Bizarre Network Solutions Spam (Updated)
I received a very strange e-mail this morning from Network Solutions:
It had all of the hallmarks of a phishing scam. Scary language about an account being canceled and domains being suspended. No indication of which actual domains are in question. (It wouldn’t matter — I don’t have any domains registered with Network Solutions.) Bogus “From: donotreply@..” e-mail address.
BUT — the link to click on actually went to a Network Solutions domain: “http://whoisaccuracy-portal.networksolutions.com/…” (Link shortened for brevity.) This is no guarantee of anything. In combination with a DNS poisoning attack it could still lead you to a phishing or drive-by attack site.
I went through the trouble of calling Network Solutions at their main support number of 800-333-7680 obtained from their web site. After wasting 20 minutes and going up to second-level support I got confirmation that this is in fact a real e-mail from Network Solutions.
This is strictly bush league. The message was not signed using S/MIME. The link is not an https link. Network Solutions screwed up big time. This is going to waste tens of thousands of man-hours as people try to figure out what the heck is going on.
My recommendation: if you get one of these, call Network Solutions at 800-333-7680 to confirm the e-mail. Drive up their costs for wasting your time and money. Maybe next time they’ll figure out how to do this the right way.
Update: now the real bad guys are piling on to this. I just got this real phishing e-mail:
By the way, the real waste of time isn't in figuring out the problem. It's the 10% or 20% of people who miss the message due to spam filtering or just dismissing it as spam, but end up with suspended domains as a result. I bet it takes someone four to eight hours of work to clean up the mess if they miss the e-mail.
Mac User Group Membership Database
I developed a very simple Filemaker Pro database to help keep track of attendance at a Mac user group that I'm involved with, the National Capitol Apple Mac User Group. I'm releasing it open source as an aid to any other user groups that may be able to make use of it.
Introduction to Digital Certificate File Types
Here's a short introduction to the different types of files that you might encounter when dealing with digital certificates. Did you ever want to understand PEM vs DER encodings? .cer vs. .p12? This article covers the different types of files, what they're used for, and where you might encounter them.
Slides and Followup Article from MacIT 2013
Do Not Use PPTP VPNs
PPTP VPNs were known to be cryptographically weak, but Moxie Marlinspike has just announced a tool called ChapCrack that can recover the underlying password from a PPTP session negotiation. As of now, do not use a PPTP VPN. Instead, use a L2TP/IPSec or SSL VPN.
About the Company
ps Enable, Inc., provides computer consulting services centering on Mac OS X and Mac OS X Server, with real-world experience in systems integration, security, and web presence. It emphasizes integrating computer systems into an organization's business workflow rather than just having them as an adjunct.
ps Enable, Inc., has the knowledge to facilitate every phase of an organization's information technology project, from business needs analysis, to design and implementation, to end-user training and maintenance. In each phase, ps Enable, Inc., can provide both in-depth technical knowledge as well as project management skills that result in the maximum capability for the customer.
ps Enable, Inc., offers in-depth expertise in a variety of fields:
- Mac OS X and Mac OS X Server, including Active Directory integration, Mac-based directory services network design and deployment, and XServe RAID/Xsan storage area networks.
- Network security, including firewall and network security design and integration, e-mail filtering and analysis, and intrusion detection systems.
- Development of custom applications based on WebObjects, AJAX, Cocoa, and Filemaker Pro.
- Website infrastructure development based on the Plone content management system.