Tag Archives: Exploits and Vulnerabilities

Tip #10 Geotagging and Location Sharing–Just Don’t!

1937 Map of the Bronx

1937 Map of the Bronx

When you got back from vacation, your friends looked at you with amazement and admiration: You went to the Louvre in Paris, the Forum in Rome, AND you ran the Great Wall Marathon in China. They know this because every time you stopped for a croissant, a dish of pasta, an egg roll, or to tie your sneakers, you geotagged your location on all your social networks.

Location tagging or geotagging yourself on social networks is never safe. While it might look cool that you’re visiting iconic places or doing incredible feats (or just mundane things), at the same time, you risk cluing in a stalker about exactly where to find you, or telling a thief that you’re not home.

Whenever you geotag, you’re not only talking to a small group of friends. You may potentially be talking to anyone on the Internet. In general, location tagging is not a safe feature to activate, so do your best to avoid it.

Read more about geotagging on The Daily Beast.

Tip #9 Think Twice (Or Thrice) Before You Post

Image: Charles Clegg, Flickr

Image: Charles Clegg, Flickr

Always remember: there is no permanent “delete” button on the Internet. Once you’ve posted information about what you’re doing or where you’ve just been, it’s easy for attackers to seize your personal information and take advantage of you. Even if you’ve deleted your post, chances are someone saw your information, and that it’s circling somewhere on the web.

Search engines like Google and Bing make a copy of every single webpage, for example, which they then index and essentially freeze those pages in time, unless they’re refreshed by your browser. Archival services like the Internet Wayback Machine take snapshots of as many sites as they can for research purposes, and the Library of Congress receives regular archival copies of the entire public Twitter universe. Every single Tweet!

Be wary that once you post, people might be able to target you, even if you’ve deleted something from a social media site. Thieves could know that you’re out of town and rob your empty house, or they might choose to snag information off the boarding pass photo you just posted and deleted on Instagram.

So long story short, think twice before publishing sensitive information on the web. Make sure that what you’re posting won’t allow someone to take advantage of you.

Resource: The Internet Doesn’t Have a Delete Key.

 

Tip #8 Identity Theft: Signs and Solutions

Everyone has unique fingerprints. The image above is work of by Cheryl Sorg, an artist who creates portraits of people's thumbprints.

Everyone has unique fingerprints. The images above shows work by Cheryl Sorg, an artist who creates portraits of people’s thumbprints.

Identity theft happens when someone accesses your personal information and uses it without your permission and for their personal gain. Information that can be stolen and used includes bank account numbers, credit card numbers, utility bills, and health insurance policies. Someone with your personally identifiable information (PII) can even file a tax refund in your name and get your refund. There’s even been cases where a thief gives another person’s name during an arrest.

To protect yourself against identity theft, be vigilant about sharing your personal information. Guard your passwords like you do your wallet and any sensitive information.

If your identity is stolen, having a good plan to address the situation will help minimize the effects. Identitytheft.gov outlines a plan, which is summarized below. Also, contact Fordham’s IT Customer Care. They’re prepared to help you figure out what your next steps should be.

First
Step 1: Call the companies where you know fraud occurred.
Step 2: Place a fraud alert and get your credit report.
Step 3: Report identity theft to the FTC.
Step 4: File a report with your local police department.

Next
Step 1: Close new accounts opened in your name.
Step 2: Remove bogus charges from your accounts.
Step 3: Correct your credit report.
Step 4: Consider adding an extended fraud alert or credit freeze.

Identitytheft.gov lists other steps for specific situations, as well, such as tax-related identity theft, resolving child identity theft, and replacing government-issued issues.

Tip #7 Check before you click!

Screen Shot 2015-10-07 at 10.37.16 AM

Example of a valid link.

By Meiren Park, IT Communications Intern

You get a lot of links thrown at you everyday, from various sources: email, texts, Twitter, websites and so on. Viruses and malware can enter your computer just by clicking on it. Play it safe by checking the link before you click on it.

You can check a link by hovering over it with your cursor. Look at the bottom left of your screen to see whether the link is legit or not. A legitimate link won’t have a long string of letters and numbers–it’ll just be the same URL as the link you’re about to click on. For example, if the link says “www.google.com,” that same link should appear on the bottom left of your screen. In the example above from the New York Times, the cursor was placed over an image and the image’s link appeared on the lower left.

If you’re not sure whether a link is good or not, call IT Customer Care to report it.

Don’t fall victim to a malicious attack. Be careful before you check out the newest link you find on your feed! Read more about this on our web page, Spam and Phishing.

Image: “New York Film Festival Offers Quiet Treasures and a Little Jazz,” New York Times, October 7, 2015.

Tip #5 What’s that person doing in my computer?

Fordham IT staff take "Innovation Walks" to disconnect from the online world and get some exercise.

Fordham IT staff take “Innovation Walks” to disconnect from the online world and get some exercise. Disconnecting your computer from the network and disconnecting from your computer can have positive benefits.

It’s one thing to lend your smartphone to a friend to make a quick call, or share a computer with your family at home. It’s an entirely different matter when a stranger gains remote access to one of your devices.

