Kansas State University

search

IT News

Author: Harvard Townsend (harv@ksu.edu)

Chief Information Security Officer

Microsoft releases important security patch

At noon today (Tuesday, July 28), Microsoft releases a rare “out-of-band” security patch that includes a critical security patch to Internet Explorer and a patch for Visual Studio. Due to the security risk, details of patches are typically not disclosed until the patch is released, so we cannot yet assess the risk to K-State. However, the fact that Microsoft issued this patch before the regular second-Tuesday-of-the-month patch release implies a serious threat. Thus, K-Staters are encouraged to apply the patch when it becomes available. For most people, this will happen automatically.

Continue reading “Microsoft releases important security patch”

Reminder: K-State will never ask for your password in an e-mail

Once again, K-State students, faculty, and staff are the target for spammers trying to trick you into divulging your eID and password in order to compromise your K-State e-mail account and use it to send more spam to thousands of others. Numerous instances of these scams have cropped up this week. This is a reminder that K-State will never ask for your password in an e-mail. For additional information on IT security, see the Jan. 20 InfoTech Tuesday article, “Five Things You Need to Know about IT Security at K-State“.

Malicious e-mail attachments infect numerous K-State computers

On Monday afternoon (July 13), thousands of K-Staters received malicious e-mail messages with .zip attachments. DO NOT OPEN THE ATTACHMENTS IN THESE E-MAILS, nor click on any links in these messages. Opening the attachment will result in your computer becoming infected and then being used to try to infect other computers by sending the malicious e-mails to accounts both on and off campus.

The malicious e-mails have subjects like:

  • Your friend invited you to twitter!
  • You have received A Hallmark E-Card!
  • Shipping update for your Amazon.com order 254-78546325-658742
  • Jessica would like to be your friend on hi5!

and the attachments have names like:

  • Invitation Card.zip
  • Postcard.zip
  • Shipping documents.zip

Nearly 100 K-State computers became infected on Monday when people opened the malicious attachments. Continue reading “Malicious e-mail attachments infect numerous K-State computers”

Apply today’s Microsoft security patches ASAP

Since today (July 14) is the second Tuesday of the month, Microsoft is releasing its usual monthly security patches for the Windows operating system and select Microsoft applications. While it is always important to apply these and other security patches as soon as possible, it’s particularly important this month because at least two of the six patches fix vulnerabilities that are being actively exploited.

One of the patches fixes a critical vulnerability in the Microsoft Video ActiveX Control that has often been in the security news in the past week. Nearly 1,000 websites in China are known to be infected with a malicious script that exploits this vulnerability. Continue reading “Apply today’s Microsoft security patches ASAP”

Departments: PGP encryption software released for installation

PGP Whole Disk Encryption (WDE) software is now ready for installation by those who purchased licenses last winter. In December 2008, K-State departments combined to make a bulk purchase of 1,012 PGP WDE licenses  at a steeply discounted price for both Windows and Mac computers to provide another layer of protection for confidential information. Given the propensity for laptops to get stolen, whole disk encryption is a critical tool for protecting data stored on laptops. This product can also encrypt hard drives in desktop computers that store confidential data, as required by K-State policy.

Technical contacts in the departments that purchased licenses were contacted within the last week with installation instructions. More information about this important project, including an FAQ, is available on K-State’s PGP website. If you did not receive the e-mail with installation instructions and you believe you should have, contact Harvard Townsend right away (harv@k-state.edu, 785-532-2985).

Continue reading “Departments: PGP encryption software released for installation”

IT Security Roundtable May 8: Traveling safely

The time is nigh for K-State students, faculty, and staff to vacate Manhattan for distant lands over the summer. Thus, this month’s IT security roundtable, which is 9-10:30 a.m. Friday, May 8, in Union 213, will discuss tips on how to travel safely so people can protect themselves from identity theft, financial fraud, and other threats related to information and technology while on vacation. Topics include:

Two new IT security policies published

Two new IT security policies that K-Staters need to be aware of were published recently in K-State’s Policy and Procedures Manual (PPM):

The purpose of these new policies is to help the University better protect its information and technology resources.
Continue reading “Two new IT security policies published”

Free document shredding April 18 in Manhattan

A free “Shred Day” is being offered by Document Resources Inc. 9-11:30 a.m. Saturday, April 18, at 414 South 5th St. in Manhattan, so people can bring their personal paper documents from home and have them shredded at no charge. This is a great opportunity to do some spring cleaning and safely get rid of obsolete documents with sensitive information, such as:

100+ people attended IT security training event

More than 100 K-State faculty/staff and IT personnel from other Regents institutions gathered in the K-State Union Thursday, April 9, for the annual IT security training event. They heard presentations on topics including how to recognize a scam; how to secure a home computer; advanced forensics; best practices for securing computers on campus; web application security; securely deleting files; effective management of Trend Micro OfficeScan; and protecting Social Security numbers. Presentation materials are now available on the event website.

Larry Kettlewell, the chief IT security officer for the State of Kansas, provided context for IT security governance and policies at the state level in his keynote address, while Harvard Townsend, K-State’s chief information security officer, gave an overview of security threats 2007-2009 at K-State and worldwide, plus what’s on the horizon (and told a lot of really bad jokes).

Continue reading “100+ people attended IT security training event”

“Travel safely” security roundtable rescheduled (again) to May 8

Due to scheduling conflicts and the proximity to Thursday’s IT security training event, the SIRT IT security roundtable on traveling safely scheduled for April 10 has been postponed (again!) to 9-10 a.m. Friday, May 8, in Union 213. This date should work better anyway, since soon thereafter people will embark on their summer travels. Watch InfoTech Tuesday for more details as the date approaches.