3 Tips for Improving Your Physical Fitness, When You're Starting from a Pretty Bad Place

Fitness is one of the most important things in life for overall health and wellness – and maintaining a regular fitness routine has all sorts of potential benefits, ranging from better medical outco...

News Company - avatar News Company

Top 5 Events to Enjoy in the United Kingdom Every Year

The United Kingdom as any country holds numerous engaging festivals throughout the year. What makes the UK offer to stand out from the rest is their exciting travel landmarks and cities that nearly ...

Goran Kezić - avatar Goran Kezić

Friday essay: YouTube apologies and reality TV revelations - the rise of the public confession

A little over a year ago, former Australian cricket captain Steve Smith made a tearful confession and apology to the public, having been banned from cricket for 12 months for ball tampering. Smith&rsq...

Kate Douglas, Professor, Flinders University - avatar Kate Douglas, Professor, Flinders University

Population DNA testing for disease risk is coming. Here are five things to know

Screening millions of healthy people for their risk of disease can be cost-effective. But it raises ethical and regulatory concerns.from www.shutterstock.comDNA testing to predict disease risk has the...

Paul Lacaze, Head, Public Health Genomics Program, Monash University - avatar Paul Lacaze, Head, Public Health Genomics Program, Monash University

Why Sydney residents use 30% more water per day than Melburnians

Melbourne's water supplies are running low after years of drought.shutterstockThis week Melbourne’s water storage dropped below 50%, a sign of the prolonged and deepening drought gripping easter...

Ian Wright, Senior Lecturer in Environmental Science, Western Sydney University - avatar Ian Wright, Senior Lecturer in Environmental Science, Western Sydney University

From gun control to HIV: six ingredients of successful public policy

Australia’s national policy response to HIV/AIDS has been lauded as one of the best in the world.ShutterstockIn the lead up to the recent federal election, there was plenty of negative rhetoric ...

Joannah Luetjens, PhD Candidate, Utrecht University - avatar Joannah Luetjens, PhD Candidate, Utrecht University

How the dangerous evolution of Pakistan’s national security state threatens domestic stability

Protests followed the terrorist attack that killed more than 40 Indian military personnel in the disputed state of Jammu and Kashmir. AAP/Jaipal Singh, CC BY-NDIn February, a terrorist attack by Jaysh...

Robert G. Patman, Professor of International Relations, University of Otago - avatar Robert G. Patman, Professor of International Relations, University of Otago

Taming wild cities: the tall buildings of Australia show why we need strong design guidelines

Towering canyons of concrete and glass are an increasingly dominant feature of fast-growing cities like Melbourne.ymgerman/ShutterstockPrivate enterprise has shaped the skylines of Australia’s c...

Timothy Moore, PhD Candidate, Melbourne School of Design, Monash University - avatar Timothy Moore, PhD Candidate, Melbourne School of Design, Monash University

Let them play! Kids need freedom from play restrictions to develop

Playing in nature improves children's learning, social and emotional skills.MI PHAM/unsplashYou may have heard of play. It’s that thing children do – the diverse range of unstructured, spo...

Brendon Hyndman, Senior Lecturer and Course Director (Postgraduate Education courses), Charles Sturt University - avatar Brendon Hyndman, Senior Lecturer and Course Director (Postgraduate Education courses), Charles Sturt University

If you think less immigration will solve Australia's problems, you're wrong; but neither will more

More by luck than design, recent recent levels of immigration seem to be in a 'goldilocks zone' that balances economic, social and environmental objectives.www.shutterstock.comAre we letting too many ...

Cameron Allen, Researcher, UNSW - avatar Cameron Allen, Researcher, UNSW

Gamers use machine learning to navigate complex video games – but it's not free

Playing Dota 2? You can do better with a little help from machine learning.Shutterstock/hkhtt hj Some of the world’s most popular video games track your activity as you play – but they&rsq...

Ben Egliston, PhD candidate in Media and Communications, University of Sydney - avatar Ben Egliston, PhD candidate in Media and Communications, University of Sydney

Grattan on Friday: Shocked Labor moves on – but to what policy destination?

Bill Shorten has said he likes doing the family shopping, nevertheless Tuesday’s front page picture in The Australian did capture the savagery of changing political fortunes. There was Shorten, ...

Michelle Grattan, Professorial Fellow, University of Canberra - avatar Michelle Grattan, Professorial Fellow, University of Canberra

Narendra Modi has won the largest election in the world. What will this mean for India?

Narendra Modi's image was ubiquitous on the campaign trail – a sign of how much Indians have gravitated toward his cult of personality and nationalist rhetoric.Harish Tyagi/AAP The resounding vi...

Amitabh Mattoo, Honorary Professor of International Relations, University of Melbourne - avatar Amitabh Mattoo, Honorary Professor of International Relations, University of Melbourne

Inside the story: the ABC of screenwriting as demonstrated by ABC's The Heights

Roz Hammond as Claudia in The Heights.Bohdan Warchomij/ABCWhy do we tell stories, and how are they crafted? In this series, we unpick the work of the writer on both page and screen.The rule of three i...

