Kansas State University

search

IT News

Author: Harvard Townsend (harv@ksu.edu)

Chief Information Security Officer

Dangerous phishing scam hits K-Staters' e-mail

Many K-Staters received a spear phishing scam e-mail on Monday that is particularly dangerous because it seems to refer to upcoming changes in K-State’s e-mail; appears to be from K-State’s IT Help Desk; and asks for your K-State eID and password. The criminals responsible for these scams have obviously done their homework to make the message appear legitimate. But it is not — it is a scam that is trying to steal your eID password and use it to log in to your Webmail account and use it to spam.

As always, though, you can remember this one simple rule and be safe from this type of scam: K-State IT support staff will NEVER ask for your password in an e-mail!

To help you recognize this and other scams like it, the headers of the scam message are:

From: “ITS Help Desk” <helpdesk@ksu.edu>
To: undisclosed-recipients:;
Sent: Sunday, April 4, 2010 6:49:32 PM GMT -06:00 US/Canada Central
Subject: Scheduled Service Maintenance

Continue reading “Dangerous phishing scam hits K-Staters' e-mail”

IT security roundtable April 9: Safe(r) web browsing

Did you know your computer can get infected simply by visiting a website and not clicking on any links? Furthermore, it doesn’t have to be a nefarious site — many reputable, popular websites have inadvertently hosted malicious advertisements. If that isn’t scary enough, one study found that 13 percent of Google searches for popular or trendy topics yielded malicious links near the top of the search results.

Web browsing is now the most popular target used by hackers to try to take over control of your computer, so this month’s IT security roundtable will discuss how to browse the Web safely, or at least lower the risk of infecting your computer, since there is no way to be 100 percent secure browsing the Web these days.

Join us 9-10:30 a.m. Friday, April 9, in Union 213 to learn about:

Reminder: Internet Explorer 8 update to occur April 1

Instances of Internet Explorer 6 (IE6) and IE7 will be upgraded to IE8 on April 1. For campus computers who use K-State’s central Windows Server Update Services (WSUS), this update will be pushed out automatically. System administrators managing their own WSUS environment or using some other way to manage application updates on Windows computers are urged to do the same.

IE8 provides enhanced security that makes it a safer browser to use in addition to other features. Note: IE8 will look different from IE6 and IE7 and take some getting used to. Continue reading “Reminder: Internet Explorer 8 update to occur April 1”

Reminder: IE6/IE7 upgrade to IE8 on April 1

Screenshot from Microsoft's <a href= Before people escape to their spring break destinations, be aware that Internet Explorer version 6 (IE6) and version 7 (IE7) will be upgraded to version 8 (IE8) at K-State on April 1 for security and application compatibility reasons. Since the original announcement, no one has raised any issues against the upgrade — on the contrary, many have applauded the move. Thus, we plan to proceed with the upgrade as originally planned.

This update will be applied to university computers that use the central WSUS server. System administrators who manage their own WSUS servers are encouraged to apply the update as well. Computers that do not have Microsoft patches managed by any WSUS server should manually update to IE8 if they have not already. If you are unsure what category you fit into, contact your IT support person or the IT Help Desk.

Continue reading “Reminder: IE6/IE7 upgrade to IE8 on April 1”

Keeping up with IT security news at K-State

The world of IT security is very dynamic — the threats are constant, persistent, and evolving, as are the tools and strategies for combating the threats. To help K-Staters sift through the volumes of IT security information produced daily, K-State’s IT security team maintains an IT security threats blog with information gleaned from a variety of sources. Information is posted about new vulnerabilities and/or patches in applications used commonly at K-State, current attacks seen at K-State, warnings about spear phishing scams and other forms of fraud, and other security-related news relevant to K-State.

