Content | Navigation |

NDSU IT Security

 

Alert!!!

 

LinkedIn Introduces Intro, allows them to read all your e-mail

LinkedIn the Online Social Networking site for business has recently introduced a new feature for the iPhone. Aside from integrating itself within the iPhone e-mail system, this new service claims to be a security feature by reading your email and then attaching a banner to your messages saying that the sender of your message is in your LinkedIn network.  There are many features like this that already exist, however, what is different in this instance is that your email goes through LinkedIn’s server first and not through an app on your phone.  LinkedIn has historically had problems with password control and have been implicated in a class action lawsuit with regard to e-mail hacking.

Please do not enable Intro on your phones, if you have please disable and change passwords for your NDSU credentials.

 

http://www.forbes.com/sites/jameslyne/2013/10/25/linkedin-intro-hack-here-for-juicy-data/

This year marks the 10th anniversary of the National Cyber Security Awareness Month put on by Department of Homeland Security and theNational Cyber Security Alliance.  The goal of which is to increase awareness of security problems and solutions to the general public.  Each day this month we will be posting a cyber-security tip on our page.  Please Share these tips and if nothing else follow a few of them.

October 30, 2013

Chrome, Firefox, Internet Explorer, Safari, whatever, they are all the same right, they just get the Internet to my eyes so why should I use one over the other?

The first browser was invented in 1990 and its name was WorldWideWeb, and thus the www before most Internet addresses, it was not until 1993 and Netscape came along that web browsing really started to take off. With the browser wars and Apple resurging in popularity did differences in browsers really start to take on a difference of opinions in the security community.

Browsers essentially take computer machine code and make it available for people to read it, and being written by people to do this, naturally there have been mistakes in the way the browser was written or even essential designs into how the browser interacts with the underlying operating system. Thus the entrance of browser exploits. There have been some very bad browser exploits that allow operating system level commands to be run on a computer from a webpage, and most modern browsers have run into these problems.

So, which one do you use and trust? Ultimately, its your choice, however, there are a few caveats I’ll put on here.  When you are using an Internet browser:

·         Be Up To Date – Use the latest version of your browser software and keep it up to date.

·         Be Careful What You Click On – All the security locks in the world are not going to do you any good if you let the bad guys in the front door.

·         Be Vigilant – Read the warnings that a browser gives you, find out why you have a broken key icon on some page, why does my toolbar flash yellow, what does a certificate error mean.

·         Keep Your Helper Applications Up To Date As Well – Third party applications like Java make the Internet appear the way it does, but also can allow some bad stuff to happen if they are old.

These tips should keep your Internet experience a little bit safer and keep the content that you wish to view in your field of vision.

 

http://www.us-cert.gov/publications/securing-your-web-browser

SANS Securing the Human

Educause Security Awareness

 

 

NDSU IT Security Updates

April 15, 2014

Heartbleed - Change These Passwords Now

The Internet was stunned to learn of a significant vulnerabilty to security this last weekend.  OpenSSL, an application that is used by software and services throughout the Internet for authorization of legitimate websites was found to have a core flaw.  Essentially anyone from anywhere could send a specially crafted packet to a service or site using OpenSSL, asking if the server is still accepting communications and the server would return up to 64 Kilobytes of what was in its memory at the time of request.  This return could be username and passwords, or documents, or even security certificates.  The OpenSSL foundation responded and fixed the core code of OpenSSL, but there are still hundreds of thousands devices, or services that still are running the oldversion of the software.  Please check with devices in your area and change passwords to protect your security

http://heartbleed.com/

December 5, 2013

Over 2 Million passwords to popular webpages discovered.

In Mid June, Trustwave Spiderlabs researchers were able to view information in the Pony Botnet controller that indicated that there were over 650,000 website credentials that had been harvested by this particular botnet, which, is fairly widespread.  On Tuesday they announced that upon a more detailed look that over 2 million passwords have been harvested by this botnet.  Many of these services have now been notified and they are taking corrective action on those accounts that have been compromised.

 

 


Student Focused. Land Grant. Research University.

Follow NDSU
  • Facebook
  • Twitter
  • RSS
  • Google Maps

North Dakota State University
IT Help Desk Phone: +1 (701) 231-8685
Administrative Calls Only: +1 (701) 231-7961 / Fax: (701) 231-8541
Campus address: Quentin Burdick Building 206
Physical/delivery address: 1320 Albrecht Blvd, Fargo, ND 58102
Mailing address: NDSU Dept. 4510 / PO Box 6050 / Fargo, ND 58108-6050
Page manager: Information Technology Services

Last Updated: Tuesday, January 10, 2012