed little choice, so we agreed. The first replacement candidate was compromised by the same attack even before being handed over. Atjeu started again, this time with the Spy's instructions to install the firewall before attaching it to the net, disable root logon and other measures added (not discussed in detail here for obvious reasons).

Seven more man days of work got (almost) all the software installed and the customers migrated, thought there were a number of minor issues still needing resolution, and the mail scanner lost its database from the old machine, so needs to re-learn what constitutes spam. Heroine of the move: Sarah at ConfigServer, who graciously re-installed the company's packages without additional charge for the second version of the replacement server.

Dubious distinction award to Atjeu--yes they did some heavy listing on our behalf, but no they didn't prevent the first candidate box from being infected by the same vandal, and then got confused, billing for an additional server rather than not for a replacement. Heavy brickbats to the Spy himself for not catching the problem sooner--but would you believe some one who writes to you about phishing sites and signs his name "Fraude"?

The Spy has a pretty good idea how the box was compromised, but will not discuss that here either--no sense giving his reader ideas. However, he offers these recommendations--many of them not relevant to this attack, but...

Never
- click on a link in an email. Type it.
- use FTP or fetch mail insecurely. Always use SFTP.
- give a username or password on an insecure site. Make sure the URL starts with https.
- connect anything to the net without a firewall--hardware, software, or both.
- connect to a router that isn't locked up in a physically secure location. Hard to guarantee, but if you see it just lying around (as they were at WWDC) then complain.
- use a password that contains easy-to-guess information such as your user name, birthdate, address, age, or personal name. Use both upper and lower case, at least one numeral and at least one or two symbols. Change it periodically.

The bottom line:

People who use their knowledge to abuse the net for criminal profit are akin to all other abusers, whether of children, of spouses, or authority, of substances, etc. They care only for self gratification, and have no interest in the concerns of others, no empathy, no morality. For a time, they may escape accountability, but eventually they will face the Judge, and there will be no escape. Meanwhile, the rest of us try to clean up the damage left in the wake of any such who interacts with us.

The rest of the month was spent camping with our sons' families--including five grandchildren aged five and under at the fabulous Shuswap Lake Provincial Park. Highly recommended for the removal of stress. Today (2014 07 03) is a national holiday in our house and comes between Canada's July 1 and the Excited States' July 4. It is the Spy's birthday of course, and he has much for which to give thanks. More next month, likely including comments on some announcements from Apple.

--The Northern Spy

Opinions expressed here are entirely the author's own, and no endorsement is implied by any community or organization to which he may be attached. Rick Sutcliffe, (a.k.a. The Northern Spy) is professor of Computing Science and Mathematics at Canada's Trinity Western University. He has been involved as a member or consultant with the boards of several community and organizations, and participated in developing industry standards at the national and international level. He is a co-author of the Modula-2 programming language R10 dialect. He is a long time technology author and has written two textbooks and nine novels, one named best ePublished SF novel for 2003. His columns have appeared in numerous magazines and newspapers (paper and online), and he's a regular speaker at churches, schools, academic meetings, and conferences. He and his wife Joyce have lived in the Aldergrove/Bradner area of BC since 1972.

Want to discuss this and other Northern Spy columns? Surf on over to ArjayBB.com. Participate and you could win free web hosting from the WebNameHost.net subsidiary of Arjay Web Services. Rick Sutcliffe's fiction can be purchased in various eBook formats from Fictionwise, and in dead tree form from Amazon's Booksurge.

URLs for Rick Sutcliffe's Arjay Enterprises:
The Northern Spy Home Page: http://www.TheNorthernSpy.com
opundo : http://opundo.com
Sheaves Christian Resources : http://sheaves.org
WebNameHost : http://www.WebNameHost.net
WebNameSource : http://www.WebNameSource.net
nameman : http://nameman.net

General URLs for Rick Sutcliffe's Books:
Author Site: http://www.arjay.ca
Publisher's Site: http://www.writers-exchange.com/Richard-Sutcliffe.html
The Fourth Civilization--Ethics, Society, and Technology (4th 2003 ed.): http://www.arjay.bc.ca/EthTech/Text/index.html
URLs for items mentioned in this column
WWDC: https://developer.apple.com/wwdc/
ConfigServer: https://http://configserver.com/
Atjeu: https://ssl.atjeu.com/

 

Community Search:
MacTech Search:

