Sunday, May 12, 2024


I get a lot of requests about email protection, the following are measures used to help prevent email tampering and provide your email a good reputation over time if you have no problems.

They are mainly used when you have your own domain name and once configured start working immediately.
Large email providers also provide this protection but I am not sure to what degree, they have to take into account bad actors as well as the good so it's a balancing act.

The following gives you an idea of what these protocols provide.

SPF and DKIM for Email protection

SPF and DKIM are two authentication protocols used to detect email spoofing, which is when a malicious sender pretends to be someone else. They are also used to increase your email deliverability.

 Are SPF and DKIM the Same?

While they both are authentication protocols, SPF and DKIM are not exactly the same. 
SPF is used to authenticate the sender and ensure that only authorized servers can send emails from your domain, while DKIM is used to verify that messages haven’t been tampered with in transit. 

Do I Need Both DKIM and SPF?

Yes, it is highly recommended to use both DKIM and SPF for a complete email authentication setup. This will protect your domain from malicious activity and improve your deliverability rates.

Can SPF and DKIM Prevent My Emails From Being Marked as Spam?

Yes, SPF and DKIM can prevent your emails from being marked as spam by helping you build a good reputation with email providers. However, they cannot guarantee that your emails will never be marked as spam.

This information has been collected from the Internet 

Tuesday, May 7, 2024


 Australian migration agent Aussizz has been breached and had almost 300GB information taken. Migration agents require personal documents from applicants to submit with their request to come to Australia. These can include payslips, passports, education records, visas, and photographs, which makes migration information a lucrative target for criminals to use to enter Australia.

Every breach gives the criminals using the Dark Web more information and allows for personally targeted scams against us, even though we had no part in this there is no support when we accidentally get caught in their web. 

Every time you see a breach of a high-profile business or government department in Australia you know we are probably on that list of stolen information.

Sunday, May 5, 2024

 Last year, around half (49%) of reported data breaches, including 86% of web application breaches, involved the use of stolen credentials: user names and passwords. In Australia, 1.8 million accounts were breached in the first quarter of 2024 alone. When it comes to secure authentication, there seems to be a lesson we’re not learning.

We know that passwords are vulnerable to being cracked, exposed or stolen and used against us, but many organisations still rely on them for securing access. There are a number of reasons for this — and it is important to remember those reasons when we try to replace or supplement them.

Passwords are convenient. They’re familiar and both users and administrators understand them. They’re easy to implement and require minimal infrastructure and investment. There’s no need for additional hardware and they’re everywhere. Nearly every service and device supports password authentication.

Reducing our reliance on passwords

When considering alternatives to passwords, it’s important to prioritise security, usability and scalability to ensure a seamless and secure authentication experience for users. If you introduce too much complexity and friction, people will find a way around it.

Here are some other types of authentication that can help organisations boost their security without alienating the people they rely on to make it work.

1. Two-factor authentication/multi-factor authentication (2FA/MFA)

These have become the security default for applications. 2FA requires users to provide two forms of identification before gaining access, typically something they know, like a password, and something they have, like a code shared over a mobile device. There’s very little extra time and friction involved. MFA adds additional layers of authentication, such as something the user is (biometrics) or something the user does (behavioural biometrics). In recent years, however, attackers have learned how to breach MFA through targeted phishing or ‘MFA fatigue’ where they bombard the user with sign-in notifications.

2. Single sign-on (SSO)

SSO allows users to access multiple applications with a single set of login credentials, reducing the need for multiple passwords and simplifying the user experience. This is very effective for internal business applications, but it can be time-intensive to set up and connect. SSO can also be risky if applied to wider internet activity and access is gained using the credentials for popular online services such as Google, Facebook, Apple, Yahoo and Microsoft. Although this makes signing on very simple, if an account with one of these services is compromised, the attackers can access any service which has used that account for single sign-on. Further, data is often shared between services and users may not always be aware of this.

3. Biometric authentication

This includes methods such as fingerprint recognition, facial recognition, iris scanning and voice recognition. Behavioural biometrics uses how a person walks, types or handles a device. The advantages of biometric authentication are that it provides a high level of security and user convenience. Many people may be familiar with biometrics because multiple consumer devices already feature biometric authentication capabilities. This can make it easier to deploy the technology in a business setting.

A biometric authentication experience is often quick and smooth because it doesn’t require a user to recall a password or security question/answer. However, not every device can handle biometric authentication and it can be expensive to implement the required technology. Employees also need to be comfortable sharing their biometric data with their employer.

