Category Archives : Proclamation of Doom


Anatomy of a phishing attempt

This morning, I received an e-mail which the various spam/mail filters managed to miss.  With only a passing glance, I recognised this as a phishing attempt, and nearly gave it no further thought.  However, being on an iPhone, the “from” address field had been truncated (to appear as “AppleStore@apple.e…”:

photo

After a quick think, I decided that this would be worth a bit of a write up – for those who might potentially get caught out by this kind of thing.  I forwarded the e-mail to a GMail account, so I could get a better view of the whole e-mail:

mail

Which brings us to…

Anatomy of a phishing attempt

Why don’t we have a look at this particular e-mail and decide why you shouldn’t fall for it?  Let’s do it by the numbers:

1. Sender address

Although you can’t see it by default on an iPhone, the full address of the sender is listed as  AppleStore@apple.email.customers.11.com.au”. 

Note how it doesn’t originate from an “@apple.com” domain?  Anything official will likely come from an apple domain or sub domain (like @customers.apple.com).  The important part are the words to the far right – immediately prior to the domain extension (.com, .net, .org etc.).

Note that some phishing attempts can appear to come from legitimate sender addresses, so this alone shouldn’t be replied upon.

2. Subject line

The e-mail’s subject line is: “Billing Information Update !” notice the extra exclamation point at the end?  Nearly always, official corporate e-mail will omit any superfluous punctuation marks, like this.

3. Introduction

Although not always a rule, an e-mail like this would usually be personalized.  In this case “Dear Apple Customer” is vague and impersonal.  If they have access to your account details, they’ll known your first and last name, not just your e-mail address.

4. Body text (A)

You might not be a scholar of the English language, but this e-mail ought to feel disjointed, from a grammatical point of view.  Official corporate e-mails have almost certainly been reviewed by a legal team and would very rarely contain any broken or inaccurate English.

“It has come to our attention that your account Billing Information records are out of date.

That requires you to update your Billing Information.”

The second “floating” sentence isn’t correct, another indicator of a phishing attempt.  The e-mail also isn’t formatted with Apple’s corporate colour, style or logo which may or may not mean something.

5. Body Text (B)

Given customers are a good source of income, it is HIGHLY unlikely that anyone is going to close a customer’s account due to stale data. 

Thus the claim “Failure to update your records will result in account termination.” is almost certainly a bogus threat, aimed to alarm the reader into swift (and unwise) action.

6. The Links

The links in the e-mail do not go to an official domain name.  This is another key aspect, enticing users to another website which may even look exactly like the real website, but is built to capture your sensitive information, such as your account and password. 

Don’t trust links in these emails (even if they look legitimate), go to the official website yourself if you want to verify your account information, or get in touch with the company in question.

7. The Footer

Most legitimate corporate e-mail (as well as official Government e-mails) usually contain footer text with legal disclaimers.  In this case:

    Forget your password? Click here If you have any questions about our privacy policy, click here to contact our customer service center. We hope you found this message to be useful. However, if you’d rather not receive future e-mails of this sort from DHgate.com, unsubscribe here. Please note that product prices and availability are subject to change. Prices and availability were accurate at the time this newsletter was sent; however, they may differ from those you see when you visit AppleStore. Copyright Notice © 2004 – 2013 Apple All rights reserved.

The links, again, do not go to legitimate domains, and in fact the “unsubscribe” link even references someone else’s e-mail address.  Classic.  There’s even a mention of “DHgate.com” which has nothing to do with Apple, it looks like they skimmed the footer of a newsletter!.

Summary

Applying a small amount of cynicism when receiving alarming emails will help you avoid being the victim of phishing attempts.  Always ask yourself if you trust the source of the email and whether or not the email appears to be legitimate.

This was a very poor phishing attempt, there are others which are more sophisticated, but all of which would not pass the validation I’ve listed here.

Warning Signs

If it doesn’t display well (like on an iPhone) forward the message to another e-mail account and take a look on a larger screen. 

Worst case scenario, get in touch with the company in question using their official website or contact phone numbers.

Please pass this along to any friends or family who you think could benefit from these tips.  Together we can defeat scammers and phishing attempts.


Comparing Australian Broadband Blueprints

indexOn Tuesday, Australia’s Liberal and National parties (“the Coalition” – in opposition to the governing party) released their alternative policy for the National Broadband Network (NBN) which was created by the current majority party, the Labor government.

