The Security 101 Exam has started! February 11, 2008
Posted by drowden in : General News, IT Security Tips, News for Students, Safe Computing, Uncategorized , add a comment |
The exam started on Monday, February 11th, at 8:00 A.M. in Blackboard and will end at midnight on Sunday, February 17th.
Current students have the opportunity to win great prizes, just for demonstrating their computer security knowledge! ITS highly recommends that students take the practice tutorial before starting the exam. Please visit http://www.umflint.edu/its/awareness/ for full details. |
Computer Security 101-Win Great Prizes! January 28, 2008
Posted by rweidner in : Expert Advice from the ITS HelpDesk, General News, IT Security Tips, News for Students, Safe Computing, Uncategorized , add a commentITS is serious about keeping UM-Flint students as safe as possible from the dangers that lurk in the computing world. Computer safety is so important to ITS that we are willing to go to great lengths to bring this matter to the attention of UM-Flint students. This winter semester current students will have the opportunity to win great prizes, just for demonstrating their computer security knowledge!
Starting Monday, February 11th at 8:00 am, students will be able to log onto http://bb.umflint.edu to take the Computer Security 101 Exam. Any student that passes the exam with 100% will be entered in a random drawing for one of FOUR Grand Prizes: an Apple MacBook, a Dell laptop, an 8 GB iPod Touch, or a Nintendo Wii. Two 320 GB External HardDrives will also be awarded to two lucky second place winners. The first 50 students to pass the exam with a 100% will automatically win a 2 GB thumb drive. Make sure you take the exam before 11:55 pm on February 17th so that your entry will be entered in the drawing for these great prizes! And don’t worry about passing the exam the first time, you can take it as many times as you need to get 100%. (Once you get a 100% your job is done, then just sit back and wait for the prize winners to be announced after spring break. Getting 100% multiple times on the exam will not win you multiple entries in the drawing.)
Not so sure your computer security knowledge is up-to-date? No problem! ITS has created a Computer Security tutorial to get students ready for the big exam. Checkout http://www.umflint.edu/its/awareness/ for a practice test that will prepare you for the real thing.
Collecting credit card information on your site? Beware! October 1, 2007
Posted by admin in : General News, IT Security Tips , add a commentThe Payment Card Industry (PCI) will begin enforcing compliance with their data security standard (DSS) on October 1st. What this enforcement means to the University of Michigan-Flint community is that university sites need to be extra careful about how they collect credit card data from customers. Failure to comply with the PCI DSS can lead to fines as well having your merchant account revoked (i.e you will no longer be able to process credit cards). You can find out more about the PCI DSS at https://www.pcisecuritystandards.org/.
Any department or university affiliated organization that has not already migrated their forms to a secure location should contact the campus webmaster, Tim Todd, immediately if they are collecting credit card data on a website. Tim can assist as necessary to make sure your organization is meeting the PCI DSS.
Worm Attack Masquerades As IE7 Download Offer April 2, 2007
Posted by admin in : Expert Advice from the ITS HelpDesk, IT Security Tips, Safe Computing, Virus Alert , add a commentE-mails display an image that invites users to download a beta of a new version of Internet Explorer 7, but instead they are hit with the Grum-A worm.
