:SecureIT!

What is going on?

A new flaw in Internet Explorer was recently discovered in the possession of people with malicious intentions. This flaw gives attackers the ability to silently install programs after a victim simply views a web site or email. Microsoft were unaware of the flaws existence at the time of this discovery. They have not yet released a security update to correct the problem but we’re expecting one soon. Now that this information is out in the public eye we can be certain that many more attacks will soon surface using the exact same flaw in Internet Explorer.

What Can You Do?

One easy approach is to simply avoid using Internet Explorer until a security patch is released. Most of us already have an alternate browser installed. If you don’t try installing Chrome or Firefox.

Another more complex option is to install the Enhanced Mitigation Experience Toolkit (EMET). This toolkit can add additional security measures to individual processes on your system. To use EMET to protect Internet Explorer follow these instructions:

1. Download and install EMET

2. Open EMET by clicking Program Files => Enhanced Mitigation Experience Toolkit => EMET 3.0

3. Click the Configure Apps button

4. Find iexplore.exe and click the Open button. Typically located at C:\Program Files\Internet Explorer\iexplore.exe

5. Click OK and close EMET.

What is Information Security Doing?

We’re running intrusion detection systems that inspect our network use for this attack. If we see any attacks we immediately investigate further. We are also regularly testing of our network in search of many different security problems.

Please send any questions to the Information Security mailbox security@brandeis.edu.

Stay Safe,
George Moore
Senior Information Security Architect
Brandeis University

No Comments

Flashback is a family of malicious programs written for Mac computers that initially surfaced back in September. A recent version of Flashback takes advantage of a security flaw in Java software to silently install the malware. By taking advantage of this flaw Flashback has compromised over 600,000 Macintosh computers.

Apple has since released an update that corrects the security flaw in Java. To avoid becoming a victim update your Mac to the latest version. Click the Apple Menu => Software Update to make sure you have all of the latest security patches.

If you suspect your computer is compromised contact information security by sending a message to security@brandeis.edu.

Stay Safe,
George Moore
Information Security Architect
Brandeis University

No Comments

An updated version of Symantec Endpoint Protection has been posted for download. This update contains minor bug fixes addressing false positive detection of Bloodhound and Trojan.gen. Downloads are available at software.brandeis.edu.

Stay Safe,
George Moore
Information Security Architect
Brandeis University

No Comments

When deleting files from your computer the information is not gone for good. The space that once held your files is simply marked as usable for storing new data. Until this space is overwritten with new information the deleted files still exist.

Deleted files can be restored using a forensic methodology known as file carving. Tools such as Scalpel and PhotoRec are available for this purpose. Knowing how file deletion really works you’re probably wondering; How do I permanently delete files?

Windows XP/Vista/7:

Download and install the open source tool Eraser.When prompted for setup type select typical.

Delete individual files and folder by right clicking and selecting Eraser => Erase.

 If you have previously “deleted” files using the Recycle Bin or delete key Eraser can make sure these files are really gone. This is useful for securely re purposing external storage such as USB drives.

drive open Eraser => click on Erase Schedule and select New Task.

Select the button next to Run immediately and then click the Add Data button

Select the button next to Unused disk space => select your device from the drop down menu => click OK.

You will now see a screen displaying progress.

Apple OSX:

Move individual files or folders to the trash as you would normally. Then open the Trash folder and click Finder => Secure Empty Trash.

If you previously deleted files but did not use the secure method you can make sure these files are really gone by doing the following. Open Finder => open Applications => open Utilities => open Disk Utility. Find and select your drive from the left hand column and click the Erase button.

Click the Erase Free Space… button. Select 7-Pass Erase of Deleted Files. If your information is very sensitive 35-Pass Erase of Deleted Files.

Stay Safe,
George Moore
Information Security Architect
Brandeis University

No Comments

A few days ago a reliable privileged escalation vulnerability was found in recent versions of the Linux kernel. Point and click exploits are showing up around the web and someone even created an Android version. Exploitation requires that attackers have access to a non privileged account; thus systems with many users are at the highest risk.
The vulnerability effects kernel version kernel version 2.6.39 and above. To check which version of the Linux kernel you are running use the command uname -a. If you are running Red Hat Enterprise Linux version 6 kernel 2.6.32-220.el6 and above are vulnerable.

George Moore, Information Security Architect
Brandeis LTS Information Security

No Comments

INCREASED PHISHING ATTACKS THAT REFER TO OSAMA BIN LADEN

Following major news events it is common for criminals to take advantage of increased media attention and use popular topics to carry out directed phishing attacks known as “spear phishing”.  The recent news regarding Osama Bin Laden is no exception.

Such email messages often contain links that purport to point to exclusive photos, videos, or stories.  The links instead point to malicious websites that will infect your computer with malicious software.

Here are some things that you can do to protect yourself:

1.       Be wary of unsolicited links or attachments, even from people that you may appear to know.

2.       Keep you operating system, browser, and applications up to date, especially Adobe and Java.

3.       Trust your instincts.  If you have doubts about messages, links or attachments don’t open them.

4.       Turn off options to automatically download attachments in your email client and browser.

ARE MACS REALLY IMMUNE FROM MALWARE?  THE ANSWER IS NO…

Many Macintosh users believe that because they use a Mac they don’t need to worry about malware.  Unfortunately, as Macs have become more popular that is no longer the case.  LTS Information Security has received reports about a fake antivirus program called Mac Defender that is aimed specifically at Macintosh users.  There have already been several infections on campus.

Fake antivirus programs, which primarily affect Windows PCs, display fake pop-up virus warnings in order to scare the user into buying the “full” version of the software.  Of course there is no full version.  It is simply a scam to steal your credit card information.

