Wednesday, March 19, 2014

Phishing Email 3-19-14

At approximately 8 pm tonight a phishing email began being sent out from a PLU account.  This email is fraudulent and should not be responded to, nor should any links be clicked on.

If you have responded to this email or clicked on the link within the email, please contact the Help Desk at 253-535-7525 immediately.  You will need to perform a password change and several other fixes.

Below is a screenshot example of the email which I&TS received.
This is a very pretty, but very fraudulent email.

Thursday, February 6, 2014

Spam Email Report 2/6/14

Today's spam email report comes courtesy of our technician, Ingrid.

It has recently been brought to the attention of the Help Desk that a series of spam emails has been circulating through the PLU Gmail system. These emails are originating in accounts that have been compromised, and are telling recipients that their inbox storage has exceeded its capacity and they should follow the link provided to update their account. Emails of this nature should be ignored and deleted, and personal information should never be provided to the sender. A photo of the email is provided at the bottom of the page, as well as an explanation for how it was determined to be spam.
We encourage you to always err on the side of caution if you believe you have received a spam or phishing email. If you ever feel that you need assistance determining whether an email is legitimate or not, don't hesitate to contact the Help Desk at 253-535-7525, or email us at helpdesk@plu.edu.

If you have given out any password or log in information, or if your account has been sending similar emails without your knowledge, please follow our standard procedures for possibly compromised accounts:
  • Update your epass password at http://epass.plu.edu
  • Update your password on any sites where you used that password (i.e., if your epass was the same as your bank password, update your bank password as well)
  • Log into your Gmail and sign out of all other sessions; to do this, scroll down to the bottom of the page and look for the section which says "Last Account Activity"; click on the "Details" link; a window will appear which will let you force sign out all other sessions.
In the image provided, text highlighted in orange can be deemed suspicious because it suggests that the email originated from a non-PLU source. PLU emails are not managed through Webmail, and user inboxes do not have a maximum capacity, nor are they ever deleted from the system due to inbox overfilling. Areas highlighted in blue indicate grammatical and formatting oddities that should not be found in a legitimate communication from a PLU source. These errors are another red flag indicating that the email is originating in a compromised account.
Once again, we advise you to use your best judgment when deciding whether an email looks suspicious or not, and notify the Help Desk promptly if you believe you have encountered a security risk.

The questionable email.  Click to enlarge

Monday, February 3, 2014

Spring 2014 Technology Workshops


Check out the schedule of Spring 2014 Technology workshops at http://www.plu.edu/itech/workshops/ along with registration information. Workshops include a diversity of topics such as: 

  • Blended Learning 
  • Flipping the Classroom
  • Engaging Students 
  • Strengthening Connections 
  • Sakai Learning Management System
  • Clickers
  • Google Apps
  • Microsoft Office
  • And more..! 
For a complete listing of workshops, see the workshop flyer.

If you have a particular need for specialized and customized technology workshops for your class or department, contact Layne Nordgren (
layne.nordgren@plu.edu, 253-535-7197) and we'll do our best to meet your specific needs.

Need one on one assistance with technology? Instructional Technologies provides two digital technology labs with computers and software for digital editing projects. The Digital Design Lab is located on the first floor of the Library near the Help Desk. And the Wiegand Multimedia Lab is located in Morken 115.

Thursday, January 23, 2014

February 4 Development Day Technology Workshops

Information & Technology Services is offering four technology workshops for Human Resources's Development Day on February 4. Check out some of the workshops below and if they look interesting, you can register for the workshops here.

Microsoft Excel 2010

Time: 8:30-9:30 am
Location: Library Instruction Center B, Basement of the Library

Basic terms and functions of Microsoft Excel and hands-on exploration of the Excel 2010 interface. Topics include basic spreadsheet formatting, working with formulas, and sorting options using the updated Excel 2010 interface. Additional topics may be discussed depending on individual interests if time permits. Prior Excel experience is helpful, but not necessary.