4. Hardware tokens

These physical devices generate one-time, often time-limited codes or cryptographic keys for authentication, adding an extra layer of security. An attacker would need physical access to the token and also know the user’s credentials to infiltrate the account. However, while you can reset a forgotten password, lost hardware is still lost hardware, so the IT team needs to have a backup plan.

5. Certificate-based authentication

These are digital certificates issued by a certificate authority and public key cryptography to verify user identity. The certificate stores identification information and the public key, while the user has the private key stored virtually. It’s a good authentication option for companies that employ contractors who need temporary network access. However, it can be expensive and time-consuming to implement.

Last but not least, there is a dynamic approach known as risk-based authentication. This method assesses the risk associated with a login attempt based on various factors such as user behaviour, location and device information, and adjusts the authentication requirements accordingly.

The takeaway

The focus for secure access needs to shift from just eliminating passwords towards eliminating the need for passwords.

Passwordless access methods aim to achieve this by relying on alternative or supplementary authentication methods that are more secure and user-friendly — such as those listed above — often as part of a broader zero trust access approach. Both passwordless access and zero trust help to strengthen security and improve the user experience in today’s evolving threat landscape. Together they may finally break our emotional and enduring bond with passwords.


https://www.technologydecisions.com.au/


 It's been a long time and I thought an update was due, I will post as I find current issues affecting Australians and workarounds.


Safeguarding Your Digital Fortress: Essential Cybersecurity Practices 

In today's interconnected world, where the digital realm permeates nearly every aspect of our lives, cybersecurity has become more critical than ever. With the constant evolution of technology, cyber threats continue to proliferate, posing significant risks to individuals, businesses, and even nations. To safeguard your digital fortress against these ever-looming dangers, adopting robust cybersecurity practices is imperative. Let's delve into some essential strategies to fortify your online defenses.

 

1. **Stay Vigilant Against Phishing Attacks:**

   Phishing remains one of the most prevalent cyber threats, wherein attackers masquerade as legitimate entities to deceive users into disclosing sensitive information. Exercise caution when opening emails, especially those requesting personal or financial data. Be wary of suspicious links or attachments and verify the authenticity of senders before divulging any information.

 

2. **Keep Software Updated:**

   Software vulnerabilities serve as entry points for cybercriminals to infiltrate systems. Ensure all your software, including operating systems, applications, and antivirus programs, are regularly updated with the latest security patches. By staying current with software updates, you close off potential avenues for exploitation, bolstering your defenses against emerging threats.

 

3. **Implement Strong Password Practices:**

   Passwords serve as the first line of defense against unauthorized access to your accounts. Adopting strong password practices, such as using complex combinations of letters, numbers, and symbols, can significantly enhance security. Consider employing password managers to generate and securely store unique passwords for each account, mitigating the risks associated with password reuse.

 

4. **Enable Multi-Factor Authentication (MFA):**

   Multi-factor authentication provides an additional layer of security by requiring users to provide multiple forms of verification before granting access. Whether through SMS codes, biometric authentication, or authenticator apps, MFA fortifies your accounts against unauthorized access, even in the event of compromised passwords.

 

5. **Backup Data Regularly:**

   Data loss can occur due to various reasons, including cyberattacks, hardware failures, or human error. Implementing regular data backups ensures that critical information remains accessible even in the face of unforeseen circumstances. Utilize both onsite and offsite backup solutions to safeguard against data loss and facilitate swift recovery in the event of a breach.

 

6. **Educate and Train Personnel:**

   Human error remains a significant contributor to cybersecurity breaches. Educating employees about cybersecurity best practices and conducting regular training sessions can empower them to recognize and respond effectively to potential threats. Instill a culture of security awareness within your organization to foster a collective commitment to cybersecurity excellence.

 

7. **Conduct Routine Security Assessments:**

   Regular security assessments and audits are essential for evaluating the effectiveness of your cybersecurity measures and identifying any vulnerabilities that may exist within your systems. Engage in proactive monitoring, intrusion detection, and vulnerability scanning to detect and mitigate threats before they escalate into full-fledged attacks.

 

8. **Stay Informed About Emerging Threats:**

   Cyber threats are constantly evolving, requiring a proactive approach to stay ahead of malicious actors. Stay abreast of the latest cybersecurity trends, threat intelligence, and advisories from reputable sources. By remaining informed, you can adapt your security strategies to effectively counter emerging threats and minimize potential risks.