By Sharon Gaudin
InformationWeek
March 30, 2007 04:40 PM
A security company issued a warning Friday about a widespread attack that’s masquerading as an offer from Microsoft to download a version of Internet Explorer 7. The e-mails, which claim to come from admin@microsoft.com and have the subject line “Internet Explorer 7 Downloads,” display an image that invites users to download beta 2 of Internet Explorer 7, according to an advisory from Sophos, a security company. Users who make the mistake of clicking on the link in the message, though, instead are infected by the W32/Grum-A worm. “Worms like this are only succeeding in spreading because so many people have still not learned to be suspicious of unsolicited e-mails, even if they claim to come from well-known companies like Microsoft,” said Graham Cluley, senior technology consultant for Sophos, in a written statement. “The problem is that to the casual observer the e-mail looks genuine, and the image displayed looks near-identical to the imagery that Microsoft is using on its Web site to promote Internet Explorer 7.0. Clicking on the image, however, doesn’t download the real beta, but malicious code straight from the hackers.” The Grum worm is an appender virus that infects executable files referenced by Run keys in the Windows Registry. When activated, it copies itself to \winlogon.exe and makes changes to the Registry. It also edits the HOSTS file, injecting a thread into system.dll and attempts to patch two system files. Cluley noted in the advisory that it’s an old trick for hackers to mask their attacks as communications from Microsoft. In 2003, the Gibe-F worm, which also was known as Swen, was disguised as a critical Microsoft security update, and in 2005, hackers directed duped users to a bogus and malicious Web site masquerading as a Microsoft update page.
Unlawful File Sharing March 14, 2007
Posted by admin in : General News, IT Security Tips, Safe Computing , add a commentOn Friday, March 9, and Saturday, March 10, the University of Michigan received notification that the Recording Industry Association of America (RIAA) intends to sue or receive settlement from more than a dozen members of the U-M community engaged in unlawful peer-to-peer file sharing of music over the Internet. The RIAA has designated these individuals through IP addresses, and the University is in the process of identifying and notifying them.This action is part of an increased effort to curtail unlawful peer-to-peer file sharing. As a result, individuals who engage in this practice are more likely than ever to be identified and sued by the RIAA. Most have settled these lawsuits out-of-court, typically for $4,000-$4,500.
The University does not condone unlawful peer-to-peer file sharing. Individuals who engage in it are violating a variety of University policies including Standard Practice Guide 601.7 - Proper Use of Information Resources, Information Technology, and Networks at U-M. This reminder also has been sent to all faculty and students.
Faculty, staff, or students who have installed peer-to-peer file sharing programs on their computers and are concerned that they might be unwittingly sharing files illegally should visit the University of Chicago’s useful web page that describes how to disable file sharing on a variety of programs (http://security.uchicago.edu/guidelines/peer-to-peer/). U-M maintains a web page (http://www.copyright.umich.edu) that describes the University’s position on illegal sharing of copyrighted materials and also includes a growing list of FAQs. All members of the University community are encouraged to study the materials on this page.
Lawful downloading of music is possible through sites such as Apple iTunes, MSN Music, Rhapsody, Ruckus, etc. Details about a number of these sites are available at: http://mp3.about.com/od/wheretobuymusic/a/all_profile.htm and http://mp3.about.com/od/freemusicdownloads/tp/freeandlegalmp3.htm.
Paul Howell
Chief Information Technology Security Officer
UM-Ann Arbor ITTS
http://safecomputing.umich.edu/
Coming Soon: Computer Security 101 Exam January 29, 2007
Posted by admin in : Expert Advice from the ITS HelpDesk, General News, IT Security Tips, Lab News , add a commentDuring the week of February 12th, University of Michigan-Flint students will have a chance to take the Computer Security 101 Exam. This exam will focus on some of the most prevalent threats to digital security including: phishing, viruses, spyware, password sharing, and providing too much information on social networking sites (Myspace, etc).
Some students may remember the last Security 101 exam, and the awesome prizes that were awarded to the winners. The prizes just keeping getting better! This year’s participants have the opportunity to win: a Dell Inspirion 1501 laptop computer, an Ipod Nano, a biometric flash drive, or one of many 2 Gig thumb drives. The first 20 students to complete the exam with a 100% will automatically win a 1 Gig thumb drive!
If you want to get a head start on the competition, check out the practice quiz which is available at: http://ww2.umflint.edu/security101/.
Phishing Alert! January 16, 2007
Posted by admin in : Expert Advice from the ITS HelpDesk, IT Security Tips , add a commentThis notification is to inform you about an e-mail phishing scam that looks like it has been sent from TCF Bank or other financial institutions, including eBay and PayPal. THE E-MAIL IS A FRAUD AND SHOULD BE DELETED IMMEDIATELY.