Backups and Data Security at PLU

Time: 9:45-10:45 am
Location: Library Instruction Center B, Basement of the Library 


Learn about backup solutions at PLU including Netstor and Google Drive and best practices for storing your sensitive data. Topics will include data encryption options, appropriate use of cloud storage, and types of data that may need additional security.


Reaching Out Through Web Conferencing

Time: 1:15-2:15 pm
Location: Library Instruction Center B, Basement of the Library

Web conferencing provides faculty, staff, and students with opportunities to make connections and collaborate despite distance. This workshop will provide a quick overview of two web conferencing tools (Google Hangouts and Fuze Meeting) along with best practices for making web conferences successful.


Collaboration with Google Docs/Drive

Time: 2:30-4:00 pm
Location: Library Instruction Center B, Basement of the Library

Interested in collaborating with your colleagues using Google documents, spreadsheets, and forms? This workshop will focus on using the collaborative features of the Google Docs tool set. Exercises will include collaborative activities using Google Docs tools.

Friday, January 10, 2014

Apple slowing security updates for previous versions of OS X

Source:
http://nakedsecurity.sophos.com/2014/01/09/82-of-enterprise-mac-users-not-getting-security-updates/
http://support.apple.com/kb/ht1222

Recently, Apple released the newest version of their operating system (OS), OS X 10.9 Mavericks, for free to all users that were at least on OS X 10.6 (and had compatible hardware).  This was a pretty bold move on Apple's part to just stop charging for the Operating System itself, and was welcomed by users across the tech spectrum, especially since most key Apple software was now also being released for free.

Months later, it seems that Apple really really really wants everyone to be using Mavericks, and they're doing so by putting all their focus on Mavericks at the expense of their older versions of the OS.  According to Apple's security release schedule (apple.com), there has been a lack of security updates directed at the older OSes.  Mavericks itself came with a bundle of security patches for some of the core parts of OS X, such as some minor unix utilities which needed bug fixes and some Apple software that wasn't working quite as expected. 

Security patches and bug fixes are normal for operating systems, and it's not uncommon for all OSes to have a slew of security patches out each month.  Apple typically prefers to release them in larger bundles as opposed to individualized fixes, though in the past they have released "hot fixes" to address major issues.  But for Apple to be turning away from their previous OSes so quickly, it seems like a real push to get users onto Mavericks as soon as possible and keep them there.

So is your Mac less secure if it doesn't have Mavericks?  Absolutely.  Many of the patches are for some fairly critical vulnerabilities, and while the virus and malware scene for Mac still hasn't taken off in over a decade, that doesn't mean they don't exist.  The best security practice you can have for your Mac right now would be to keep it up to date with software updates from Apple, including Mavericks.

Mavericks is free!  The upgrade is very simple, requiring a bit of time to download the software.  If your computer is Mavericks compatible (wikipedia.org), you most definitely should upgrade.  We strongly recommend backing up all your important documents before trying to perform the upgrade.  If you need assistance with upgrading your Mac, or have questions, please stop in or contact the Help Desk, and we'll be more than glad to assist!  Contact information at the end of this post.

A final note on OS X Security -- while OS X is not free of vulnerabilities, there still is not a strong case for using an anti-virus on your Mac at this time.  Most of the anti-virus systems currently available are just sub-par, often eating up a lot of the Mac's power looking for viruses and malware that just likely aren't going to hit your machine.  Apple has and keeps its own anti-malware service running in the background on your Mac; it isn't something you can interact with, but it is updated and worked on by Apple. 

Help Desk Contact Info:
Twitter:@PLUHelpDesk
Phone: 253-535-7525
email: helpdesk@plu.edu

Monday, January 6, 2014

Spam email report 1/6/2014



A new year and new spam emails! Today's write up comes courtesy of our technician, Carolyn.

Recently, the Help Desk received a report of a new spam email circulating via campus Gmail accounts. These appear to be coming directly from compromised PLU epass accounts, so it is important to be able to identify which of your contacts’ emails are legitimate and which are not. At the bottom of this post is a copy of the email, as well as a summary of the red flags that helped us to determine that this email was fraudulent.