________________________________ 

In conclusion, safeguarding your digital fortress requires a multifaceted approach encompassing proactive measures, robust defenses, and ongoing vigilance. By implementing these essential cybersecurity practices, you can bolster your online defenses and mitigate the risks posed by an increasingly hostile digital landscape. Remember, in the realm of cybersecurity, diligence is the key to resilience. Stay vigilant, stay secure.

Wednesday, May 14, 2014

More information on the Crypto Locker

From readwrite.com  

So you’re happily working on your Windows computer, getting stuff done. Little do you know, your personal files are rapidly being encrypted so that you can’t access them.
Suddenly, an alert appears on the screen—you have 96 hours (or four days) to pay $300 or lose all your encrypted personal files forever. A countdown is already ticking on your screen.
This is CryptoLocker, the latest and most damaging Windows virus in a series of recent ransomware Trojans. The relatively large amount of money it demands, combined with the tight deadline, make it far more aggressive than other similar viruses.
And unfortunately for us, it’s spreading more rapidly than any of its contemporaries.
You’d think it would be simple to track down the perpetrators given that they're taking a ransom, but it’s not that simple. Since CryptoLocker demands payment through MoneyPak or Bitcoin, both of which harness private, decentralized fund-exchange networks, it’s much more difficult to follow the money. Until the good guys are able to track down the bad, the best thing you can do is stay informed. I spoke to Corey Nachreiner, director of security strategy at Watchguard Security, about what you need to know. 

Preventing An Infection
Nachreiner said that CryptoLocker is especially dangerous because of its infection rate. "I can tell you anecdotally, we’ve seen many client and customer queries for it," he said. "I haven’t seen this amount of customer based questions in quite a long time."
According to the US Computer Emergency Readiness Team, it spreads through an email that appears to be a tracking notification from UPS or FedEx, though some victims said they got infected on the tail end of wiping out a previous botnet infection. And in case it wasn’t clear, you don’t need to be in the US to become infected.
Nachreiner said that it’s more than opening the email that spreads the virus. You need to open the email and actually download the zip file inside it. Hiding inside that zip file is a double-extension file such as *.pdf.exe. The .exe file lets CryptoLocker run on your computer, while the innocuous .pdf extension hides the file’s true function.
While it’s hard to imagine savvy computer users falling for such a ploy, Nachreiner said this time of year makes us all more fallible. There’s a reason CryptoLocker first surfaced in September 2013, and not earlier in the year.
“This lure is far more common for the holiday shopping season,” he said. “As people are doing more shopping online, they’ll be more likely not to suspect emails about packages. My guess is we’ll also see CryptoLocker mimicking emails from Amazon and other shopping sites, too.”
So far the virus has been infecting PCs running Windows 7, Vista, or XP, but Nachreiner said that doesn’t mean it won’t eventually infect PCs running Windows 8, or even Macs. 
So what should you do? Run your antivirus software, though Nachreiner warns that it’s “not a silver bullet.” Make sure you keep regular and recent backups of all your files. This goes double if you’re a business that shares a drive or folder across multiple computers, since CryptoLocker is known to target shared files for encryption first.
Some good Samaritans have also developed free tools that shut down CryptoLocker before it starts. One is called CryptoPrevent, and it stops your computer from downloading double-extension files. 

Eradicating An Infection
It’s all well and good to prepare, but what if you already are infected? Despite the virus’s warning not to “disconnect from the Internet or turn off the computer,” this is exactly the first order of damage control.
“You’ve got to realize these guys are criminals and they lie,” said Nachreiner. “The only thing turning off your computer does is keep the virus from continuing to infect.”
In fact, unplugging your computer may save some of your files, if the virus is still in the process of infecting them. 
Next, you need to figure out what damage has been done. Which files have you lost? Do you have backups of these files? If you don’t have backups, have you checked Windows’ System Restore files, which sometimes automatically back up the computer for you?
If you can help it, Nachreiner highly recommends not giving in to extortion. 
“You should never pay these guys ransom,” he said. “It’s just going to encourage malware authors to create similar viruses.”
If you do have a backup, it’s time to wipe your computer of the virus. Fortunately for you, said Nachreiner, just about every antivirus vendor has a CryptoLocker cleanup tool. Work with your regular antivirus software, or follow a tutorial. Nachreiner suggests the FAQ at Bleeping Computer, which he links in his own blog post.
Restore your backup, and you should be set. Just don’t click on any more dodgy emails.

