At noon today (Tuesday, July 28), Microsoft releases a rare “out-of-band” security patch that includes a critical security patch to Internet Explorer and a patch for Visual Studio. Due to the security risk, details of patches are typically not disclosed until the patch is released, so we cannot yet assess the risk to K-State. However, the fact that Microsoft issued this patch before the regular second-Tuesday-of-the-month patch release implies a serious threat. Thus, K-Staters are encouraged to apply the patch when it becomes available. For most people, this will happen automatically.
Once again, K-State students, faculty, and staff are the target for spammers trying to trick you into divulging your eID and password in order to compromise your K-State e-mail account and use it to send more spam to thousands of others. Numerous instances of these scams have cropped up this week. This is a reminder that K-State will never ask for your password in an e-mail. For additional information on IT security, see the Jan. 20 InfoTech Tuesday article, “Five Things You Need to Know about IT Security at K-State“.
On Monday afternoon (July 13), thousands of K-Staters received malicious e-mail messages with .zip attachments. DO NOT OPEN THE ATTACHMENTS IN THESE E-MAILS, nor click on any links in these messages. Opening the attachment will result in your computer becoming infected and then being used to try to infect other computers by sending the malicious e-mails to accounts both on and off campus.
The malicious e-mails have subjects like:
Your friend invited you to twitter!
You have received A Hallmark E-Card!
Shipping update for your Amazon.com order 254-78546325-658742
Since today (July 14) is the second Tuesday of the month, Microsoft is releasing its usual monthly security patches for the Windows operating system and select Microsoft applications. While it is always important to apply these and other security patches as soon as possible, it’s particularly important this month because at least two of the six patches fix vulnerabilities that are being actively exploited.
PGP Whole Disk Encryption (WDE) software is now ready for installation by those who purchased licenses last winter. In December 2008, K-State departments combined to make a bulk purchase of 1,012 PGP WDE licenses at a steeply discounted price for both Windows and Mac computers to provide another layer of protection for confidential information. Given the propensity for laptops to get stolen, whole disk encryption is a critical tool for protecting data stored on laptops. This product can also encrypt hard drives in desktop computers that store confidential data, as required by K-State policy.
Technical contacts in the departments that purchased licenses were contacted within the last week with installation instructions. More information about this important project, including an FAQ, is available on K-State’s PGP website. If you did not receive the e-mail with installation instructions and you believe you should have, contact Harvard Townsend right away (harv@k-state.edu, 785-532-2985).
The time is nigh for K-State students, faculty, and staff to vacate Manhattan for distant lands over the summer. Thus, this month’s IT security roundtable, which is 9-10:30 a.m. Friday, May 8, in Union 213, will discuss tips on how to travel safely so people can protect themselves from identity theft, financial fraud, and other threats related to information and technology while on vacation. Topics include:
Using Internet cafes safely (is that possible?!)
Using wireless/WiFi “hot spots” safely
Where are you vulnerable to identity theft and financial fraud?
A free “Shred Day” is being offered by Document Resources Inc. 9-11:30 a.m. Saturday, April 18, at 414 South 5th St. in Manhattan, so people can bring their personal paper documents from home and have them shredded at no charge. This is a great opportunity to do some spring cleaning and safely get rid of obsolete documents with sensitive information, such as:
More than 100 K-State faculty/staff and IT personnel from other Regents institutions gathered in the K-State Union Thursday, April 9, for the annual IT security training event. They heard presentations on topics including how to recognize a scam; how to secure a home computer; advanced forensics; best practices for securing computers on campus; web application security; securely deleting files; effective management of Trend Micro OfficeScan; and protecting Social Security numbers. Presentation materials are now available on the event website.
Larry Kettlewell, the chief IT security officer for the State of Kansas, provided context for IT security governance and policies at the state level in his keynote address, while Harvard Townsend, K-State’s chief information security officer, gave an overview of security threats 2007-2009 at K-State and worldwide, plus what’s on the horizon (and told a lot of really bad jokes).
Due to scheduling conflicts and the proximity to Thursday’s IT security training event, the SIRT IT security roundtable on traveling safely scheduled for April 10 has been postponed (again!) to 9-10 a.m. Friday, May 8, in Union 213. This date should work better anyway, since soon thereafter people will embark on their summer travels. Watch InfoTech Tuesday for more details as the date approaches.