To accommodate the variety of ways people prefer to get information, K-State’s IT security news is available in several ways:

  1. Webpage – visit the K-State IT Security Threats Blog daily
  2. E-mail – subscribe to the SIRT-THREATS mailing list
  3. Twitter – follow KSU_IT_Threats on Twitter
  4. RSS feed

Continue reading “Keeping up with IT security news at K-State”

Internet Explorer 6 (IE6) to be updated to IE8 on April 1

Internet Explorer, the most widely used web browser in the world, has often been in the news of late because of its involvement in the recent, well-publicized hack of Google and other corporations, allegedly by the Chinese government. Since a vulnerability in Internet Explorer 6 (IE6) is alleged to be one of the ways the hackers got into Google’s network, Google has joined the chorus of companies planning to phase out support for IE6 and are urging users to upgrade to Internet Explorer 8 (IE8). That chorus includes Facebook, YouTube, Digg, some European governments, and even Microsoft itself. There was even an “IE6 Must Die” petition on Twitter.

Now K-State is joining the chorus too. SIRT is proposing that on April 1, remaining instances of IE6 on campus be upgraded to IE8. For campus computers that use K-State’s central WSUS server, this update will be pushed automatically. System administrators managing their own WSUS environment or using some other way to manage application updates on Windows computers are urged to do the same.

If you have concerns about this update being pushed to campus computers on April 1, please discuss it with your SIRT representative or Harvard Townsend, K-State’s chief information security officer and chair of SIRT.

Continue reading “Internet Explorer 6 (IE6) to be updated to IE8 on April 1”

Peer-to-Peer file sharing programs prohibited on K-State computers

Ever since Napster wreaked havoc on K-State’s computer networks in the fall of 1999,  the use of Peer-to-Peer (P2P) file sharing applications on K-State’s data network has been prohibited by policy.  Partly because of new requirements outlined in the Higher Education Opportunity Act of 2008, K-State revised its P2P file sharing policy during the fall 2009 semester to clarify expectations and to articulate the risks of P2P file sharing that go far beyond violating copyright laws.

Continue reading “Peer-to-Peer file sharing programs prohibited on K-State computers”

New type of phishing attack threatens K-State passwords

Hackers have been VERY successful at tricking K-Staters into giving away their eID password  — in 2009 more than 430 K-Staters replied to phishing e-mails, sending their eID passwords to criminals who used those to log into K-State’s e-mail and send thousands of spam e-mails. The good news is that repeated communications by K-State’s IT security team, Help Desk, and IT support staff have slowed the pace of compromised e-mail accounts. The bad news is the hackers’ techniques have evolved accordingly with new, more sophisticated scams that steal your password.

K-State’s mantra for the last two years has been “NEVER provide your password in an e-mail to anyone under any circumstances!” How did the hackers respond? On Jan. 23, they sent the following scam e-mail to numerous K-Staters. Note that it doesn’t ask you to send your password in an e-mail. Instead, it tries to trick you into clicking on a link that goes to a website where they want you to enter your eID and password.

Continue reading “New type of phishing attack threatens K-State passwords”

Spring 2010: Five things you need to know about IT security at K-State

In 2009, 431 K-Staters were duped by spear-phishing scam e-mails and gave away their eID password to criminals, who then used the stolen information to sign in to webmail and send hundreds of thousands of spam messages. Obviously, the first thing on this semester’s top-five security list must be:

  1. Never give your password to anyone in an e-mail message. K-State was plagued by nearly 300 instances of e-mail scams in 2009 that try to trick people into replying with their eID password. It has not slowed down in 2010. If you remember this one simple rule, you can prevent becoming a victim of these scams: K-State IT support staff will never ask for your password in an e-mail, nor will any legitimate business or organization. If you get such an e-mail, just delete it.
  2. Continue reading “Spring 2010: Five things you need to know about IT security at K-State”

IT Security Roundtable Jan. 15: Help, passwords are driving me crazy!

It’s time once again to change your eID password so what better topic for this month’s IT security roundtable than managing your passwords. For online shopping, social networking sites, games, iTunes, PayPal, travel sites (frequent flyer accounts, Expedia, Orbitz, etc.), online banking (checking, savings, credit cards, loans), news and sports sites, blogs and wikis, cellphone account, home Internet provider, cable/satellite TV, your home computer, your laptop, your office computer, your departmental server, K-State’s eID, personal e-mail, K-State e-mail, flexible spending accounts… the list keeps growing. And all of them require a username and password. It’s enough to drive you crazy!

To help maintain your sanity, join us 9-10:30 a.m. Friday, Jan. 15, in Union 213 to hear solutions to effectively manage your passwords: