Meeting Topics

7:00pm – 9pm

Subscribe to calendar in iCal



view by category

view by month


rss feeds

admin stuff

Archives for Category : Security

Tis the Season: Anatomy of a Spoof Email

December 6th, 2012 in Security

Oh looky, right there in my Mail in-box. It’s a PayPal receipt! Must be for one of the gifts I just bought online:

(Click the image to embiggen) Wait a minute, I didn’t buy six 12 piece cookware sets! And last time I checked six times $19.59 is just a tad bit less than $730.48. What is going on? Guess I’d better hit that Resolution Center link and get this fixed …

Or maybe not. Before clicking anything let’s see exactly where it will take us:

  1. RIGHT-click or CONTROL-click on the Resolution Center link and select Copy Link from the contextual menu that appears.
  2. Open TextEdit, Notes or some other plain old text editor and open a blank document.
  3. Chose Paste from the Edit menu and we see:

(Not the actual domain name) Well that’s certainly nothing to do with PayPal. Let’s check the other links … yep, they all go to the same definitely-not-PayPal place. Try the same thing on a real PayPal confirmation email and you’ll see the links point to (or or at least some domain that ends in exactly, and nothing else. If the domain name has anything after the .com, such as it’s actually pointing to somewhere at and is a fake. Oh and the genuine PayPal email doesn’t appear to even have a Resolution Center link.

What to do now? Well fortunately PayPal has a method to deal with this: forward the email as-is to then delete it from your in-box. But only do that if you are certain it is fake. If you really want to verify the charge login to your account and check the transaction history. If it’s not listed then it’s probably bogus.

In this case it appears the destination URL was trying to sell something rather than phishing for my account information but it’s always good to play it safe before actually visiting any emailed link. I’ve seen similar bogus Apple Store receipts so this same principle applies to any other email you receive. If it looks suspicious for any reason go ahead and check where the links will take you. If you’ve got a previous known-valid email do the same to it to check the valid link destinations. Worst case, go to the company’s web site and double check it that way.

Just remember to be careful where you click.

Comments Off on Tis the Season: Anatomy of a Spoof Email

Beware of Bogus Apple Billing Email

October 5th, 2012 in Security

Just a quick FYI: Today I received a very Apple looking email with the following text:

Dear Customer,

It has come to our attention that your account Billing Information records are out of date. That requires you to update your Billing Information. Failure to update your records will result in account termination.

Click on the reference link below and enter your login information on the following page to confirm your Billing Information records…

Click on to confirm your Billing Information records.

Thanks, Apple Customer Support

Oh dear, I’d better click that friendly blue Apple Store link and update my account information! I certainly wouldn’t want my account to be terminated!!

But wait a minute, if instead of simply clicking on that link I right-click, choose Copy Link then paste it into the Safari URL box (but don’t press RETURN) I see it’s actually a domain registered in India rather than Apple. Yep, it’s a complete scam. Some lowlife butt-headed bozo would just love for me to click that link and enter my Apple Store account info so they can steal from me.

Sorry bozo, not this time.

It bears repeating that you should never blindly trust that the link you see in an email message actually points to where it says it will. When in doubt use the above trick to see the true destination and if what immediately follows the http:// doesn’t exactly match what it should then stay away, far away.

Comments Off on Beware of Bogus Apple Billing Email

The Flashback Trojan

April 9th, 2012 in Security

There is a nasty bit of Mac malware making the rounds that exploits a flaw in the Java web browser plug-in to install itself on your machine if you visit a site that has been compromised:

Apple has released Java updates to patch the Java flaw, which you should definitely install, but that will not remove the malware if it is already on your computer. The above Macworld article details how you can check for the presence of this little beastie.

Optional: Go Java-less

Most people will have no need for the Java plug-in so you can also simply disable it to protect yourself from possible future security issues it might have:

  1. Choose Preferences from the Safari menu.
  2. Select the Security tab.
  3. Turn OFF the “Enable Java” checkbox.
  4. Close the Preferences window.

If you do use a site that requires the Java plug-in you’ll see a missing plug-in placeholder for theta content when you visit it.

NOTE: You’ll also notice a checkbox labeled “Enable Javascript”. You generally DO NOT want to turn that off. Other than an unfortunate naming decision it has nothing to do with Java and is so ubiquitous these days that turning it off will probably break a lot of the sites you visit.

And While You’re at it: Less Flash!

The other historically popular vector for Internet malware is the Adobe Flash plug-in, used mainly for web video and annoying animated ads. Removing Flash is possible but a bit more problematic as you will probably bump into embedded videos that require it. It is possible though:

Another less draconian option is to install the ClickToFlash Safari extension. With it installed Flash based content will not be loaded when a site is visited, instead you see a ClickToFlash placeholder. Clicking it loads that particular Flash item but no others on the page.

Install ClickToFlash by visiting Apple’s Safari Extensions archive at, then scroll through the list of Most Popular plug-ins until you find ClickToFlash. Click the Install button and you’ll be all set.

Other potentially beneficial side-effects of using ClickToFlash are: faster web site load times and less annoying animated ads.

Comments Off on The Flashback Trojan

Do Not Install “Mac Defender”

May 11th, 2011 in Security

A fake anti-virus application called “MAC Defender” is making the rounds. DO NOT DOWNLOAD OR INSTALL IT as it is a fake. It reports bogus virus infections and requests your credit card number to remove them. Details are here:

You can’t be spontaneously “infected” by this piece of garbage, you have to run it and enter your admin account password before it can install itself. Don’t!

To repeat, MAC Defender is a fake. Do not install it!

2011-May-31 Update

Security Update 2011-003 is now available via Software Update in the apple menu. This update detects known instances of the Mac Defender malware with the list of known instances automatically updated as needed.

Comments Off on Do Not Install “Mac Defender”

Skype Users – Update Now

May 9th, 2011 in Security

If you use Skype for your audio and video conferencing make sure you’ve got the latest and greatest version as it contains a fix for a bug that could potentially allow malicious persons full access to your machine:

The fix was released about a month ago so if you haven’t updated your Skype application since then be sure to do it soon.

NOTE: PowerPC Mac users still using Skype 2.8 don’t have to worry as that version never had the problem.

Comments Off on Skype Users – Update Now