Kansas State University

search

IT News

Tag: email

Five things you need to know about IT security at K-State

A new semester has begun, so it is time to remind everyone of their personal responsibility in helping protect themselves online and keep K-State information and technology safe. To quote IT security experts, “the Internet is a bad neighborhood,”* and based on the number of security incidents at K-State in 2008, it’s getting worse. You can still function safely online, though, if you take the time to learn about security and “think before you click.” Here are five things you should know about IT security at K-State: Continue reading “Five things you need to know about IT security at K-State”

Password-change deadline for eIDs is Feb. 11

K-Staters have January through Feb. 11 to change the passwords on their K-State eIDs for the spring semester. This mandatory password change occurs each fall and spring, and applies to both individual eIDs and group eIDs. Long-term use of the same password is a known risk factor, which is why any K-State password cannot be re-used within a two-year period. Continue reading “Password-change deadline for eIDs is Feb. 11”

Choosing security questions/answers; lessons learned from Palin e-mail hack and password security

The compromise of Alaska Governor Sarah Palin’s Yahoo! e-mail account last September offers many lessons about security, including the risk of using a free commodity e-mail service for conducting official business. Likewise, be cautious about what you store in your e-mail — the hacker posted some of Palin’s e-mail messages, photos, and her address book on the Internet. However, the focus of this article stems from the technique used by the hacker (purported to be a student from the University of Tennessee) to access Palin’s e-mail.

The perpetrator was able to change Palin’s password by answering three security questions — her date of birth, home zip code, and where she met her husband — answers easily discovered through simple Google searches. Challenge-response systems like these are common security features used in self-service websites for resetting a forgotten password, like the site used by the hacker to reset Palin’s Yahoo! password and access her e-mail. Even K-State’s eID Profile system uses a challenge-response security question to facilitate self-service password resets. Continue reading “Choosing security questions/answers; lessons learned from Palin e-mail hack and password security”

SMTP to be blocked on residence-hall networks and campus wireless

In recent months, K-State has experienced a rash of compromised campus computers used by hackers to send tens or hundreds of thousands of spam messages to the Internet. Besides the embarrassment of having K-State labeled as a source of spam, some of these instances have resulted in K-State being placed on spam block lists where all e-mail from K-State is blocked. To remedy this problem, K-State intends to start blocking the protocol used to deliver e-mail off-campus on three selected portions of the network that typically have the largest percentage of compromised computers — the campus wireless network, and both the wired and wireless networks in the residence halls. This will only affect computers on these three segments of the campus network. All other network segments, including the guest wireless network (SSID=k-state.guest), will be unaffected.

This will take effect during the break between the fall and spring semesters. All students living in the residence halls will be notified about the change before they leave at the end of the fall semester. Continue reading “SMTP to be blocked on residence-hall networks and campus wireless”

“Phishing and Spam IQ Quiz” helps people recognize e-mail scams

K-State has now had at least 116 people reply to spear phishing scam e-mails since January 2008 and divulge their eID password to criminals. It is imperative that people learn to recognize scams to protect themselves and the K-State information entrusted to their care.

SonicWALL has produced an excellent 10-question “Phishing and Spam IQ Quiz” to help people learn how to differentiate between scams and legitimate e-mails. The quiz displays 10 different e-mails and has you decide whether each is legitimate or a phishing scam. At the end, it compares your answers to the correct ones and provides an explanation for each e-mail message. Continue reading ““Phishing and Spam IQ Quiz” helps people recognize e-mail scams”

Growing list of e-mail scams gets separate webpage

More than 60 e-mail scams have arrived at K-State in the past four months. Last May, the university began tracking and posting scams to the IT security homepage to serve as a reference for the campus community. On Sept. 25, the growing list of scams was moved to a page of its own. E-mail scams seen at K-State shows the date each scam arrived, the subject-line text, and a link to the full e-mail version.  Continue reading “Growing list of e-mail scams gets separate webpage”

Password-stealing e-mail scams are back!

Not surprisingly, last Friday saw the return of a spear phishing e-mail scam that tries to steal K-Staters’ eID passwords by tricking them into replying to a bogus e-mail pretending to be from the “THE KSU HELP DESK <hlpdsk@ksu.edu>”.  What is surprising is that at least six K-Staters were duped by the scam and replied to the e-mail, thereby giving their eID password to criminals who promptly used the stolen credentials to sign in to K-State’s WebMail system and send large amounts of spam. This resulted in e-mail from K-State being temporarily blocked by Hotmail over the weekend.

Thus, a repeat of past warnings is warranted: K-State IT support staff will NEVER ask for your password in an e-mail! Nor will any reputable company. If you receive an e-mail asking for your password, assume it is a scam and delete it.

A copy of the scam e-mail from Sept. 5, along with dozens of other scams targeting K-State, is available on K-State’s IT security website.  Hints on how to recognize a scam are also available.