:SecureIT!

There is an excellent article written by Destiny Aquino in the April 23, 2010 issue of The Brandeis Hoot about Facebook privacy and what an individual can do to manage who can see information that they choose to post on Facebook:
http://thebrandeishoot.com/articles/7995  

In addition, overnight Facebook announced a new feature called “Instant Personalization” which changed one of its default privacy settings.  Now certain websites will be able to “personalize your experience using your public Facebook information.  This includes your Name, Profile Picture, Gender, Current City, Networks, Friend List, and Pages”.  The new default setting will allow these sites to “access any information you have made visible to Everyone … as well as your publicly available information.

Brandeis LTS Information Security recommends that every Facebook user review information on the Electronic Frontier Foundation website and make sure that your privacy settings are consistent with your choice of whether or not to reveal such information about yourself:
https://www.eff.org/deeplinks/2010/04/how-opt-out-facebook-s-instant-personalization

Dennis Devlin
Chief Information Security Officer
Libary and Technology Services
Brandeis University

No Comments

Brandeis Information Security has recently received questions about Facebook privacy settings and whether or not University administrators can see what individuals post on Facebook. The answer depends entirely on how an individual has configured the privacy settings on their Facebook account.  University administrators have no ability whatsoever to override an individual’s Facebook privacy settings.

As stated on the Facebook website , “there are three basic levels of privacy: Friends, Friends of Friends, Everyone. You also have a set of public information, which helps your friends find and connect with you: your Name, Profile Picture, Gender, and any Connections you’ve made. This includes the friends, networks and Pages you’ve chosen to connect to. You also always have control over who can see your Connections on your profile.”

Brandeis Information Security strongly recommends that every Facebook user explicitly configure their privacy settings to reflect their individual preferences as to how their information is made available to other Facebook users.  When in doubt, it is always safer to be more restrictive with what information you expose on Facebook.

More detailed information about configuring your Facebook privacy settings can be found at:
http://www.facebook.com/privacy/explanation.php?

or if you have additional specific questions please contact us at security@brandeis.edu.

Dennis Devlin
Chief Information Security Officer
Brandeis University

1 Comment

This afternoon many members of the Brandeis community received a fraudulent email message claiming to be from UPS regarding a delivery problem.  The message contains a ZIP file claiming to be an invoice and requesting the recipient to open and print the content.  The ZIP file contains malicious software that will infect the recipient’s computer if opened.  Do not open the ZIP file attachment under any circumstances

The message should be moved to your email Junk folder or deleted.  If anyone accidentally responds please change your Brandeis password immediately and notify the Help Desk or Information Security.

Thank you for continued cooperation not responding to these.

Dennis Devlin
Chief Information Security Officer

George Moore
Information Security Architect

Brandeis University Library and Technology Services

Sample of Fraudulent Email Message Follows:

——– Original Message ——–
Subject:     UPS Delivery Problem NR.4504225
Date:     Thu, 8 Apr 2010 13:42:23 -0500
From:     Support Orval Crowley <manager@ups.com>

To:     <name@brandeis.edu>

Hello!

Unfortunately we failed to deliver the package you have sent on the 27th of February in time
because the addressee’s address is incorrect.
Please print out the invoice copy attached and collect the package at our office.

United Parcel Service of America.

1 Comment