Software Updates via MacUpdate

PDFpen 9.1 - $74.95
PDFpen allows users to easily edit PDF's. Add text, images and signatures. Fill out PDF forms. Merge or split PDF documents. Reorder and delete pages. Even correct text and edit graphics! Features... Read more
GraphicConverter 10.4.3 - $39.95
GraphicConverter is an all-purpose image-editing program that can import 200 different graphic-based formats, edit the image, and export it to any of 80 available file formats. The high-end editing... Read more
Fission 2.3.2 - Streamlined audio editor...
Fission can crop and trim audio, paste in or join files, or just rapidly split one long file into many. It's streamlined for fast editing. Plus, it works without the quality loss caused by other... Read more
EarthDesk 7.2 - Striking real-time anima...
EarthDesk replaces your static desktop picture with a rendered image of Earth showing correct sun, moon, and city illumination. With an Internet connection, EarthDesk displays near-real-time global... Read more
Things 3.1.1 - Elegant personal task man...
Things is a task management solution that helps to organize your tasks in an elegant and intuitive way. Things combines powerful features with simplicity through the use of tags and its intelligent... Read more
iDefrag 5.2.0 - Disk defragmentation and...
iDefrag helps defragment and optimize your disk for improved performance. iDefrag Features Supports HFS and HFS+ (Mac OS Extended). Supports case sensitive and journaled filesystems. Supports... Read more
Google Chrome 60.0.3112.78 - Modern and...
Google Chrome is a Web browser by Google, created to be a modern platform for Web pages and applications. It utilizes very fast loading of Web pages and has a V8 engine, which is a custom built... Read more
Drive Genius 5.0.3 - Powerful system uti...
Drive Genius gives you faster performance from your Mac while also protecting it. The award-winning and improved DrivePulse feature alerts you to hard drive issues before they become major problems.... Read more
PDFpenPro 9.1 - $124.95
PDFpenPro allows users to edit PDF's easily. Add text, images and signatures. Fill out PDF forms. Merge or split PDF documents. Reorder and delete pages. Create fillable forms and tables of content... Read more
Vivaldi 1.10.867.48 - An advanced browse...
Vivaldi is a browser for our friends. In 1994, two programmers started working on a web browser. Our idea was to make a really fast browser, capable of running on limited hardware, keeping in mind... Read more

Latest Forum Discussions

See All

Steam Panic (Games)
Steam Panic 1.0 Device: iOS Universal Category: Games Price: $3.99, Version: 1.0 (iTunes) Description: Steampunk puzzle in which you spin the playfield to put yourself back together. Dear Reader,Enclosed is a copy of my bizarre 1935... | Read more »
Time Crash (Games)
Time Crash 1.0 Device: iOS Universal Category: Games Price: $2.99, Version: 1.0 (iTunes) Description: Time is about to Crash! It’s up to you to save the city! Time Crash is a 3D first person runner which lets you play as a powerful... | Read more »
Galaxy of Pen & Paper (Games)
Galaxy of Pen & Paper 1.0.0 Device: iOS Universal Category: Games Price: $4.99, Version: 1.0.0 (iTunes) Description: *** NO IN-APP PURCHASES! ****** PREMIUM FOREVER *** THE ULTIMATE ROLE-PLAYING SIMULATION GOES TO SPACE! | Read more »
Niantic reveals more Pokémon GO legendar...
Oof. Pokémon GO Fest Chicago was pretty much a fiasco, huh? Niantic is feeling the heat from fans for their first big event that ultimately ended in failure. So much so that they've released a much longer apology that gives a full run down of... | Read more »
The 5 best life-saving apps for dog owne...
While it's true that dogs are man's best friend, they're also a pretty big responsibility. We want to give our dogs the best lives, but with busy schedules that's not always easy. Luckily, though, there are a bunch of quality apps out there that... | Read more »
Mix and match magical brews in Miracle M...
Miracle Merchant, the charming fantasy card game by Tiny Touch Tales, is arriving next week. The development team, which also brought you Card Crawl and Card Thief, announced the game's launch with a pleasant little trailer that showcases the game'... | Read more »
Last Day on Earth: Zombie Survival guide...
Last Day on Earth: Zombie Survival is the latest big hit in the survival game craze. The gist of the game is pretty cut and dry -- try your best to survive in a world overrun by flesh-eating zombies. But Last Day on Earth justifies the hype... | Read more »
Eden: Renaissance (Games)
Eden: Renaissance 1.0 Device: iOS Universal Category: Games Price: $4.99, Version: 1.0 (iTunes) Description: Eden: Renaissance is a thrilling turn-based puzzle adventure set in a luxurious world, offering a deep and moving... | Read more »
Glyph Quest Chronicles guide - how to ma...
Glyph Quest returns with a new free-to-play game, Glyph Quest Chronicles. Chronicles offers up more of the light-hearted, good humored fantasy fun that previous games featured, but with a few more refined tricks up its sleeve. It's a clever mix of... | Read more »
Catch yourself a Lugia and Articuno in P...
Pokémon Go Fest may have been a bit of a disaster, with Niantic offering fans full refunds and $100 worth of in-game curency to apologize for the failed event, but that hasn't ruined trainers' chances of catching new legendary Pokémon. Lugia nad... | Read more »

