Security

internet computer network security

SPAM with Spoofed Sender

Recently, I’ve started getting more “bounced” or backscatter email returned to me, as if I was the sender… These messages are SPAM, and are not sent from my account, not from my domain, and not from my hosting service. Someone is generating email messages and forging or spoofing the sender address to make it look like it was sent from another account. It is really simple to do this, but it is also easy to block it. There are several systems like Sender Policy Framework (SPF) and Yahoo’s DomainKeys Identified Mail, or the DMARC system, that can validate that email messages were sent from an approved email server or gateway. They use a specially formatted text record in the domain’s Domain Name Service (DNS) records to identify the correct originating server. If an email with a spoofed sender is sent from an unauthorized email system it can be rejected. So, if you have found my site because you think that I have sent you SPAM or are trying to extort you for a BitCoin payment, please recognize that it didn’t actually come from me… Your email client should have an option to show you the entire message header, and you should be able to see that the email actually came from someone else, likely in another country. We need to continue to press our internet service providers to leverage the spectrum of anti-spam tools, including things like SpamHaus DNSBL, SPF, DKIM or DMARC, as well as offering filtering tools like […]

SPAM with Spoofed Sender Read More »

Mousejack

Speaking of Logitech (in my previous post) it also turns out that security research firm, Bastille, has uncovered a vulnerability in many USB wireless keyboards and mice where the USB “dongle” is easily hacked, allowing someone to connect to your computer and take over control of your keyboard… The list of manufacturers includes Dell, HP, Logitech and Microsoft. See the details at the website created by Bastille, or one of the many news articles like this one at ComputerWorld. The article has links to more information, a list of affected devices, and links to manufacturer support sites that have already posted software or firmware updates. This only affects USB Wireless devices, not Bluetooth devices like the Apple keyboards and mice.

Mousejack Read More »

I hate SPAM, and GoDaddy is Useless!

After the debacle with my CenturyLink DSL last summer, I had to make a quick decision on alternatives to hosting my own domain, email and web. I ended up being off the network for two weeks when CenturyLink couldn’t figure out how to restore my DSL server when they did an upgrade that I had already cancelled. Many years ago, I used a domain-hosting service called DomainDiscover that registered my domains and DNS, redirected web requests inside of a frame, and relayed email from a virtual domain to my ISP account. After I started running Apple’s OS X Server, though, I realized that I could provide most of those services myself, on my own home server. My ISP, NeTrack, who was later acquired by Indra’s Net, provided a static IP address, so hosting my own domain was fairly straight-forward. Once I started running my own services locally, I decided that it wasn’t necessary to be paying DomainDiscover for the other services that I wasn’t using any longer. All I really needed was a domain registrar. Checking on pricing, it seemed that GoDaddy was about the least expensive, and while nobody had a great customer service record, GoDaddy was large and established, so I transferred my domain registrations to them. So, when my DSL was down for an extended period of time, I did some quick checking, and discovered that GoDaddy had recently started using CPanel virtual Linux hosting, and had hosting plans on sale for half-price, so it was only about $5/month, as I

I hate SPAM, and GoDaddy is Useless! Read More »

Apple released a BASH Shell Security Update for Shellshock, kinda…

While Apple has released a security update to address the “shellshock” vulnerability in the bash shell, they have not made it available through Software Update! See the support page at: http://support.apple.com/kb/HT1222 for links to the downloads and installation instructions. Update: Apple has rolled the bash shell update into Security Update 2014-005. See the details at: https://support.apple.com/kb/HT6531 Presumably, the fix is also included in OS X 10.10 “Yosemite” (https://support.apple.com/kb/HT6535) which was released yesterday.

Apple released a BASH Shell Security Update for Shellshock, kinda… Read More »

Missing Updates?

Like most of us, I’ve come to rely on Apple’s Software Update to tell me when new updates are available. It seems that most third-party software has its own built-in mechanism for checking for updates as well, so I hardly ever go to http://www.VersionTracker.com or http://www.MacUpdate.com to look for new releases any more. I’ve discovered in the past few weeks, though, that I’ve missed some updates, because the built-in updaters haven’t alerted me that new software was available. One of these packages is the Adobe Acrobat Reader, now just called “Reader.” I know that it has its own updater, but version 9 never told me that version 10 was available! I had updated Reader up to 9.41, but it doesn’t offer to upgrade to Reader 10, which came out back in October! I had seen an article on the web that mentioned that Reader X wasn’t susceptible to the latest malware attack. I didn’t remember getting Reader X, so I opened Reader, and checked the version number in the About box — 9.41. I manually ran “Check for Updates” and the Updater ran, and told me that I had the latest version. I went to Adobe’s website (http://get.adobe.com/reader/), though, and found that 10.0 was available. I had to manually download and install version 10 last week, but its told me today that version 10.0.1 is available (and its updating right now!). Another one of the other updates that I hadn’t gotten was for the “Flip for Mac WMV” plug-in that allows playing Windows-format video

Missing Updates? Read More »

Scroll to Top