Kansas State University

search

IT News

Author: Harvard Townsend (harv@ksu.edu)

Chief Information Security Officer

“Phishing and Spam IQ Quiz” helps people recognize e-mail scams

Posted on by Harvard Townsend (harv@ksu.edu)

K-State has now had at least 116 people reply to spear phishing scam e-mails since January 2008 and divulge their eID password to criminals. It is imperative that people learn to recognize scams to protect themselves and the K-State information entrusted to their care.

SonicWALL has produced an excellent 10-question “Phishing and Spam IQ Quiz” to help people learn how to differentiate between scams and legitimate e-mails. The quiz displays 10 different e-mails and has you decide whether each is legitimate or a phishing scam. At the end, it compares your answers to the correct ones and provides an explanation for each e-mail message. Continue reading ““Phishing and Spam IQ Quiz” helps people recognize e-mail scams”

Peer-to-Peer file sharing risks

Posted on by Harvard Townsend (harv@ksu.edu)

Since May 2000, K-State policy has prohibited the sharing of music, movies, software, etc via peer-to-peer (P2P) file sharing applications like eMule and BitTorrent because of the impact on network performance. This policy and K-State’s position of blocking P2P network traffic at the campus border was bolstered by the recently passed Higher Education Opportunity Act that includes provisions designed to reduce illegal sharing of copyrighted materials through P2P applications on college campuses. Continue reading “Peer-to-Peer file sharing risks”

XP Antivirus 2008 malware difficult to remove; requires reformat/reinstall

Posted on by Harvard Townsend (harv@ksu.edu)

If your computer gets infected with the malicious program “XP Antivirus 2008” or one of its variants, you must reformat the hard drive(s) and reinstall all software and data before returning the computer to service and using it on K-State’s campus network. The criminals responsible for this malware are primarily trying to trick people into sending them money under the guise of buying software to clean up an “infected” computer.  However, K-State has seen several instances where other types of malware get installed at the same time as XP Antivirus 2008, including backdoor trojans and software that uses the computer to send thousands of spam messages. Continue reading “XP Antivirus 2008 malware difficult to remove; requires reformat/reinstall”

Password-stealing e-mail scams are back!

Posted on by Harvard Townsend (harv@ksu.edu)

Not surprisingly, last Friday saw the return of a spear phishing e-mail scam that tries to steal K-Staters’ eID passwords by tricking them into replying to a bogus e-mail pretending to be from the “THE KSU HELP DESK <hlpdsk@ksu.edu>”.  What is surprising is that at least six K-Staters were duped by the scam and replied to the e-mail, thereby giving their eID password to criminals who promptly used the stolen credentials to sign in to K-State’s WebMail system and send large amounts of spam. This resulted in e-mail from K-State being temporarily blocked by Hotmail over the weekend.

Thus, a repeat of past warnings is warranted: K-State IT support staff will NEVER ask for your password in an e-mail! Nor will any reputable company. If you receive an e-mail asking for your password, assume it is a scam and delete it.

A copy of the scam e-mail from Sept. 5, along with dozens of other scams targeting K-State, is available on K-State’s IT security website.  Hints on how to recognize a scam are also available.

Network security analyst position available

Posted on by Harvard Townsend (harv@ksu.edu)

K-State is seeking applicants for the position of Network Security Analyst for the Office of the Vice Provost for Information Technology Services. This position will serve as a key member of the information security program at K-State, focusing on the management of network security systems, network and system forensics, incident management, and vulnerability assessment. Screening of applicants begins Sept. 15.

See the position description for details and application procedures. Kansas State University is an equal opportunity employer and actively seeks diversity among its employees.  A background check is required of the successful applicant.

McAfee Safeboot laptop encryption demo Friday, Sept. 5

Posted on by Harvard Townsend (harv@ksu.edu)

A subcommittee of SIRT has been evaluating whole disk encryption software for laptop computers and is close to making a product recommendation.  One of the candidate products is McAfee Safeboot, and SIRT has arranged a WebEx demonstration of the product so others can learn about it and provide feedback.

The WebEx demo will take place 9:30-10:45 a.m. this Friday, Sept. 5, in Union 213. During the first 15 minutes, Harvard Townsend, K-State’s IT Security Officer, will provide an overview of the project — the motivation, requirements, evaluation process, and cost estimates. McAfee representatives will then join in at 9:45 a.m. via WebEx and phone for the demo. Some subcommittee members will be available after the demo to receive  feedback and answer questions.

Hardly a day goes by without hearing news of the theft of a laptop containing confidential data.  Should a laptop get stolen, encrypting the data protects it from being misused for things like identity theft or financial fraud.

SIRT intends to recommend an affordable standard encryption product that departments or individual faculty/staff can buy for their laptops to provide another layer of protection and keep K-State’s sensitive information from getting into the wrong hands.

Five things you should know about IT security at K-State

Posted on by Harvard Townsend (harv@ksu.edu)

With the return of tens of thousands of students and arrival of thousands of new students, faculty, and staff, everyone needs to be reminded of the importance of protecting K-State’s information and technology resources. Here are five things about IT security that individuals need to be aware of as the semester begins:

  1. Never give your password to anyone in an e-mail message. Numerous different scam e-mails have been sent to K-Staters over the last eight months trying to trick people into replying with their eID password.  K-State IT support staff will never ask for your password in an e-mail, nor will any legitimate business or organization. If you get such an e-mail, just delete it.

    2. Continue reading “Five things you should know about IT security at K-State”

Don’t fall for “Antivirus 2008 XP” rogue software!

Posted on by Harvard Townsend (harv@ksu.edu)

In the last week, four computers in one K-State department were compromised and used to send massive amounts of spam to recipients all over the world. Likewise, I was contacted by a K-State employee who had warning messages pop up repeatedly on her home computer telling her the computer was infected and she needed to purchase special software to fix it. The common denominator in all five cases is rogue anti-spyware software called “Antivirus 2008 XP” (aka “Antivirus XP 2008”) that’s making the rounds on the Internet. Continue reading “Don’t fall for “Antivirus 2008 XP” rogue software!”

State Surplus Property disposes of hard drives at no cost

Posted on by Harvard Townsend (harv@ksu.edu)

In light of security risks posed by improper disposal of electronic media like computer hard drives, the state of Kansas’ State Surplus Property program offers an immensely useful service by physcially destroying computer hard drives at no charge. Since federal guidelines (PDF) and an upcoming state policy require disk drives with confidential data to be “disintegrated, shredded, pulverized, or incinerated” when they are not going to be re-used or they leave the institution, few have the resources to properly destroy the drives. Fortunately, State Surplus Property contracted a company to degauss, shred, and then smelt the drives and is absorbing the cost. Continue reading “State Surplus Property disposes of hard drives at no cost”

Airports a major threat to laptops

Posted on by Harvard Townsend (harv@ksu.edu)

According to recent studies, about 16,000 laptop computers are lost or stolen in airports in the United States and Europe EVERY WEEK. That translates into nearly 900,000 per year and, according to the studies conducted by the Ponemon Institute on behalf of Dell, about 60 percent of the laptops are never recovered or reclaimed. Continue reading “Airports a major threat to laptops”