RSS

Category Archives: Security

Australia Post -Scam Alert

Scam alerts
There’s a variety of ways online attackers may attempt to gain your personal or financial information, or exploit you for financial gain.

Check this page regularly for updates on the scams targeting Australia Post customers.

http://auspost.com.au/about-us/scam-alerts.html?ecid=sm–tw—-brand-p5xmas–abt–cns—1411

Advertisements
 
Leave a comment

Posted by on November 13, 2014 in Security

 

Hackers Compromised Yahoo Servers Using Shellshock Bug

Attackers have figured out a way to get onto some of Yahoo’s servers via the Shellshock bug over the past few weeks. This may be the first confirmed case of a major company being hit with attacks exploiting the vulnerability in bash.
http://www.securityweek.com/hackers-compromised-yahoo-servers-using-shellshock-bug

 
Leave a comment

Posted by on October 8, 2014 in Security

 

How to Check if your Bash version is Vulnerable

HOW TO CHECK FOR VULNERABLE SHELL
Run the following command lines in your shell:
env X=”() { :;} ; echo nonvulnerable” /bin/sh -c “echo completed”
env X=”() { :;} ; echo nonvulnerable” `which bash` -c “echo completed”
If you see the words “nonvulnerable” in the output  then you are safe , error then your BASH is at risk.
 
Leave a comment

Posted by on September 25, 2014 in Security

 

Hoax notification email requesting Payment-on behalf of Telstra

I recently had this email coming from “Telstra Billing” as the theme, nevertheless when you check the email address it’s quite readable it’s not telstra..

Refer screensshot

Telstra

 
Leave a comment

Posted by on September 12, 2014 in Security

 

Tracing an IP Address Back to the Source

Tracing an IP address back to its location is a lot simpler now with many online tools like
http://www.ip2location.com/demo
http://www.yougetsignal.com/tools/visual-tracert/
You can also download Ip2location app from AppStore.

 
Leave a comment

Posted by on August 9, 2014 in Security

 

Microsoft Security Bulletin Advance Notification for August 2014

Tuesday 12th August (US time; Wednesday 13th August AU time) Microsoft expect to release nine (9) new security bulletins. Two (2) bulletins carry a maximum aggregate rating of Critical, and seven (7) are rated Important. These bulletins affect Internet Explorer on all supported versions of Windows, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT, Windows RT 8.1, OneNote 2007, SQL Server 2008 SP3, SQL Server 2008 R2 SP2, SQL Server 2012 SP1, SQL Server 2014, SharePoint Server 2013, .NET Framework 2.0 SP2, .NET Framework 3.0 SP2, .NET Framework 3.5, and .NET Framework 3.5.1.

https://technet.microsoft.com/library/security/ms14-aug

 
Leave a comment

Posted by on August 9, 2014 in Security

 

YAHOO TO RELEASE END-TO-END ENCRYPTION FOR EMAIL USERS

Yahoo plans to enable end-to-end encryption for all of its Mail users next year. The company is working with Google on the project and the encryption will be mostly transparent for users, making it as simple as possible to use.

Alex Stamos, CISO at Yahoo, said that the project has been a priority since he joined the company a few months ago and will be a key way to make online life safer for millions of users. Yahoo is using the browser plugin Google released in June that enables end-to-end encryption of all data leaving the browser. Stamos said Yahoo is working to ensure that its system works well with Google’s so that encrypted communications between Yahoo Mail and Gmail users will be simple.

“The goal is to have complete compatibility with Gmail,” Stamos said during a talk at the Black Hat USA conference here Thursday.

The email encryption isn’t the only security improvement on the horizon for Yahoo. The company is also working on enabling HSTS on its servers, as well as certificate transparency. HSTS (HTTP strict transport security) allows Web sites to tell users’ browsers that they only want to communicate over an encrypted connection. The certificate transparency concept involves a system of public logs that list all certificates issued by cooperating certificate authorities. It requires the CAs to voluntarily submit their certificates, but it would help protect against attacks such as spoofing Web sites or man-in-the-middle.

The security upgrades on the docket at Yahoo are aimed at making it easier for everyday users to use the Internet safely and securely, without needing to be security or privacy experts, Stamos said. The security industry spends a lot of time working out defenses and new products to protect against exotic attacks while users are being targeted by much more mundane attacks that still don’t have effective solutions.

“Post-Snowden, we have a strain of nihilism that’s keeping us from focusing on what’s real,” Stamos said. “We as an industry have failed. We’ve failed to keep users safe.

“If we can’t build systems that our users in the twenty-fifth percentile can use, we’re failing. And we are failing. We don’t build systems that normal people can use.”
reference
http://threatpost.com/yahoo-to-release-end-to-end-encryption-for-email-users

 
Leave a comment

Posted by on August 8, 2014 in Security