DNS Vulnerabilities and the potential threats

What is DNS?

To reach another person on the Internet you have to type an address into your computer - a name or a number. That address has to be unique so computers know where to find each other. ICANN coordinates these unique identifiers across the world. Without that coordination we wouldn't have one global Internet. When typing a name, that name must be first translated into a number by a system before the connection can be established. That system is called the Domain Name System (DNS) and it translates names like www.icann.org into the numbers – called Internet Protocol (IP) addresses. ICANN coordinates the addressing system to ensure all the addresses are unique. (ICANN "DNSSEC-What is it and why is it important?")

Why should I care?

According to ICANN, vulnerabilities in the DNS discovered recently allow an attacker to hijack this process of looking some one up or looking a site up on the Internet using their name. The purpose of the attack is to take control of the session to, for example, send the user to the hijacker's own deceptive web site for account and password collection. Recent posts from various members of the ICT Community Forum on Facebook led me to think that there is a possibility of this happening to company websites. It seems PNG government websites are the prime targets.

Some websites that have been reported on this ICT Community Forum with connectivity issues;

• www.pm.gov.pg
• www.pmnec.gov.pg
• wss.finance.gov.pg
• www.ipa.gov.pg 

Captive portal software

I was doing some research on the different types of captive portal software available and here is a list of open source captive portal software as well as a few closed source (paid) software. A few of these software also have additional network access control features apart from just simple redirects. I hope to maintain this list and update it in the future when new software or products become available. 

An example of a captive portal from Sophos

What is a captive portal software? In short it is a web page which is displayed to newly connected users before they are granted broader access to network resources.

Captive portals are commonly used to present a landing or log-in page which may require authentication, payment, acceptance of EULA/accepted use policies, or other valid credentials that both the host and user agree to adhere by.

Using MailMerge to send progressive results to students

In my almost five years of teaching, I have been using this method of keeping my classes updated of their progressive results every semester. We have only started using Moodle Gradebook two years ago (well at least for me) but I still find myself having to resort back to this method of updating my classes of their progressive results.

If you are like me, wanting to make the most of what basic tools like your MS Word, Excel and Outlook can offer then this post is for you. (I am assuming you are using a Windows OS with MS Office installed already) In this post, I go through step by step on how I create a grade book for my class and send the results to their emails using a method called MailMerge.

There are two things that we need to do;

• Task 1: Creating a grade book in MS Excel
• Task 2: Using MS Word to create a standard template for the mail merge ready to send the results from the Excel grade book.

Task 1 Creating a grade book in MS Excel

For this tutorial we will just use dummy test results, names and emails.

Step 1 Open a blank Excel file. Create seven columns and put in the column headings as First_name, Second_name, Email_add, Test1, Test2, Test3, Total

Step 2 Add at least three to four records of dummy details. One email can be your own email or a second email you use. This will be an email which you will use to verify that your mail merge is successful and you are sure that students will receive the assessment report. Here is a sample of my gradebook. Make sure to save the Excel file somewhere.

Gradebook in Excel

You will notice here that all the emails here are real emails except for the last one. This is so that I can demonstrate at the end that the mail merge was successful and I posing as a student have received the report.

ICANN63 Fellowship Application Round Now Open

ICANN63 Fellowship Application Round Now Open: LOS ANGELES – 20 March 2018 - The Internet Corporation for Assigned Names and Numbers (lCANN) is launching the application round for individuals interested in participating in the ICANN63 Public...

Safe Exam Browser Tutorial

 Information Systems Department

Safe Exam Browser Tutorial By Picky Airi

Safe Exam Browser is a web browser-environment to carry out online exams safely. The software changes any computer into a secure workstation. It regulates the access to any utilities like system functions, other websites and applications and prevents unauthorized resources being

used during an exam.

Some of your Moodle Course Quizzes and Exams may require the use of Safe Exam Browser.

You will need to download Safe Exam before taking these Quizzes or Exams. Please follow the

instructions below.  

Is my email address leaked?

A recent alert released at the end of August by the Australian Government's Stay Smart Online reported 12.5 million Australian email accounts were leaked online. The email addresses of 711 million people have been published online, and include those of 12.5 million Australians.

The personal data has been dumped on a server called Onliner Spambot, which since 2016 has been used to spread malware to steal banking details, and infect people’s computers so they send out viruses and spam (unwanted emails).

The full report can be read here. The article on this site also suggest necessary steps that can be taken should one find out if there email address has been leaked.

How to find out if your email is leaked
The report also suggested that if you want to find out whether your email has been leaked or not you can check out this site HAVEIBEENPAWNED.

