Posts by Mark Pace

Sophisticated Apple ID phishing email “Update your Apple ID account”

Posted on by Mark Pace

Apple ID account holders targeted by double chance phishing email

Apple ID account holders need to be cautious of a sophisticated phishing camping targeting your Apple ID, personal information and credit card details.

REMEMBER: You will have an Apple ID if you have registered to use iTunes or many other Apple products. You don’t need to own an Apple iPhone or Mac to have an Apple ID.

The phishing email looks official and currently includes the subject line “Update your Apple ID account”. Other known subject lines include: “Please update your Apple ID”, “Please verify the email address associated [sic] with your Apple ID”, and “Your Apple ID has been Disabled for Security Reasons”.
Similar versions could also reference iTunes.

The email includes a link which, when clicked, takes you to a fake, but realistic looking Apple website asking you to sign in to your account.

 

An example of the phishing email: clicking the “Update Now >” link
will take you to a fake Apple sign in page

The first fake Apple web page

If you enter your account details they are immediately sent to the scammer, however this is a two-stage scam, and once you have entered your Apple ID and password it will continue, taking you on to a second fake page where you are asked for further information including your credit card details.

The second fake Apple web page, seeking extra information

The fake website has been customised to specifically target Australian Apple ID account holders and features a number of design details tailored to lure Australians, such as a field requesting Medicare Card numbers and Australian flag  icons.

Some inconsistencies, such as the request for your “3D Secure” number or the placement of a Discover Credit Card logo (predominately US features), offer clues to suggest this is a fake page.
The most important indication that this is a scam is the assurance from Apple that they will not contact you seeking critical information via an unsolicited email.
If you need to log on to manage your Apple ID account or any other online service, source the website address independently of any such emails and type it directly into your browser.

Avoid  phishing  emails  

Always be suspicious of unsolicited emails.

Do not click links or open attachments unless you are confident about the sender and information the email contains. The best advice is to simply delete the email.

If you are uncertain about the origin of any email you can always cross check the information by going independently to the company’s website or by calling them directly.

Apple customers also have the option of activating two-factor authentication for their Apple account.

 

 

 

Source : www.staysmartonline.gov.au

What is DNS and Records?

Posted on by Mark Pace

Found some really good information on DNS and rather than reinvent the wheel, I thought I would share this with you.
Credits at the bottom of the article.

DNS (Domain Name System) is a simple service many in IT don’t understand. It’s essentially the phone book for any network — especially the Internet. When you surf the web you use DNS. If not, you would have to remember every system’s IP address you wanted to visit. Instead of Google.com or Amazon.com, you would have to remember 74.125.239.82 and 205.251.242.54 and every backup IP address they use for load balancing the traffic.

There are many different providers of DNS. They’re your ISP (home or business), Google, Level 3, OpenDNS, DynDNS, etc. Your home ISP will often provide features like search assist or phishing block to help protect you while you’re searching the web. Google (8.8.8.8 and 8.8.4.4) and Level 3 (4.2.2.1 and 4.2.2.2) provide DNS servers that don’t block any requests (unfiltered) so you don’t have to use your ISP’s DNS services if you don’t want to.

OpenDNS and DynDNS offer services — for pay and for free — that allow you to control what kind of sites you wish to block and what sites you wish to allow. Pay accounts often give you more control down to individual sites rather than categories of sites. This is a popular method for securing home Internet service to protect kids from looking at content you don’t want them to look at — without having to hover over them as they browse the Internet. It’s also good for protecting you from phishing scams.

A records
Basic DNS records are called A records. These are Address Records for a hostname. For example, if you look at the A records for www.google.com you will find several entries that include 74.125.227.209, 74.125.227.210, 74.125.227.211, 74.125.227.212, and 74.125.227.208 as well as one that looks different than the others: 2607:f8b0:4000:803::1013. This one is IPv6 where the others are IPv4. Having multiple records like this doesn’t give true load balancing. If you surf to www.google.com and DNS tells your system that it needs to contact 74.125.227.209 and it doesn’t respond, your system doesn’t ask again — it gets 74.125.227.210 and continues. It will ask the question once and if it gets an answer (even one that states the address can’t be resolved) your browser will attempt to connect to it and return the web page or a “page doesn’t exist” error page.

MX records
DNS records are also used to route email around the Internet. These are called MX records. They usually point to a group of computers that are responsible for receiving mail for the organization. Each entry will have a priority associated with it — this provides a failover so if one mail server isn’t responding, the sending mail server can try the next one in the list.

NS records
So what are DNS servers called in DNS records? NS, or Name Servers, are the servers that are responsible or have authority for the domain zones they host. This also helps with replicating the changes in the DNS zone between servers that are responsible for each DNS zone.