You can prevent that from happening by disconnecting your computer from the Internet when you’re not using it.

Staying connected online all the time is easy and convenient. But a 24-hour connection increases your chances of an attacker or virus scanning the network for an available computer. When you’re not using it, turn off your computer or modem, or disable the WiFi connection. Make sure you have your firewall enabled.

Speaking of firewalls, at Fordham, you can’t even log onto our secured network unless you have firewall installed. This precaution helps keep the networked and wireless connections on all of Fordham’s campuses secure. That’s why we ask you to authenticate (called Network Access Control, or the NAC), each month. We strive to keep our campus’s online environment space safe for you, 24/7.

Moreover, it’s good to get in the habit of disconnecting. Fordham IT staff often take walking meetings together. Our productivity and enthusiasm improves when we take breaks from our computers and the online world.

Tip #3 | Don’t Share THAT about Yourself Online!

Shakespeare Listens

Image: Kelli Marshall, Locating Shakespeare in the 21st Century, Vimeo

Inappropriate sharing of secrets always makes for a good plot twist in a Shakespearean play:

O negligence!
Fit for a fool to fall by: what cross devil
Made me put this main secret in the packet
I sent the king? Is there no way to cure this?
No new device to beat this from his brains?
(Henry VIII, Act 3.2)

When you meet someone new, whether it’s in your residence hall, at a party, or at work, do you immediately tell that person your full name, social security number, phone number, address, credit card and bank account numbers? Didn’t think so. You wouldn’t share most of that information with a good friend, either.

But what if you were asked, politely, a few times for the information? And what if the request came with a promise not to share any of your personal information, including your funny middle name, with anyone else? Right. Didn’t think so.

You should feel the same way about your privacy when a social media site asks you for that information. If you need to share those personal details to join the site, that’s a red flag. Walk (or surf) away from it, fast.

When you share something that’s personally identifiable with the wrong person or website, it will be quite difficult to find a “cure” and “beat” it out of his or her “brains” or database!

Read more about Cyber Security Awareness Month!

Critical Schannel Vulnerability Effecting All Versions Of Windows

Please be advised of a recently discovered vulnerability in SCHANNEL affecting ALL VERSIONS OF WINDOWS!

Description

The vulnerability can be used by an attacker for drive-by attacks to run code remotely and take over the user’s machine.  In these drive-by attacks, hackers install code on web sites which attempts to covertly install malicious code on the unprotected computers of visitors to the site. Users are typically led to these sites via phishing emails and other scams.

Further information regarding the details of the vulnerability:

http://www.theregister.co.uk/2014/11/12/driveby_unicorn_0day_beats_emet_affects_all_windows_versions/

Solution

A patch, MS14-066, released yesterday as part of Microsoft’s
Patch Tuesday remediates this issue for all supported versions of Windows. Please note, THIS DOES NOT INCLUDE WINDOWS XP! This security update is rated Critical for all supported releases of Microsoft Windows. If you have automatic updates turned on, you will get this new update without having to do anything.  If you haven’t turned on automatic updates, you should do so now.  Click the “Check for Updates” button on the Windows Update portion of your Control Panel.

The patch can be manually downloaded here:

https://technet.microsoft.com/library/security/MS14-066

Microsoft Releases Patch for Internet Explorer Vulnerability

Microsoft has released an update that patches the most recent Internet Explorer vulnerability for all versions of Windows. Although Windows XP is no longer supported, Microsoft has made and exception for this particular update. If you have automatic updates turned on, you will get this new update without having to do anything.  If you haven’t turned on automatic updates, you should do so now.  Click the “Check for Updates” button on the Windows Update portion of your Control Panel.

Further information: http://blogs.technet.com/b/microsoft_blog/archive/2014/05/01/updating-internet-explorer-and-driving-security.aspx

Internet Explorer Vulnerability Discovered

A new security flaw was found in all versions of Internet Explorer. Windows XP will most likely not be patched. Learn to protect yourself here: http://www.mashable.com/2014/04/28/internet-explorer-bug-how-to-protect/

If you have any questions please contact IT Customer Care at 718-817-3999 or via email: helpit@fordham.edu.

Update on the Heartbleed bug

Dear Colleagues and Students,
Recently a flaw, called the Heartbleed bug, was discovered in OpenSSL, a security method used on the Internet. Fordham IT is aware of the issue and our team is following best practices to ensure the security of Fordham’s systems and mitigate risk. 
We have no reason to believe that Fordham’s secure systems have been compromised. However, this vulnerability is not an isolated issue affecting the Fordham community. It affects your online life outside of Fordham, as well. The website Mashable has a list of potentially affected sites and actions you should take to protect your sensitive data: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
Be on the lookout for criminals requesting your password via phishing emails or websites that claim your information has been compromised. Criminals will take advantage of this opportunity to prey on fears about the Heartbleed bug. 
If you have questions, contact IT Customer Care at 718-817-3999 or HelpIT@fordham.edu. Follow us on Twitter for news and alerts: @FordhamIT.

Best,
Elizabeth

——————————-
Elizabeth Cornell, PhD
IT Communications Specialist
Fordham University | Fordham IT
@Fordham IT