Price Scanner via MacPrices.net

Photographer Explains Choosing Dell Laptop Ov...
Last week photographer and video blogger Manny Ortiz posted a video explaining the five most important reasons he settled on a Dell XPS 15 laptop instead of a MacBook Pro for his latest portable... Read more
Sale! 10-inch iPad Pros for $50 off MSRP, no...
B&H Photo has 64GB and 256GB 10.5″ iPad Pros in stock today and on sale for $50 off MSRP. Each iPad includes free shipping, and B&H charges sales tax in NY & NJ only: – 10.5″ 64GB iPad... Read more
WaterField Designs Upgrades TSA-friendly Zip...
San Francisco based designer and manufacturer Waterfield Designs has unveiled an upgraded and refined Zip Brief. Ideal for the minimalist professional, the ultra-slim Zip laptop bag actually holds a... Read more
USB 3.0 Promoter Group Announces USB 3.2 Upda...
The USB 3.0 Promoter Group has announced the pending release of the USB 3.2 specification, an incremental update that defines multi-lane operation for new USB 3.2 hosts and devices. USB Developer... Read more
Save on MacBook Pros with Apple Refurbished 2...
Apple recently dropped prices on Certified Refurbished 2016 15″ and 13″ MacBook Pros with models now as much as $590 off original MSRP. An Apple one-year warranty is included with each model, and... Read more
13-inch 2.3GHz/256GB MacBook Pros on sale for...
B&H Photo has 13″ 2.3GHz/256GB MacBook Pros in stock today and on sale for $100 off MSRP including free shipping plus NY & NJ sales tax only: – 13-inch 2.3GHz/256GB Space Gray MacBook Pro (... Read more
Clearance 2016 13-inch MacBook Airs, Apple re...
Apple has Certified Refurbished 2016 13″ MacBook Airs available starting at $809. An Apple one-year warranty is included with each MacBook, and shipping is free: – 13″ 1.6GHz/8GB/128GB MacBook Air: $... Read more
PHOOZY World’s First Thermal Capsules to Summ...
Summer days spent soaking up the sun can be tough on smartphones, causing higher battery consumption and overheating. To solve this problem, eXclaim IP, LLC has introduced the PHOOZY Thermal Capsule... Read more
2018 Honda Ridgeline with Android Auto and Ap...
The 2018 Honda Ridgeline is arriving in dealerships nationwide with a Manufacturer’s Suggested Retail Price (MSRP1) starting at $29,630. The 2017 Honda Ridgeline was named North American Truck of the... Read more
comScore Ranks Top 15 U.S. Smartphone Apps fo...
comScore, Inc. recently released data from comScore Mobile Metrix, reporting the top smartphone apps in the U.S. by audience reach for June 2017. * “Apple Music,” as it appears in comScore’s monthly... Read more

Jobs Board

Frameworks Engineering Manager, *Apple* Wat...
Frameworks Engineering Manager, Apple Watch Job Number: 41632321 Santa Clara Valley, California, United States Posted: Jun. 15, 2017 Weekly Hours: 40.00 Job Summary Read more
*Apple* Retail - Multiple Positions - Apple,...
Job Description: Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, Read more
Frameworks Engineering Manager, *Apple* Wat...
Frameworks Engineering Manager, Apple Watch Job Number: 41632321 Santa Clara Valley, California, United States Posted: Jun. 15, 2017 Weekly Hours: 40.00 Job Summary Read more
*Apple* Solutions Consultant (ASC) - Poole -...
Job Summary The people here at Apple don't just create products - they create the kind of wonder that's revolutionised entire industries. It's the diversity of those Read more
SW Engineer *Apple* TV - Apple Inc. (United...
Changing the world is all in a day's work at Apple . If you love innovation, here's your chance to make a career of it. You'll work hard. But the job comes with more Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.