PTR records and rDNS
There are also reverse records called pointer (PTR) records. These help with security. If a system receives email, it knows what IP address it came from. It will do a reverse DNS (rDNS) lookup to see what domain name it came from. Then it compares this with the MX records to see if this server is registered as an email server. If not, it can reject the email as spam.

Another use is in network troubleshooting when you know the IP address but don’t know the system name. PING and TRACERT (trace route) commands will show you the IP address and the DNS name.

CNAME records
Another popular record type is a CNAME. This is a Canonical NAME record — think of it as an alias record. It is used when one IP address is used for multiple services. For example, let’s say you have a website named www.yourwebsite.com and it has an IP address of 10.1.2.3, but you also have other services you wish to publish, like FTP.

Rather than making another A Record for ftp.yourwebsite.com, you can make a CNAME for ftp.yourwebsite.com and point it (alias) to www.yourwebsite.com. When/if you change the IP address for your website (change of providers), then you only have to update one record (the A Record) for www.yourwebsite.com and all of your CNAME records will automatically be redirected to the proper IP address.

However, there are some rules that should be followed with CNAME records.

  1. You should never point a MX record to a CNAME.
  2. You should never point a NS record to a CNAME.
  3. You shouldn’t point a CNAME to a CNAME as it could create a never-ending loop.

SRV records
Corporate DNS used for Active Directory Domains takes this further and includes records that help computer systems authenticate on the network and determine what domain controller is closer, what file server is closer, what the email server auto-setup should be, etc. These records include SRV records that are used for Kerberos, LDAP, and other services as the domain needs to function.

So what system holds the DNS for corporate servers (Active Directory)? Active Directory servers run DNS service that clients — other computers on the internal network — will point to them for all DNS needs. It’s up to the internal DNS servers to decide if the request is for an internal (private) record or for a public record.

If it needs a public record, there are several ways a DNS server can find the information. It can point to a set of servers either for all domains or for just a specific domain. It can use root hints to direct traffic to the proper public DNS servers. Or, it can also use a combination of the two — depending on the needs of the organization.

If you have an Active Directory environment and you point your client (or the DNS client on a domain controller/DNS server) to a public DNS server, your domain won’t function properly. The public DNS servers won’t have the records for your private DNS zone and won’t have any way to get them if your client requests it. This will prevent your computer from authenticating on the domain, joining the domain, connecting to your email server, surfing your corporate intranet, etc.

Split DNS
Let’s say you’re in a corporate environment. You have a web server that you list as www.yourwebsite.com with a public DNS record of 74.125.227.210 (this is Google’s IP address — I’m only using this as an example). But, you’re inside your network and your firewall won’t allow traffic to go out, make a u-turn and come back in so you can’t get to the website. How do you resolve this for your internal clients? You make a split DNS.

This means there is a public DNS zone for yourwebsite.com that contains an A Record for www. that resolves to 74.125.227.210 and you have an internal DNS zone (on your domain controller or domain DNS server) that also has a zone for yourwebsite.com but has an A Record for www. that resolves to 10.1.2.3 (the internal IP address for the same web server).

Now your client on the inside of your corporate network can communicate with your web server at www.yourwebsite.com. If this is a mobile device, you could move between networks (corporate, public Wi-Fi, home) and still have access to the website. Of course, with this split DNS zone, you’ll have to enter every record that’s in the public DNS zone or you will break the other records while on the internal network.

Another split DNS zone implementation is to do it just for the record you wish to redirect. You would create a DNS zone for www.yourwebsite.com and have the default record resolve to 10.1.2.3 — this way you only have to maintain one record internally instead of every record that is in the public DNS zone.

 

da Beast Aug 6, 2013 at 4:42 AM | DNS
This is the 223rd article in the Spotlight on IT series.
Source: https://community.spiceworks.com/topic/366432-the-name-game-from-dns-ignorance-to-enlightenment?utm_campaign=0805&utm_medium=+spotlight&utm_source=+swemail

WEP wireless security

Posted on by Mark Pace

View Online

Alert Services (Advisory)
7 June 2013

Australians continue to use out dated encryption

Businesses and home users are advised to avoid using the Wired Equivalent Privacy (WEP) security protocol for wireless connections.

Once commonly used, the WEP security protocol is today considered broken and should not be used.

Although most router/modem manufacturers and Internet Service Providers currently supply and support devices with higher levels of encryption, many computers and networks continue to maintain wireless connections via WEP.

If you still currently use WEP, your wireless connection is vulnerable, information you send via this method is easily accessible via sniffer tools downloaded from the Internet.

You should check your current settings and if you currently use WEP, choose an alternative security protocol for your wireless connections.

