SMH Tech IS Secure!
When Secure is not Safe!
I received one of my regular ‘news’ emails today with a link to the Wordfence Blog; nothing unusual there! The title “‘Secure’ in Chrome Browser Does Not Mean ‘Safe’” caught my eye however, as although I don’t regularly use Chrome, according to GlobalStats over 50% of web users do. A quick click and read highlighted some worrying issue, in that some Certification Authorities have issued SSL certificates (Allowing use of the ‘secure’ HTTPS protocol) to known malicious websites! When the certificates are revoked, the websites are still being shown in the chrome URL Bar as ‘secure’.
© 2017 Feedjit Inc
© 2017 Feedjit Inc
Click to enlarge
More worryingly is a lot of these SSL certificates are interlinked to multiple domains! The chart here shows known Phishing domains with the red links being those domains marked as malicious by Google. Un-marked domains are in green. If you look closer you will see most of these domains are trying to ‘spoof’ either google.com or microsoft.com.
If you want to read the technical detail please visit the Wordfence Blog, and please also educate your friends and family to look closely at website URLs, and not blindly trust the little Green Padlock!
And yes, SMH Technology Solutions website is secure!
How many times you’ve been told; “Don’t leave the user name as the default“, or “change your password“? Well if you have not followed that sage advice prepare for a Hack Attack!
First up I got an email from my website security tool, part of which is below:
A user with IP address 18.104.22.168 has been locked out from the signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 10. The last username they tried to sign in with was: ‘admin’
User IP: 22.214.171.124
User hostname: 126.96.36.199
User location: Nanning, China
I’ve only just started using this particular tool so it was good to see it working, the follow up had a bit more detail about the hack attempt, again an extract is below:
So as you can see, someone has tried to login to my website with the username ‘admin’, and I guess a selection of passwords, or pa55w0rds, or PassWords (you get the idea I’m sure), until my system blocked them out. If I didn’t have this system they may have happily carried on until they cracked it, which as many hackers use user/password combinations available from leaks such as the Sony or Adobe hacks, then it’s another example of why you should not re-use passwords either!
I occasionally use an online CRM service called Relenta, it’s good but perhaps too much for my present basic needs. However it was thanks to their Email newsletter I’m now aware Yahoo and AOL have effectively ended the practice of businesses using Yahoo or AOL accounts with things like eVites and 3rd party services such as Relenta!
These “Domain-based Message Authentication, Reporting & Conformance” (DMARC) changes and related Sender Policy Framework (SPF) checks could be preventing your important marketing and service emails from being delivered!
Of course I would never recommend using a free web mail service for business use when domain based email can be set up for relatively little cost (from SMH Tech anyway). So if you use Yahoo or AOL, or others such as Gmail, Hotmail/Outlook.com et al, I recommend you check your mail is getting through and if your provider is making changes to its DMARC or SPF systems!
Relenta’s Blog posts on the subject are linked here > DMARC and SPF information.
See also DMARC.org for more information
Tagged with: Email
Have you noticed more spam arriving lately? Not a day passes my ISP or installed Security Software tells me it’s blocked/deleted something! Well that’s just the tip of the iceberg if the linked Thawte Phishing Infographic is anything to go by, and whilst a lot of Phishing emails are easily spotted they are getting better so keep on your guard; the last and most valuable line of defence is the person working the computer!