Philippa Burne, Lecturer, BFA Screenwriting, Victorian College of the Arts, University of Melbourne, University of Melbourne - avatar Philippa Burne, Lecturer, BFA Screenwriting, Victorian College of the Arts, University of Melbourne, University of Melbourne

imageWe should know by now - don't click that link.Bill Buchanan, Author provided

A chain is only as strong as its weakest link. Computer security relies on a great number of links, hardware, software and something else altogether: you. The greatest threat to information security is actually people. Why strive to defeat encrypted passwords stored in computers, when those computers' human users will turn them over willingly?

The technique is known as social engineering. It could be a phone call at your desk “from IT” querying problems with your login details, or asking about those of our colleagues'. Or the more common technique of phishing – emails designed to solicit your credit card or login details by passing themselves off as legitimate emails from well-known banks or websites such as PayPal or eBay. This has evolved in spear phishing, in which known details about you personally gives the email even greater credibility.

The latest ruse are emails purporting to be from the World Health Organisation about Ebola, with email subjects including:

“Ebola Safety Tips - By WHO.”

“What You Need To Know About The Deadly Ebola Outbreak,”

“So Really, How Do You Get Ebola?,”

“Is there ANY way to cure Ebola?”

“The #1 Food Items You’ll Need In An EBOLA Crisis.”

But the link to the attached file which is described as health guidelines instead installs the DarkComet Trojan malware that gives attackers remote access to your computer. Any current event is fair game for cybercriminals if it can tempt you to click that link.

Spoofed addresses

A major problem with most types of digital communication, processing and storage is that it’s often difficult to differentiate between a true event or one which has been falsified. This stems largely from the internet’s origins as an open, insecure system. In this email apparently from eBay, the email address of the sender has been spoofed, that is, replaced with another that is not the sender’s actual address, as some email relay systems allow this.

imageAddresses are not as they seem.Bill Buchanan, Author provided

Take a look at the full email headers, however, and the entire route the mail has taken from source to destination is clear, as is the fact the sender is not verified:

Microsoft Mail Internet Headers Version 2.0

Received: from mer-w2003-6.napier-mail.napier.ac.uk ([146.176.223.1]) by EVS1.napier-mail.napier.ac.uk with Microsoft SMTPSVC(6.0.3790.1830);

Wed, 18 Jan 2006 00:17:45 +0000

Received: from pcp0011634462pcs.ivylnd01.pa.comcast.net (Not Verified[68.38.82.127]) by mer-w2003-6.napier-mail.napier.ac.uk with NetIQ MailMarshal (v6,1,3,15)

id ; Wed, 18 Jan 2006 00:17:44 +0000

FCC: mailbox://support_id_1779124147875@ebay.com/Sent

Date: Tue, 17 Jan 2006 17:10:39 -0700

From: eBay support_id_1779124147875@ebay.com

And when the user clicks the link they find themselves at a Korean web site, not ebay.com, which requires the user to login with their genuine eBay credentials – essentially handing over their keys.

Spoofed email

Most people will spot this as a fake these days, but if there’s additional information that tricks the reader into thinking a human wrote the email, prompting them for interaction, it can generate better results.

I have been waiting for quite a long time for you to reply, whith the payments details . For this reason I will be forced to report you to ebay as an upaid item…

imageSpoofed emails, with a human touch.Bill Buchanan, Author provided

This pressures the reader – no one wants bad eBay feedback, after all. Looking at the email’s HTML reveals the con (if the poor spelling and punctuation typical of such emails wasn’t enough) as a hidden form element shows that the user will be taken not to ebay.com but to a server in the Czech Republic (<form method=“POST” action=“http://www.mailform.cz/en/form.asp”>) which, while looking exactly like eBay, will only steal the user’s credentials

Sharp spears

Increasingly it is the spear in spear phishing that is being sharpened, with criminals pulling together more details about you to make their efforts to make you open your wallet more convincing. For example, sending a message apparently from the same bank with which you have an account.

It’s not just home users under attack – corporates are targeted too, and with the growth in hacking attacks linked to nation states and overseas governments, sophisticated and sustained campaigns of spear phishing have succeeded in stealing information from firms and organisations across Europe. Symantec recorded a 62% rise in data breaches from spear phishing in 2013.

The answer has to be better training and keen user awareness. Because for all the tools included in browsers and email readers to try and help users spot these deceits, many still fall for highly targeted phishing mails – and often only one user with access to a corporate site is required for attackers to ratchet up their access to the network.

As the Institution of Engineering and Technology recently told a parliamentary committee, now that we all use computers, all of the time, security is far too important to leave to just a few specialists.

image

Bill Buchanan does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations.

Read more http://theconversation.com/in-cybersecurity-the-weakest-link-is-you-33524