Arts IT Savvy

Just followed the simple, and comprehensive instructions on the ITS website for connecting the iPhone to the Monash Wireless network.  Worked beautifully. Straight forward, clear steps and screenshots.

Then tried the instructions for email, and specifically (as ArtsIT are now on Lotus Notes) those instructions. Hmm – not so good.  The syntax for the mail cluster is wrong, and the instructions didn’t result in email anyway.  Strangely, the settings for my pre-lotus notes days were still in my profile on the phone (ie using mail.monash.edu.au) actually worked, even though they probably shouldn’t have, and others have managed to crash the entire (new) mail server by using them, so didn’t want to cause that (and thus trying to get the Lotus Notes settings working).

Am investigating further, and will hopefully have a result soon.  It must be pretty close, given that I was able to access the email through the incorrect channel!

Update – problem seems to be that I had settings from pre-Lotus Notes days.  Deleting that account completely and redoing the settings from scratch got mail working.  However, we are there now, and seem to be all up and running.  Even so, the mail instructions did assume a higher level of familiarity with the device (and where the mail settings are found).  Still, not a problem for the majority of users (so long as the syntax is corrected (has been mentioned to ITS)).

According to Sophos, currently only email in 28 is legitimate.

So the next “unbelievable” offer, request for your account confirmation, “I really want to meet you”, “I have funds I need to get out of the country” etc etc email you get in your inbox, you might want to think twice (or more) before blindly acting upon it.

Thank goodness for spam filtering, but even so, a number always gets through, and potentially, these are the smarter ones that you really need to watch out for, as they may pose as something quite legitimate.

That isn’t to say you should stop reading emails, but like ‘they’ say: “don’t believe everything you see on TV”

If you have received any emails like the following, do yourself a massive favour, and delete them immediately.  There is nothing legitimate about the news item, or especially the included links, and by clicking on any of the links (including the unsubscribe one), you are inviting all manner of evils into your computer.  Our security officer will expand on this in the near future, but in the meantime – be careful out there!

(I don’t remember ever signing up to msnbc.com – did you?  So why would an unsolicited email from them be legitimate?  Apply this same thought process to all emails because it is a minefield, and you only have to step in the wrong place once.)

Email content to follow:

msnbc.com: BREAKING NEWS: Early Morning Coffee Conversation Entices Normally Flavorless Office Staff

Find out more at http://breakingnews.msnbc.com
======================================================
See the top news of the day at MSNBC.com, and the latest from Today Show and NBC Nightly News.

=========================================
This e-mail is never sent unsolicited. You have received this MSNBC Breaking News Newsletter
newsletter because you subscribed to it or, someone forwarded it to you.

To remove yourself from the list (or to add yourself to the list if this
message was forwarded to you) simply go to

http://www.msnbc.msn.com/id/32951920, select unsubscribe, enter the
email address receiving this message, and click the Go button.

Microsoft Corporation – One Microsoft Way – Redmond, WA 98052
MSN PRIVACY STATEMENT
http://privacy.msn.com (http://privacy.msn.com/>)

When it comes down to it, the number of legitimate emails in the world are vastly outnumbered by the illegitimate ones. There are the spam ones, the phishing ones, and a small (but annoying) collection that are simply deliberate hoaxes, which may or may not have been sent with any specific malice, but still cause the less naive to question the legitimacy of any email received (particularly those that are forwarded on), and the more naive to simply believe everything that floods into their inbox.

I have no reason to specifically trust any of the “anti-hoax” websites either – what if one (or more) of those had been set up to legitimise hoax emails, or cast doubt on legitimate ones?

However, in saying that, I still find it useful to check a few when I receive a hoax email, to get an idea of its true source, and age. Many of these emails have been around for years, perhaps occasionally receiving a bit of a dust-off and a new coat of paint.

Hoax-Slayer is one such site. I don’t know its legitimacy, but it seems at first glance to be legitimately targetted. I’m sure there are many others.

This arrived in my inbox the other day, and is a perfect example of a phishing attempt (phishing – setting out a lure / bait and hoping someone bites (and sends in personal information – passwords, credit card numbers etc)).

Subject: Global Email Alert
From: Monash Helpdesk<helpdesk@monash.edu.au>
Reply to: monashhelpdesk@live.com

Dear Monash User,

We wrote to you on 18th July 2008 advising that you change the password on your account in order to prevent any unauthorized account access following the network intrusion we previously communicated.

we have found the vulnerability that caused this issue, and have instigated a system wide security audit to improve and enhance our current security, in order to continue using our services you are require to update you account details below.

To complete your account verification, you must reply to this email immediately and enter your current account details below.

First Name:(*************)
User name: (**************)
Password: (**************)
Re-confirmed Password:(***********)

Failure to do this will immediately render your account de-activated from our database.

We apologise for the inconvenience that this will cause you during this period. We hope you understand that our primary concern is for our customers and there security.

Monash Help Desk

There are a number of subtle clues as to why this is not genuine – see how many you can find, and also just think – if you got this in your inbox, would you have picked it at first glance or not?

If you even vaguely suspect that something is an attempt to elicit personal information, DON’T RESPOND. Contact the ArtsIT Helpdesk to get clarification. You may be asked to forward the email to Anthony Richardson (Arts Security & Risk Manager), ArtsIT who will update the Monash IT Security Systems to address the threat.

As a general observation, there is still a large threat from viruses, but phishing is something that can burn you so much worse than just wrecking your computer, loosing files etc. What was that terrorist thing?
“Be alert but not alarmed”. Phishing is bad news – be careful out there.

I’m increasingly of the opinion that a world-wide petition should be started to have the “Reply-All” button in email clients (such as Outlook, Thunderbird etc) removed, or at least buried to make it difficult to use by accident.

After receiving yet another couple of emails from lists that I am on where someone has mindlessly “Reply-All‘ed” to everyone, rather than just directly to the person they wanted to email (and attached personal information (one of these days someone is going to provide the world with their credit card or banking details – I’m sure of it)) I have come to the conclusion that people should not have access to the “Reply All” button.