Since I use several email addresses I was keen to find out. I have three different GMAIL accounts so I fed each of the address one by one into the Pawned site.

I was surprised to find out that one of my gmail address was pawned on 1 breached site.

The breached site happened to be Edmodo (an education platform) which was hacked in May 2017 resulting in the exposure of 77 million records comprised of over 43 million unique customer email address.

I had to change my password immediately.

It appears LinkedIn is among the sites who's security has been compromised.

What do I do after I find that my email is leaked?
 This same report lists some very important steps that need to be taken should your email happen to be leaked, ways to protect yourself and what to do if your identity is stolen.

Restoration: When does it begin?

The following is a sermon I prepared to share with the United Church Madang Congregation on Sunday 27th August, 2017.  

Sermon: “Restoration: When does it begin?”

By Picky Airi

Bible Reading:

·         OT Ruth 1:1-22

·         NT Titus 3:4-7

What is restoration?

(Merriam-Webster dictionary):  an act of restoring or the condition of being restored: such as:  a bringing back to a former position or condition.

Restoration is required only when something has left its former position/condition and has gone into a state where it was not supposed to be (and this could be due to several factors).

Let us look at the story of Ruth in Ruth 1:1-22

Setting of story

(Ruth 1:1) It is interesting to note that the story about Ruth happened at a time when the Judges ruled. There was no king in Israel; everyone did what was right in his own eyes. (Jud 21:25) It could be interpreted from this verse in the light of the Book of Judges which describes a morally corrupt period, that the writer of Ruth is painting a dark backdrop against which Ruth’s model character and actions will shine even more brightly. Or that the grace of God still abounds his people despite all their wicked actions and that he is calling for us to re-assess our own lives.

WHO launches OpenWHO - a new medical e-learning platform

WHO launches a new e-learning platform, OpenWHO, with video courses on epidemics, pandemics and health emergencies. The courses are free and accessible to anyone wishing to register.

OpenWHO transforms complex scientific knowledge into easy-to-understand introductory video lessons, using a smaller bandwidth so that people in any country can access them. Offline versions are available for IOS and Android devices.

Access OpenWHO courses

Cisco Packet Tracer as a teaching and learning tool for computer networks in DWU

I recently published an article co-authored with Dr. Peter Anderson in the DWU Journal on Cisco Packet Tracer as a teaching and learning tool in DWU. This paper was basically a reflection on my teaching experiences with Packet tracer for the networking courses.

Here is the introduction.

Computer networks have become a fundamental tool of today's corporate environment. “Computer networks consist of devices that provide communication paths between electronic machines to create local networks inside buildings as well as the interconnection of networks in such structures as campuses and the Internet” (Frezzo, Behrens et al. 2010).

As Lammle (2010) suggests, “computers have become invaluable to us personally and professionally. Our society has become highly dependent on these resources and on sharing them with each other. The ability to communicate with those we need to whether they’re in the same building or in some far-away land completely hinges on our capacity to create and maintain solid, dependable networks” (Lammle, 2010). To have such skills that will enable an IT professional to create and maintain networks requires rigorous training. It is a demanding field of expertise since the efficient operation of many business organizations today rely upon the smooth operation of its computer network.

You can download or read the paper here 

Is my organization using IPv6 already?

"Many reports predict the Internet boom in the Asia Pacific will continue with strong growth in traffic, devices and users. By 2019, the region will have the most Internet traffic from mobile devices in the world. Another report on Pacific Island nations says recent submarine cable installations have resulted in an explosion of capacity. Across the Pacific, international Internet bandwidth jumped more than 1,500% between 2007 and 2014, rising from fewer than 100 Mbit/s to over 1 Gbit/s.

But those who travel the region know the availability, stability, speed, and security of Internet services vary widely from place to place. Users in some developing economies tolerate conditions that are unacceptable in the developed world, and which will seriously limit the benefits that the Internet can deliver." This is according to APNIC Foundation.

Meanwhile, the region is facing a growing list of technical challenges and one of them is the transition to IPv6. With IPv4 resources all but exhausted globally, IPv6 is the only viable option for the Internet’s future growth in the Asia Pacific region. While some organizations are embracing this, the transition is happening very slowly.
This big question is, do you know whether your organization is using IPv6 or not? Or more importantly is your organization IPv6 ready? Especially to the Asia Pacific small island countries.

Try the test.
If you do not know yet whether your company/organization is using IPv6 here is one way where you can find out.

• Go to http://test-ipv6.com/
• As soon as you hit the link above, the site will run a test on your publicly available address. 
• It will also indicate if your company is using a proxy server for internet access.

So from the test done below for Divine Word University, Madang PNG, here is the following information taken. (See screen shot below)