Users are infected after clicking on the results of searches they’ve done.  Many of infections have been associated with searches for images related to recent news events as mentioned above.  The victim is then redirected to a website that shows a fake malware scan and are told that their computer is infected.  In the background the malware is downloaded.

Here are some things you can do to protect yourself:

1.       Use the latest version of Firefox instead of Safari.  Older versions of Safari automatically download and open files that are considered to be “safe”.

2.       If you must use Safari please disable the option to “Open ‘safe’ files after downloading”, which is enabled by default.

3.       Beware of any website that prompts you to enter your administrative password or your credit card information.

4.       If your Mac becomes infected contact the Brandeis Help Desk at 6-HELP for assistance.

If you have questions or see suspicious content report it to security@brandeis.edu.

Dennis Devlin, CISO
George Moore, Information Security Architect
Brandeis LTS Information Security

No Comments

Each year at about this time we see an increased number of email scams that take advantage of the winter holiday, holiday shopping season and increased travel by family and friends. 

We would like to remind the Brandeis community to remain cautious when receiving suspicious, unsolicited email messages that may include:

• email messages allegedly from family or friends that claim the sender is stranded in a foreign country and requires an immediate wire transfer of funds
• requests for charitable contributions that may be phishing scams and may originate from illegitimate sources claiming to be charities
• electronic greeting cards, screensavers or other forms of media that may contain malware
• credit card applications that may be phishing scams or identity theft attempts
• online shopping advertisements that may be phishing scams or identity theft attempts from bogus retailers

US-CERT and the Brandeis Information Security team encourage the Brandeis community to use caution when encountering these types of email messages and take the following preventative measures to protect themselves:

• Do not follow unsolicited web links in email messages.
• Use caution when opening email attachments. Refer to the Using Caution with Email Attachments Cyber Security Tip for more information on safely handling email attachments.
• Maintain up-to-date antivirus software.
• Review the Federal Trade Commission’s Charity Checklist.
• Verify charity authenticity through a trusted contact number. Trusted contact information can be found on the Better Business Bureau National Charity Report Index.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks Cyber Security Tip for more information on social engineering attacks.
• Refer to the Shopping Safely Online Cyber Security Tip for more information on online shopping safety.

Have a safe holiday season, and feel free to contact us at security@brandeis.edu of you have any questions or encounter any suspicious email messages.

Dennis Devlin, Chief Information Security Officer
George Moore, Information Security Architect
Library and Technology Services
Brandeis University

No Comments

As you know, it is extremely dangerous to reveal sensitive information (like your User ID and password) in the clear on an unencrypted public network.  Most web applications use HTTPS encrypted sessions for authenticating.  Some other popular web applications do not.

• A new hacking tool called Firesheep was recently released that makes it very simple to hijack HTTP sessions on unencrypted networks.  It is a Firefox browser extension.  Anyone using Firesheep to hijack someone else’s web session is committing a crime and subject to arrest and prosecution. 
• If you use Facebook, Twitter, YouTube, Paypal or any web application that does not use HTTPS for authentication avoid using them on unencrypted wireless networks unless you take the additional steps described below.

What You Can Do To Protect Yourself 

• On the Brandeis campus we have multiple wireless networks.  Students, faculty and staff should always use the brandeis_secure wireless network which is encrypted and requires registration.  Other Brandeis wireless networks are unencrypted and are intended for guests and visitors on campus.
• If you must use an unencrypted wireless network off campus use Firefox and install an extension like HTTPS Everywhere http://www.eff.org/https-everywhere which will encrypt all of your browser traffic over any network.

If you have questions about this please contact the Brandeis Help Desk at 781-736-HELP or Brandeis Information Security at security@brandeis.edu.

Dennis Devlin
Chief Information Security Officer

George Moore
Information Security Architect

Brandeis University Library and Technology Services

No Comments

Just a reminder, if you receive a suspicious email message containing an attachment or a web link, DO NOT OPEN IT!

Over the past two days another huge wave of malicious email that can damage your computer has been seen on the Internet.  According to ABC News, Fox News and other online news sources the infection disguises itself as a simple e-mail message with varying subject lines and replicates itself by tricking you into clicking a link or an attachment in the e-mail message’s body.  Then it can disable anti-virus products stored on your computer and send copies of the original, malicious message to all the contacts in your e-mail address book.  It can also spread to the local network surreptitiously copying itself to the shared hard drives of machines.

You would never open a suspicious package delivered to your home.  You should handle email attachments and web links the same way.

What YOU Can You Do to Protect Yourself and Brandeis

• Keep you operating system patched, and keep your anti-virus software and signatures up to date.
• If you receive a suspicious email message, forward the message to security@brandeis.edu, mark it as spam and then delete it.  (That will help to update our email filters.)
• DO NOT EVER reply to, click on a web link, or provide personal information in response to suspicious email of any kind. 
• If you accidentally respond to phishing CHANGE YOUR PASSWORD immediately and call the Help Desk.  Your computer should be checked for infection as soon as possible.

Dennis Devlin
Chief Information Security Officer

George Moore
Information Security Architect

Brandeis Library and Technology Services

No Comments

At the beginning of each school year major universities are frequent targets of Internet fraud.  This year is no exception.

During the past week many members of the Brandeis community have received fraudulent email messages (phishing) falsely claiming that “you have reached the limit on your web mail service” and requesting that you “click on the link below to reset your account”.   Clicking on the link in the message brings up a screen that asks you to enter your Brandeis user ID and password, and possibly other confidential information.  These messages are from criminals.

Brandeis will NEVER ask you for your user ID, password, or confidential information in an email message.  

If you provide the information, criminals will immediately log into your account, steal any confidential information that they can find, and then begin using your account to send more phishing emails.  The recent attacks have come from multiple email addresses, including several Brandeis accounts that were compromised in this way.

No Comments