Does Paying Ransom Work?
Say that for whatever reason you don’t have a backup and do want to pay the ransom. The criminals behind CryptoLocker make it very easy to do.
“Even if you haven’t made your payment before the deadline, they’ll still let you pay. Only this time, instead of 2 BTC ($300), it’ll be 20 BTC,” Nachreiner said.
Since victims have reported that paying the ransom does work, this is your best hope for getting the encrypted files back. There’s no way to track the criminals through the decentralized currency they’re accepting payment through, and their encryption methods are simply too strong to unlock without a decryption key.
“Whether these guys will be caught is not a sure deal,” said Nachreiner. “And whether they still have all the private keys when they’re caught is not a sure deal, either. Cracking these encryptions is not something that’s going to happen in the near future, even if we do catch them.”
With no way to prevent CryptoLocker in sight, the most important thing, said Nachreiner, is to make sure people know about the virus before they get infected.
“Awareness is the first step,” he said. “Make sure your employees, or your family, know this virus is out there.”
Read More:

Encryption Locker - this would be the most serious threat to computer user data - not to be taken lightly.



Due to Encryption Virus ramping up again with increased ransom for file release ($5000.00 US) I have been looking a ways to prevent total loss of data for users.
First to explain how the virus works and how data on the computer is not recoverable so the only option is to pay ransom or have backups that have encrypted username / password to separate of any usernames / passwords that could be stored on the computer.


One of the comments from the Web

1. Cryptolocker works so well because it makes perfect use of a technology we already have: encryption with perfect forward secrecy. Here's how Cryptolocker works in a single sentence. Unlike previous ransomware, Cryptolocker generates a unique crypto-key (password), uses the date and time to connect to a constantly changing set of Web sites to store that unique key, encrypts your files with the crypto-key, tells the Web site when it is done with its encryption, and deletes your computer's local copy of the crypto-key.
3. No anti-virus software will ever prevent you from installing software. They may warn you, but will never completely stop you.
The real way to beat this attack is an incrementally cycling backup which not only backs up files, but also makes version-specific backups of those files on a regular basis.
ALSO
Since Cryptolocker uses the date and time of infection to store the crypto-key, business who use OpenDNS' Umbrella service are virtually immune to Cryptolocker because it won't begin encrypting your files until it has successfully stored the crypto-key on a randomly generated Web site. They're out to make money, not destroy data. Since DNS is the way a computer resolves a Web site, when a new crypto-key site is created, OpenDNS is the service used to resolve that domain name. For example, google.com gets looked up by DNS to tell your browser Google's IP address. The same is true for Cryptolocker.
So what's the difference you ask? With Open DNS's Umbrella service for businesses, all the Web sites looked up by your business are looked up through OpenDNS which logs them and can very quickly prevent connections to bad, Cryptolocker sites.

They also mention that Cryptolocker affects mostly English-speaking countries, with all of the currently seen distribution e-mails (with Cryptolocker attached) are written in English.
In addition, 79 percent of the infections were located in the U.S. alone. Again, the latest news from the U.K. might change that number but it does support the English-speaking targets statistic.
Finally, they make note that distribution of Cryptolocker by other malware as well, such as ZBot, a widely used and spammed banker trojan. Their data is very interesting and well worth the read.
As a countermeasure, they of course reference backups but also recommend using Windows System Restore and even Skydrive for Windows 8.1.

So, if you are wondering when you are going to STOP hearing about Cryptolocker, the answer is probably not for a very long time. As I mention in the soon-to-be-published Malwarebytes 2013 Threat Report, Cryptolocker is only the beginning of this style of ransomware.
As we have seen a great reduction in the “FBI” style Ransomware, this new method, which made a  huge blow to the security community, will most likely become the new standard for 2014.
So, while you might not be hearing about new Cryptolocker infections six months from now, you will most certainly be hearing about malware that was developed with Cryptolocker in mind.
At the end of the day, users are going to have to be more proactive and take the security of their own documents and images much more seriously.

Backups, updates and protection for your operating system is a requirement and will continue to be so as we move into the next year.

================================

 The Managed Online Backup offered by RLE Computers stores each revision of the files for 28 days. This means that for each backup that takes place, we will store a copy of each for 28 days allowing you pick and choose from which date the files restored. The reason this works so effectively is due to the fact that the backup cannot be deleted from the users computer it can only be deleted by us, therefore removing the backup from the users computer only stops the encrypted virus from being stored offsite.

An example scenario would be if you had been backing up since the 13th of May and the machine were to become infected on the 23rd of May and discovered this on the 24th after a backup had taken place, you can then choose a date from the 13th-23rd to restore the backup from, selecting a time before the device became infected to restore a copy of the files that are not encrypted.