If you have already responded to the email, please discontinue all communication immediately. If you have provided personal information, such as your bank account information, please contact your Bank immediately and discuss the issue, they will advise you on the proper procedure for protecting your accounts.

If you have given out any password or log in information, or if your account has been sending similar emails without your knowledge, please follow our standard procedures for possibly compromised accounts:
  • Update your epass password at http://epass.plu.edu
  • Update your password on any sites where you used that password (i.e., if your epass was the same as your bank password, update your bank password as well)
  • Log into your Gmail and sign out of all other sessions; to do this, scroll down to the bottom of the page and look for the section which says "Last Account Activity"; click on the "Details" link; a window will appear which will let you force sign out all other sessions.
Any questions, please contact the Help Desk at 253-535-7525 or helpdesk@plu.edu. You can also stop in at the Help Desk located on the first floor of the Library.

Original email; click to enlarge
In light blue, we have highlighted the fact that these emails are coming directly from PLU accounts instead of an outside source address. This may be the most confusing factor when determining if an email is fraudulent, so it is important to use your own personal judgment to determine a message’s legitimacy when it is coming from a person you know. If you are receiving emails from colleagues, students, or staff that don’t match previous interactions that are typical of their email communication (misspelled words, grammar errors, change in professional tone/language, etc.), then you should regard it as suspicious.

Highlighted in red are a few logical tipoffs: First and foremost, whoever is emailing you did not inform you of their “urgent trip to Iuganisk (Ukraine)”, yet they claim to know you well enough to ask for a money loan. This is a classic tactic of many varieties of spam emails; again, please err on the side of caution and utilize your own personal judgment when receiving emails from someone you know. Also highlighted in this email are the more subtle hints that helped us to identify this email as spam: the user states that they contacted their bank and cancelled their cards, which demonstrates that they are reasonably capable of communicating with their source of finances. This logically conflicts with their claim that they need a money loan from you in order to pay for their hotel and flight fees. If an email raises any sort of suspicion about its logic or legitimacy, do NOT respond to it or give out any personal or financial information.

Friday, January 3, 2014

Router Backdoors found in tons of router models...but not a big deal for most people

Source(s):
http://arstechnica.com/security/2014/01/backdoor-in-wireless-dsl-routers-lets-attacker-reset-router-get-admin/
https://github.com/elvanderb/TCP-32764/blob/master/README.md  (List of known affected routers)

Summary:

For the non-technically inclined, let's define a few terms for this article/post.  A backdoor, in computing terms, specifically refers to a means to control a device remotely via a hidden access.  You can think of it like a secret way into a device in order to control it; these backdoors often have very little or no verification, and will accept any command sent to them without question. 

The discoverer of the backdoor, , was focusing on trying to get back into his own router, which he forgot the password to.  In doing so, he found some really strange activity on his router, which upon further investigation revealed the backdoor.  Being a bit of a programmer, he explored the backdoor as best he could and was able to map out many of the controls it allowed.  He published his results in a rather humorous powerpoint presentation (1.9 MB ppt download, some not safe for work language), and many other users tested his program and found quite a few other routers that had the same backdoor.

So, is your own router at risk and should you worry? 

Yes, and No.  

See, the backdoor is pretty specific, and it looks to require that you actually be on the network to pull it off.  Even if you were able to plug the backdoor (which you can't really), the likelihood of someone using this method to gain access to your router is pretty low.  The second link has a list of known affected routers; if you use one of these for your business, there may be some cause for concern, but again, this is a fairly isolated method of attacking a router.

What this does bring up are some interesting questions as to why such a backdoor exists; all routers have a physical switch on them to allow a factory restore, so end users have no use for such an interface, and technicians would likely use this as well instead of using the rather esoteric interface.  This is definitely an issue which warrants further discussion and investigation, but most home users should be able to continue using their routers as they have been without additional worry.