NATO ministers meet last week and discussed improving their cybersecurity. A bad sign for their current handling of cybersecurity is the website of NATO’s Allied Command Transformation, which is running an outdated and unsupported version of Joomla:
Security updates for Joomla 1.5 ended in September of 2012, so the website should have been migrated to a supported version of Joomla – currently versions 2.5 and 3.1 – some time ago .
Keeping the software powering a website up to date is a basic measure needed to be taken to keep it secure and it is relativity easy in comparison to what NATO needs to do to fully secure all of their systems.
It might be reasonable to cut NATO some slack on their failure to keep up to date considering that Joomla is still running Joomla 1.5 on a number of their websites:
The dismal situation in Syria has gained considerable sympathy in the rest of the world. Unfortunately, playing on our emotions is a typical strategy of cybercriminals. Today I received an email calling for donations to be made to the United Nations High Commissioner for Refugees (UNHCR) to help Syrian refugees.
This mail appeared very professional and quite plausible. When I clicked on “donate now,” I arrived at a well-formatted donation page. However, my curiosity also made me directly visit the UNHCR site. And there I discovered a similar page. Both are shown here:
Can you choose the real one from the rip-off? I can’t be sure, unless we look at the URLs and choose HTTPS.
After the Haitian earthquake in 2010, the FBI reminded Internet users to apply a critical eye before responding to charity requests. Since then, such scams have flourished. We saw an updated wave after the recent tornadoes in Oklahoma. McAfee Labs will repeat some useful advice:
- Do not respond to any unsolicited (spam) emails, including clicking links contained within those messages, because they may contain computer viruses.
- Be skeptical of individuals representing themselves as surviving victims or officials asking for donations via email or social networking sites.
- Beware of organizations with copycat names similar to but not exactly the same as those of reputable charities.
- Rather than following a purported link to a website, verify the existence and legitimacy of nonprofit organizations by using various Internet-based resources.
- Be cautious of emails that claim to show pictures of the disaster areas in attached files, because the files may contain viruses. Open attachments only from known senders.
- To ensure that contributions are received and used for their intended purposes, make donations directly to known organizations rather than relying on others to make donations on your behalf.
- Do not be pressured into making contributions; reputable charities do not use coercive tactics.
- Be aware with whom you are dealing with when providing your personal and financial information. Do not give your personal or financial information to anyone who solicits contributions. Providing such information may compromise your identity and make you vulnerable to identity theft.
- Avoid cash donations if possible. Pay by debit or credit card, or write a check directly to the charity. Do not make checks payable to individuals.
- Legitimate charities do not normally solicit donations via money transfer services.
- Most legitimate charities maintain websites ending in .org rather than .com.