How to find your wireless security settings:

Windows
For Windows based computers, you can check the level of security being used on a wireless network by viewing Network Options in the Control Panel. From here, select your wireless network and open the Properties for that connection. The exact name and location of these options will vary between versions of Windows. A security tab or menu should offer a choice of security protocols for your device.

Apple
For Apple based computers, you can check the level of security being used on a wireless network by clicking the Network icon in the System Preferences. Select your connection on the left hand side and the security level will be listed next to the network name.

How to update your wireless security:

Updating wireless security varies depending on the make and model of your wireless device. Refer to your manual for individual product details.

Modern modems, routers and wireless devices typically offer a range of encryption protocols. Wireless encryption should be set to WPA2 if available (or WPA if not).

There can be various types of WPA2 encryption, with the simplest version being WPA2-PSK. This uses a network name and requires a password. Most computers and smartphones can connect to WPA2 networks with minimal reconfiguration.

If your wireless device does not support any encryption other than WEP, it is strongly advised to update your equipment.

More information

More tips are available here (PDF).

The information provided here is of a general nature. Everyone’s circumstances are different. If you require specific advice you should contact your local technical support provider.

Information provided by the Internet Commerce Security Laboratory, www.icsl.com.au

Disclaimer
This information has been prepared by Enex TestLab for the Department of Broadband, Communications and the Digital Economy (‘the Department’). It was accurate and up to date at the time of publishing.

This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.

The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.

Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.

Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.
Host of subscription service
The Commonwealth has engaged Ladoo Pty Ltd to host the Stay Smart Online Alert Service. All URL links should show the domain send.ladoo.com.au at hover over. URL links related to the administration of the service (‘View online’, ‘Update your profile preferences’ and ‘unsubscribe’) should direct you to web pages hosted by Ladoo Pty Ltd.

CONTACT US
Facebook: www.facebook.com/staysmartonline
Email: staysmartonline@dbcde.gov.au
Web: www.staysmartonline.gov.au

2012 Australian Government. All rights reserved

SITBACK… and relax. Offsite online backup data solutions

Posted on by Mark Pace

SITBACK FINALSITBACK (“Sterling IT Backup”) provides our customers with a seamless, robust online data backup solution to an offsite location.
Also known as Cloud Backup.

Data loss or the exposure of sensitive data can result in huge financial losses, legal penalties, loss of reputation, brand damage, loss of intellectual property, loss of customer trust… and all this can easily lead into bankruptcy.

 

Sterling IT specialises in secure online backup and recovery. Whether you are looking for online backup of servers, distributed networks, workstations or notebooks, Sterling IT has a suitable solution and reliable technology that will scale with your business.

Sterling IT provides real-time, hassle-free, local and offsite backup protection. It offers a reliable, centrally managed backup solution that unravels complexities and makes it easier for IT managers and business owners to protect their organization’s most important asset – their data.

Both small business and enterprise solutions Sterling IT offer both allow unlimited clients. That is you can run the backup client on 1 computer/server or 100’s of computers/servers (including laptops that are in the field all the time). That’s right, NO CLIENT FEE. You can start with 1 or 2 systems and just keep installing onto more computers or servers as required. All that is required is an internet connection.

In today’s information-driven organisations, the cost of managing, keeping available and recovering data can be overwhelming.

The ever-increasing role digital information plays in our lives has increased scrutiny over how it is stored and protected.

In order to ensure company’s good name, integrity and longevity, data must be stored securely and in multiple locations; this is no more just “nice to have”, it is a necessity.

Enterprises are seeking new ways to tackle their data protection challenges. While data growth is not new, the pace of growth has become more rapid, the location of data more dispersed and the value much higher.

Sterling IT offer plans starting from $9 per month based on storage requirements. Unlimited computers! All backed up to AUSTRALIAN DATA CENTRES.

SITBACK is the easy to use, automated and affordable way to backup your irreplaceable data. At your predetermined time, your data is encrypted, compressed and sent to our secure, offsite servers.

For a limited time, Sterling IT is offering our clients a free trial and installation.
Contact us now to organise protecting your data.

sitback

Further information and terminology can be found at https://en.wikipedia.org/wiki/Remote_backup_service

Is your website infected with Malware or on a blacklist?

Posted on by Mark Pace

People trust many websites today including ticketing sites, real estate sites etc. The issue is most malware and trojans are being injected into sites we actually trust. This can include YOUR website.
If you want to be as sure as you can if your website is clean, go to Securi Sitecheck, type your URL and check for any malicious code or blacklists you may be on.

You will see results like below (Sterling IT is safe!). if you find your domain has any issues or is on a blacklist, contact Sterling IT as soon as possible. The longer you leave it, the longer it will take to reverse.

Comparitech have published a list of the best web application firewalls (WAFs) that can help protect a website from hacks and external attacks. Here’s the link – https://comparite.ch/best-waf