At last week’s IT Security Training Event, a competition was held to guess how long it would take to display 69,404,957 IP addresses. Those addresses represent machines that were attacked by a recently compromised computer at K-State.
One thing I’ll say about hackers is they are persistent, and I guess that fact shouldn’t surprise me since the same ol’ tricks reap dividends. Last Thursday, Nov. 5, K-State was hit with a cyberattack nearly identical to one that wreaked havoc on campus last July and, like last summer, it succeeded in compromising more than 130 campus computers.
The attack consisted of four different e-mails that tried to trick people into opening a malicious .zip attachment. Users who opened the attachment instantly infected their computer with a new variant of malware that antivirus software did not detect. The compromised computers were then used to try to infect other computers by sending the same malicious e-mails to addresses harvested from local addressbooks on the infected computers.
Once again, the best solution for preventing these types of attacks is for you, the user, to be suspicious of any unexpected e-mail from unknown sources and do not open an attachment until you confirm its legitimacy. One troubling thing is the four e-mails were virtually identical to the ones from last summer, with the following four subject lines:
Think you can go online and visit websites and post to social networking spaces anonymously? Think again.
Most websites collect Internet protocol (IP) address information, which is unique to each computer on a network. A fairly recent feature of IP-address look-ups involves the layering of the geospatial aspect — the actual location of the computer user.
The following is a screenshot of the geolocation of a K-State computer and its origins, as verified by the free www.hostip.info (“host IP”) site.
The compromise of Alaska Governor Sarah Palin’s Yahoo! e-mail account last September offers many lessons about security, including the risk of using a free commodity e-mail service for conducting official business. Likewise, be cautious about what you store in your e-mail — the hacker posted some of Palin’s e-mail messages, photos, and her address book on the Internet. However, the focus of this article stems from the technique used by the hacker (purported to be a student from the University of Tennessee) to access Palin’s e-mail.
The perpetrator was able to change Palin’s password by answering three security questions — her date of birth, home zip code, and where she met her husband — answers easily discovered through simple Google searches. Challenge-response systems like these are common security features used in self-service websites for resetting a forgotten password, like the site used by the hacker to reset Palin’s Yahoo! password and access her e-mail. Even K-State’s eID Profile system uses a challenge-response security question to facilitate self-service password resets. Continue reading “Choosing security questions/answers; lessons learned from Palin e-mail hack and password security”
In recent months, K-State has experienced a rash of compromised campus computers used by hackers to send tens or hundreds of thousands of spam messages to the Internet. Besides the embarrassment of having K-State labeled as a source of spam, some of these instances have resulted in K-State being placed on spam block lists where all e-mail from K-State is blocked. To remedy this problem, K-State intends to start blocking the protocol used to deliver e-mail off-campus on three selected portions of the network that typically have the largest percentage of compromised computers — the campus wireless network, and both the wired and wireless networks in the residence halls. This will only affect computers on these three segments of the campus network. All other network segments, including the guest wireless network (SSID=k-state.guest), will be unaffected.
This will take effect during the break between the fall and spring semesters. All students living in the residence halls will be notified about the change before they leave at the end of the fall semester. Continue reading “SMTP to be blocked on residence-hall networks and campus wireless”