IT News, Solutions and Support

Proactive Computing | Optimizing IT for usability, performance and reliability since 1997

Tag: Mac

Hack Brief: Upgrade to iOS 9 to Avoid a Bluetooth iPhone Attack

Hack Brief: Upgrade to iOS 9 to Avoid a Bluetooth iPhone Attack

A just-patched wireless attack represents a rare risk to Apple’s carefully restricted mobile operating system.

The post Hack Brief: Upgrade to iOS 9 to Avoid a Bluetooth iPhone Attack appeared first on WIRED.

Researchers Create First Firmware Worm That Attacks Macs

Researchers Create First Firmware Worm That Attacks Macs

The common wisdom is that Apple computers are more secure than PCs. It turns out this isn’t true.

The post Researchers Create First Firmware Worm That Attacks Macs appeared first on WIRED.

Email Spoofing: Explained (and How to Protect Yourself)

Jason P. Stadtlander Headshot, Huffington Post

Recently a co-worker asked me “Why do people even bother to spoof my email address?”

First, for those of you joining me that have no idea what the term spoofing means – let us examine that.

Spoofing is defined as:

/spo͞of/
verb
1. imitate (something) while exaggerating its characteristic features for comic effect.
2. hoax or trick (someone).

Origin: late 19th century English comedian Arthur Roberts.

In the context of computers, to spoof one’s email address means that the sender is acting as if the email is coming from someone it is not.

How someone (or something) sends an email made to look like it comes from somewhere or somewhere it does not, is a little more technical to explain. So, if you don’t like tech talk, then skip to the next section “Why is my email address being spoofed?”

How are they spoofing me?

Spoofing email addresses is rather easy. All a person needs to spoof an email address is an SMTP (Simple Mail Transfer Protocol) server (a server that can send email) and the appropriate email software. Most website hosting services will even provide an SMTP server in their hosting package. It is also possible to send email from your own computer if you load an SMTP server on it, however most ISPs will block port 25 (which is required to send out email).

Many of the available free SMTP servers will allow you to show a different “from” address than the actual registered domain that the email is transmitting from. However, to the recipient of said message, they will see that it actually came from the address you specified.

Now, there are special checks in place (and more being put into place) to prevent exactly this problem. One is called SPF or “Sender Policy Framework” which was developed by Meng Weng Wong in 2003. Basically, each time an email is sent, the receiving server compares the IP of the origin with the IP listed in the SPF record with the appropriate domain.

EXAMPLE 1: So, for example, let’s say someone tried to spoof Bill Gates (billgates@microsoft.com):
They would send an email on his behalf > the recipient server would then talk back to microsoft.com and say “Hey, I have an email that is coming from 123.123.123.123 stating that it was sent from billgates@microsoft.com.” > microsoft.com would then tell the recipient server, “No, sorry, it should be coming from 111.111.111.111.” and the message would never get delivered.

Why is my email address being spoofed?

Two basic reasons people (and machines) spoof:

1. Malicious: To cause useless internet traffic – ultimately hoping to bog down servers or bring them to a halt.

2. Because you were unlucky enough to have clicked the wrong thing at the wrong time.

Continue reading Email Spoofing: Explained on Huffington Post The Blog

Email Spoofing: Explained (and How to Protect Yourself) | Jason P. Stadtlander

Daily Report: Keeping Data Secure Is One Tough Job – NYTimes.com

Daily Report: Keeping Data Secure Is One Tough Job – NYTimes.com.

“We’re like sheep waiting to be slaughtered. We all know what our fate is when there’s a significant breach. This job is not for the fainthearted.”

~ David Jordan, the chief information security officer for Arlington County in Virginia.

Daily Report: Keeping Data Secure Is One Tough Job - NYTimes.com

9 tips for smarter passwords – azcentral.com

9 tips for smarter passwords – azcentral.com

http://www.azcentral.com/story/money/business/2014/08/06/9-tips-for-smarter-passwords/13688891/

You’ve heard them. You know you already know them.

But do you follow them?

 

Hackers Find Way to Outwit Tough Security at Banking Sites – NYTimes.com

Hackers Find Way to Outwit Tough Security at Banking Sites – NYTimes.com.

Hackers Find Way to Outwit Tough Security at Banking Sites - NYTimes.com

Even two-factor authentication can be twarted. This article has some interesting insight on the way the attacks are engineered…

Russian Hackers Probably Have Your Passwords. Now What? | TechCrunch

Time to change those passwords again…how often do you change yours?  Who doesn’t still have a few from the Stone Age? Just do it!

Russian Hackers Probably Have Your Passwords. Now What? | TechCrunch

.