Their plan is to deliver a broadband solution to the Australian public sooner, and with a much lower price tag – but with some compromises.  What is at stake here is the nature of the compromises, and whether or not there is merit to this alternative approach.

Before we get into the details, it’s worth looking at the current NBN plan.  The ambitious project aimed at providing fibre-to-the-home (or fibre-to-the-premises, FTTH/FTTP) which essentially means most homes or premises in the country would be linked via optical cable to an exchange.  I’m not going to go into detail on the finer points – the official NBN website offers some more detail.

The major point of difference between the opposition’s NBN plan and the existing one hinges on replacing FTTH with the rollout of fibre-to-the-node (or fibre-to-the-curb – FTTN/FTTC) instead of FTTH which means that individual premises are joined to a local hub, up to 1 KM from the actual residence or business and using  copper wiring.  You can learn more about fibre at Wikipedia.  The rest of Australia will be connected via wireless or satellite connectivity, and these numbers are roughly the same as Labor’s current plan.

This affects speeds, and introduces a number of restrictions on future expansion as well as incorporating all the existing problems with copper cabling including interference, line faults and so on – not too mention requiring homes (including new ones) to have a copper wire connection.

Debunking some common misconceptions

NBN uses tax-payer funds

The NBNCo is a commercial entity and has borrowed funds from the Federal government, which it must repay.  It will do so, with interest, which means that subscribers to the NBN infrastructure are effectively subscribing to a user-pays model, somewhat like paying a toll on a toll way.  Funds collected are used to repay the debt to the government, and over time this loan amount will be paid off, much like the Harbour Bridge in Sydney – but with 22 million odd users, instead of just those close enough to make use of something in a fixed position, like a bridge or expressway.

The tollway analogy, I think, is an apt way to look at how the country can cover the cost of the network, no matter whether it’s the ideal FTTH option, or the cheaper FTTN one proposed by the Coalition.  In light of this, 30 billion vs. 90 billion seems irrelevant provided the NBN has a clear business model, and that the loan amount required to fund the infrastructure can be repaid in a reasonable timeframe.  For comparison purposes, bear in mind that the Sydney Harbour Bridge (with a fraction of the users) was funded by a loan from the UK in the 1930s, and repaid by the early 1980s.

FTTN is a fair compromise over FTTH

Fibre-to-the-home is considered “future proof” because either end of the connection can be upgraded.  Fibre-to-the-node (or curb) installs a ‘middle man’ (copper connection) which places restrictions on the device used by the subscriber, and also means that there are less options, short of replacing the “last mile” connection with a proper fibre connection.  FTTN also suffers from much lower upload speeds than a FTTH design (see the impact of lower upload speeds below).

Near enough is good enough

I’ve heard this spouted a lot quite recently, inferring that if download speeds only doubled between now and 2016, coming to a theoretic maximum of 30-60mb/s that this would be acceptable and far less costly.  Bearing in mind that due to the copper link in FTTN, most subscribers may not hit those upper speeds.  Furthermore, even if individual subscribers are able to upgrade their connection to fibre (which has been claimed), who wants to pay out of their own pocket for something that is planned for now under the current NBN design?

We’re behind, and trying to catch up

Our infrastructure is aging and flagging a long way behind the rest of the modern world.  The speed and performance targets specified in the Coalition’s plan would bring their version of the NBN into line with what might be viewed as acceptable speeds by today’s standard – by roughly 2019.  The auspicious goal of the Labor NBN would be to accelerate us to a position where we will likely have a world class infrastructure which meets expected performance needs for 2019 by 2019.  Let’s stop playing catch up!

As stated above, as the funds are based on a AAA credit loan, and with a repayment schedule and decent business plan; cost shouldn’t be part of the discussion when it comes to “sticker price”.  So what measuring stick should we use?  Benefit:

Why download speed matters

Putting aside the differences between FTTH and FTTN, why should we sweat differences between 60mb/s and 100mb/s.  Well, aside from the fact that FTTH offers almost no upper restriction (indeed 1gb/s could be possible), we’re building a framework for the future.  Speeds will start to matter in the not too distant future as consumer devices change.  Consider the following:

  • Gaming consoles may become devoid of removable media, meaning to play a game, you’d have to download gigabytes of data using the Internet
    • Look how long it takes to download game updates even today – gigabytes of data which prevents you from playing when you want to!
  • Advances to streaming, means that the future may rely on the Internet for streaming of HD video (who wants to wait ages for the data to cache?)
    • Think how this would affect watching live sporting events!
  • Data requested from outside Australia’s local network can already be slow to route; increased speeds without our own network can improve response times when accessing content from overseas
  • A continuing reliance on “cloud computing” services such as Gmail, Azure Services, Amazon Web Services and so forth require a better and more stable Internet connection.  As we start to consume better quality data, we will increasingly rely on faster download speeds to keep our computing in real time.  This forces us to consume faster and faster connectivity.