Although the e-mail message may look official, its real purpose is to collect personal information that can be used illegally. Banks do not send e-mail messages to solicit information and NEVER ask customers to confirm identity or personal information by e-mail. If you receive the e-mail message, please do not respond to it, or provide personal information on the fraudulent Web site as the message requests.
If you already have provided the personal information requested in the message, you should CONTACT YOUR BANK IMMEDIATELY BY PHONE and file a fraud alert.
This month, some people at U-M have been victimized by these scams and have had money withdrawn from their bank accounts. If you are a victim of fraud because of a phishing scam, you should work directly with your financial institution and the local police to resolve the situation. If you have been victimized and live on campus, please contact the U-M Department of Public Safety at (734) 763-1131 to file a police report.
Financial institutions do NOT request personal information, such as your social security number, account number, or personal identification number by e-mails that require you to follow a link to another site.
Please do not respond to such e-mail requests, or click on a link embedded in an e-mail to provide personal information. You could put your account at risk, or the phishers could open new accounts with your identity.
For more tips on avoiding identity theft, view http://identityweb.umich.edu. For more information from the Federal Trade Commission on phishing scams, see http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm
Free VirusScan and Windows Defender January 10, 2007
Posted by admin in : Expert Advice from the ITS HelpDesk, IT Security Tips, Virus Alert , add a commentThe recent virus problem with Microsoft Word Documents serves as a reminder of how important it is to keep your virus scanning software up to date. University of Michigan-Flint faculty, staff, and students are eligible to use a FREE copy of the latest McAfee VirusScan. Make sure you have the most recent version of McAfee VirusScan available from ITS, and that you keep it updated. For details on how to obtain the newest version of McAfee VirusScan, please refer to QuickNote #26: Using Antivirus Software.
In addition to running the latest antivirus software, you should also use a spyware scanning and removal tool. ITS recommends that UMF staff and faculty install Windows Defender to assist with the task of keeping their computer safe from malicious spyware. Windows Defender is available on campus by accessing “ITS Recommended Software” on the L:\ drive. ITS recommends installing this version of Defender on your office computer, instead of obtaining it from another source (Microsoft’s website or Ann Arbor’s website).
MS Word Document Issue December 13, 2006
Posted by admin in : IT Security Tips, Virus Alert , add a commentWe are still receiving quite a few inquiries about this issue so I would like to take a moment to try and clarify.
This affects any version of MS Word from XP to 2003, including both Macintosh versions.
Only documents that were received on or after December 5th have a chance of being infected (this was when an exploit was discovered on the Internet), so you can safely access documents from before then.
You can most likely trust new documents that you receive provided (1) they are from someone you know, and (2) you were expecting to receive a document from them.
Microsoft has not released an update yet to correct the issue, and our anti-virus vendor, McAfee, has not released a file that will let our anti-virus software scan for and clean infected files. Currently, we do not know when a fix will be released.
If you receive a document but are not sure if it may be a virus, you do NOT need to delete it. Hopefully, once McAfee releases a way to scan for these files you will be able to clean the infected file and then safely open it, however until that time you should NOT open the file!
If you have any questions, please contact the ITS HelpDesk at 66804.
We will keep everyone informed as we receive updates from either Microsoft or McAfee.
Microsoft Word Vulnerability Update December 8, 2006
Posted by admin in : Expert Advice from the ITS HelpDesk, IT Security Tips, Virus Alert , add a commentAs of today, Microsoft still has not developed a patch for the Microsoft Word Vulnerability. As a preventative measure to protect our users and the University Network, ITS initially set up a block on all Microsoft Word related attachments within Outlook. This caused Outlook to quarantine Microsoft Word related attachments within Outlook. If you have a Microsoft Word related attachment that has been blocked within Outlook and you require this file to be restored, please contact the ITS Helpdesk at 766-6804 for restoration. As a best practice, ITS recommends users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources. ITS will keep the University community informed as updates become available.
