Author Archives: mike

How SHA-1 Is Broken

(This gets very esoteric very quickly) Those of you paying attention may have realised that very recently (January this year), browsers started complaining about security when connecting to sites whose SSL certificates used the SHA-1 hashing algorithm within the certificate. … Continue reading

Posted in Technical | Tagged , , | Comments Off on How SHA-1 Is Broken

Phishing: What To Do In The Aftermath

In the event that you have given away your account details in response to a phishing attack, and either discovered yourself that your account is compromised or you have been told so by IS, then there are some steps to … Continue reading

Posted in Email, Passwords | Comments Off on Phishing: What To Do In The Aftermath

Don’t Automatically Trust Email!

Email is a very easy to forge – so easy that if you try to impress a hacker by claiming to have forged email, they’ll fall about the floor laughing. So you should not automatically trust email – there are … Continue reading

Posted in Email | Comments Off on Don’t Automatically Trust Email!

Analysis Of A Phishing Attack

The following is the analysis of a real phishing attack that we have seen, together with some indications of how a phishing attack can be detected. For the impatient, some of those indicators are listed below :- Are you expecting … Continue reading

Posted in Active Attacks, Email | Tagged , | Comments Off on Analysis Of A Phishing Attack

How Often Should I Patch?

The short version: “It varies”. “Have you applies the latest security fixes from your operating system vendor to your machines?” I asked, trying to a learn a little more about Fred’s security posture. Fred replies with hesitation, “We apply security … Continue reading

Posted in General | Tagged , | Comments Off on How Often Should I Patch?

Friday’s DDoS Attack And The Mirai IoT Worm

It may have reached your attention that there was a significant denial of service attack against a widely used DNS provider – the service provider for organisations such as Twitter, Github, and Amazon. The effect was to make certain services … Continue reading

Posted in Active Attacks, Technical | Tagged , | Comments Off on Friday’s DDoS Attack And The Mirai IoT Worm

Free Converters May Come With Unwanted Gifts

I read this morning a post on another blog site about an experiment that someone tried. They converted a PDF file to a DOC file using five different free web-based converters and found that three of the results were malware-infected. … Continue reading

Posted in General, Malware | Comments Off on Free Converters May Come With Unwanted Gifts

Do Not Attach Network Equipment to the UoP Network

It can be very tempting for a quick solution (especially for a temporary bodge) to attach network equipment up the University network. Don’t do it. Please! In the past it was unusual for network equipment to be so widely available, … Continue reading

Posted in General | Comments Off on Do Not Attach Network Equipment to the UoP Network

Do You Know Email’s “BCC” Header?

There are a number of stories¬†going around at the moment relating to unintentional release of email addresses in terms of allowing third parties access to the email addresses. This is almost always a mistake made by someone who used conventional … Continue reading

Posted in Email | Tagged , , | Comments Off on Do You Know Email’s “BCC” Header?

TeamViewer: People Being Hacked

There are many¬†reports that those using the TeamViewer application are being subjected to hacks with their bank accounts being emptied and similar problems. The details of how the attackers are breaking in are not available, but it seems likely that … Continue reading

Posted in Active Attacks, Technical | Tagged | Comments Off on TeamViewer: People Being Hacked