There are plenty more examples of why download speeds matter.. I won’t go into more detail because I really want to focus on the flip side of the coin, which few people are discussing.

What you won’t find featuring prominently in the Coalition’s plan are upload speeds.  This is where their design falls down, and many people seem to miss the importance – as it is a major point of difference.  Uploading is often not discussed because it falls outside the common pattern of use cases for fast Internet connectivity, which typically favours content consumption – not content creation.

Why upload speed matters

Content holders don’t have a vested interested in the population having decent upload speeds because user-created content becomes far more viable – and can be transmitted in better quality, e.g. 720p/1080p video.  There are, however, plenty of examples where half way decent upload speeds will be a boon for consumers:

  • HD quality video conferencing
  • Peer-to-peer based content delivery systems (e.g. Windows Update patches, distributed ISOs)
  • Hosting a website or web content on premises
  • Hosting a mail server on premises (think of uploads when sending large attachments)
  • Cloud-based backups of your local content (the initial seeding in particular could take weeks or months!)
  • Affects online multiplayer – lag goes both ways (up/down)
  • Cloud Computing.  A meaningful use of Cloud Computing service offerings is really a two-way street.  If you use a cloud service, like Adobe’s Creative Suite, you’ll be wanting to upload content just as much as downloading it.

This list is simply based of what would be possible using the facilities and resources of today’s technology – who can imagine what the future possibilities could be if the majority of users had fast upload capabilities?  That’s for innovators and technology enthusiasts to chew on.  This brings me to my next point:

Without the right infrastructure, innovation isn’t possible

What we are building is a framework – a base to build further services from.  If the infrastructure we define and build today has limitations, it can severely impact the options we have available in the future.  Of course all designs will have some limitations, the question is what kind of limitations can we live with?

People have been asking for justification for the current FTTH implementation – when compared to FFTN.  Excluding the differences in cost (explained above) the difference comes down to benefit.  Discussing the impact on benefits to consumers is difficult at best, because we can only judge by current standards and current uses – what exists today.  As we are building a national infrastructure within the next 7 years it is hard to anticipate the needs of Australians (and indeed the rest of the world) by 2020.

What should the Coalition do instead?

Assuming that they identify the need to rethink their position, the answer seems fairly obvious, if not a little controversial.  My advice would be to stay with FTTH but to change the scheduling.  For political reasons, it seems that the current NBN roll out targets smaller towns throughout Australia, making the odd mistake of only partially covering major regional centres and large cities in the process.

I’d strongly suggest that “bringing the NBN sooner” could be achieved by implementing it in the major cities and regional centres first (allowing subscribers to start repaying that loan sooner) and giving more remote towns some stop-gap solution in the interim (ADSL2+?).  Surely it must be more cost effective to lay cable, say, in all of Canberra in 6-12-18 months, then to do it piecemeal over 3 years?  With the ACT (putting TransACT to one side for argument’s sake) you’d potentially have 400,000 paying subscribers.

Extending this further, rolling out to Sydney, Melbourne, Brisbane and Perth would reach a large percentage of the population sooner, and start delivering a return on investment which could help pay for the rest of the deployment.  Wireless, satellite and ADSL2+ to exchanges would give those more remote or isolated towns a much needed boost in the interim, until they can join the national network.

The Wrap Up

I hope this has been somewhat beneficial!

I’ve tried to be as consistent as possible in outlining what I feel are the major points of difference between Labor and the Coalition’s blueprints.  For the first time in ages, I fall heavily in support of the current NBN design.

What I’d like to leave you with is the following:

  • The NBN introduces core infrastructure which we will likely be stuck with for the next 20-30 years (meaning: future-proofing is important),
  • Limitations in infrastructure can severely limit the capabilities built on top of it (see: uploading),
  • The Internet is evolving, companies today are building applications of the future,
  • Lastly: we shouldn’t be aiming to create a capability for the future which merely matches the current capability elsewhere