A simple way of determining if an email is a phishing attempt is to move your mouse over the link(s) in it to see if they match what is on your screen. For example, if you get an email from Apple that says:
Use this link https://applid.apple.com to verify your account
You might move your mouse over the URL and see that the link is to company https://phishingRUs.com/ or something else.
But what if the URL is a URL shortening site, like http://bit.ly or http://dlvr.it/?
My advice: assume it is a phishing attack. It could be the real company, but most large organizations will not do this. (And if they do, they need to at least be explicit about it in the URL).
My general advice: if you are not sure or uncomfortable, assume it is spam or phishing and delete it.
I highly highly recommend this: NYT Programs – Secure Your Digital Life in 7 (Easy) Days
You can never do enough to security your information technology, but the more you do, the better off you are.
And you can get it here: blm849/supersimplehardening: A super simple way to harden your server.
I create a lot of Ubuntu test servers, and I find that as soon as I create a Ubuntu server on a cloud environment, it gets immediately attacked by automated software. This is obviously a concern. A bigger concern is that when I went searching for recommendations on how to harden such a server, I found a wide variety of recommendations! It can be hard to know what to do. Still, I needed something. As a result, I created this package of scripts. The scripts do a number of things:
- prevent direct root login to your server via ssh. This was one of the things I saw consistently happen and once someone cracks the root access on your machine, it’s game over.
- stop some basic security holes, like IP spoofing
- download some useful software, like logwatch, ufw and others
- upgrade all software on the server
This is just a very very limited number of things to prevent attacks. But it is better than nothing.
If you install Apache, PHP, MySQL or other software on your machine, there are even more attacks that will be launched against it. I recommend you get a firewall up and running and at least run logwatch on a regular basis to look for potential attacks being launched against you.
Finally, if it is important for you to secure your server, don’t stop with my scripts. Go out and consult with IT security specialists right away.
…Then you want to go here and download and install the appropriate software for your Windows system: Security Essentials Download.
According to this, Microsoft has upgraded it’s security software to prevent similar attacks. That’s good. What’s not good is that you can be certain there will be a wave of copycat attacks coming. Get the software and install it today.
Of course you do: everyone does. Therefore check this out: Tools for a Safer PC — Krebs on Security.
Posted in IT
Tagged IT, Krebs, PC, security, tools