Today people have reported problems reaching some external sites, such as Github, Qualtrics, Twitter, etc. This is do to a major Denial of Service attack that targeted external DNS servers, and not Swarthmore itself. Please read the link below for more information:
There are three easy actions you can take to immensely enhance the data protection capabilities of your “iDevice” and your investment in it. These are particularly important if you access any College or personal data with your device.
1) Use an alphanumeric passcode
iPads and iPhones can actually encrypt the data they contain! However, to utilize this capability, a passcode has to be set. Although a four-digit passcode will minimally suffice (there’s software available to easily crack these), the best option is to enable the use of alphanumeric passcodes. This is done by going into Settings and then selecting General in the Settings list. Touch the ‘Passcode Lock’ item in the right hand column.
If the Passcode Lock is not yet enabled, select the ‘Turn Passcode On’ option and set a passcode. Then, next to ‘Simple Passcode’, select Off. You will need to enter your existing passcode and then you will be presented with a keyboard to enter a new alphanumeric passcode (be sure to also save it somewhere safe in case you forget it).
2) Enable the free device locator with the “Find My iPhone” app
This is a great free app/service that allows you to locate your missing iDevice if misplaced or stolen. In addition to showing where your device is on a Google map, you can also remotely lock the device, play a sound, display a message or even wipe all of its data. (note that Location Services, in Settings, does need to be enabled for this to work, see below)
Start by going to the AppStore and downloading the “Find My iPhone” app (it works for iPod and iPad too). After installing the app and starting it, you will be asked for your Apple ID and password (see below).
Once you log in, your application will begin locating your iDevice and you can view its location on a Google map.
Once your device is located, you can have it play a sound (great if you misplace it in a home or building), display a message and even wipe its contents.
Now if you should unfortunately lose or misplace your iDevice, you can run the Find My iPhone app on a different iDevice, log in with your Apple ID and you should be able to locate your lost iDevice along with the option of taking additional actions.
3) Encrypt your iTunes backups
You’re already backing up your device to your Mac or PC. However, that data may often include sensitive or personal information. The backup will also contain login credentials for apps, websites, email and even VPN. In many cases, this data can be extracted from the backup files. To avoid this, you should encrypt your backup files. This is done automatically for you every time you backup via iTunes. Within iTunes, and with your device connected to your computer, locate the options for the device (see below) and click on ‘Encrypt iPad backup’.
Some of you may have heard that a significant security vulnerability was disclosed recently that affects pretty much all versions of Java. Oracle (who now owns Java) seemed to be dragging their feet on providing a fix until they felt some heat from the U.S. Government. A fix was made available today but only for users of Java version 7. Java runs on all operating systems so Mac users are impacted along with PC users. Note: there won’t be a fix available for Mac users with Snow Leopard or earlier so your best option is to totally disable Java.
How do you know if you have Java installed?
Click on this link to find out: http://www.java.com/en/download/installed.jsp
Unfortunately, a number of us require Java for applications that we use at work (including for web apps like GoToMeeting and WebEx). So, if you absolutely must keep Java installed, you should strongly consider disabling Java in all your browsers except the one that you access Java-based applications with. Use that one browser just for your Java-based applications. Use your other browsers, the ones with Java disabled, to access the Internet.
Below are steps to disable Java in all browsers except Internet Explorer (so IE is a good choice for the browser where Java is left enabled).
1. Click on the Firefox tab (or Tools) then and then select Add-ons
2. In the Add-ons Manager window, select Plugins
3. Click Java (TM) Platform plugin to select it
4. Click Disable (if the button displays Enable then Java is already disabled)
1. Choose Safari Preferences
2. Choose the Security option
3. Deselect Enable Java
4. Close Safari Preferences window
1. Type about:plugins in the browser address bar.
2. In the Plugins panel, scroll to the Java section. Click Disable to disable the Java Plug-in.
3. Close and restart the browser to enable the changes
While you’re diligently dealing with this Java mess, you should go ahead and update your installed Adobe products (Reader, Flash and AIR) and install the most recent Microsoft patches (for Windows machines). Significant security vulnerabilities in these software packages were also patched recently and should be installed as soon as possible.
With all these patches needing installation for various applications, it’s difficult to keep track. I still recommend using BrowserCheck from Qualys (browsercheck.qualys.com) for what amounts to a quick, one-click assessment of missing security patches on your Mac or PC. It’s free and there’s no registration required. I’ve written about BrowserCheck previously here:
In summary, if you don’t need Java, get rid of it.
In time for “cyber Monday”, below is a quick video with some great tips (thanks to the folks at Kaspersky anti-virus) to protect your computer (and yourself) while shopping online this holiday season. Most of the tips have been covered on this blog before but this is a great refresher.
Some of the tips include:
– keeping your operating system, anti-virus and browsers up to date with the latest patches/updates
– using known, reputable online retailers
– it’s better to use a credit card rather than a debit card
– if you’re using wireless, make sure it’s secure
Stay safe this holiday season and always!
Your Swarthmore “credentials”, the combination of your Swarthmore email address and password, should only be used with Swarthmore College on-line services. These credentials should never be used for personal accounts at non-Swarthmore websites.
Websites are regularly compromised and users email addresses, along with passwords, are subsequently stolen. A short list of popular websites that were recently compromised follows:
The Student Room
If you use your Swarthmore credentials for a non-Swarthmore account and that website gets hacked, your Swarthmore on-line services would then be readily available to the attacker(s). Since lists of compromised accounts are often sold or simply pasted on-line for anyone to access, it’s only a matter of time before someone is using them to gain access to your account.
So, to keep your Swarthmore resources private, don’t use your Swarthmore email address and password at other third party sites. Use different login credentials for all your personal accounts.
Do you accept a lack of privacy as the price for being on the Internet?
For being connected to everything, everywhere?
Think you have a good idea of what sites are tracking your browsing behavior?
You might want to check out the recent TED talk by Gary Kovacs, CEO of Mozilla (developers of Firefox). The video is only six minutes long and Gary succinctly describes the privacy infringements we all face daily.
Besides running up to date Anti-virus, one of the best ways to keep your computer from becoming infected (and then losing access to it while it gets re-imaged, etc.) is to keep your Operating System and applications up to date. Over the past few weeks, most major vendors have updated their software. If you run applications from any of the following vendors, you should upgrade that software as soon as you possibly can:
Mac OS/X and iOS
Adobe Reader, Flash, Shockwave, etc.
Mozilla Firefox & Thunderbird
Apple Quicktime & Safari
Below are some past, but still very applicable, Security blog articles which discuss keeping your computer software up to date:
As described in one of the articles above, browsercheck.qualys.com provides a quick one-stop check for determining your application versions and upgrading them. And, you don’t have to sign up for anything!!
The following video serves as a reminder that this is the time of the year to be extra vigilant for phishing emails and other Internet scams. This video is courtesy of some talented folks at the University of Rochester.
Bet you have trouble getting this tune out of your head…
Phishing remains an ever popular way to get computer users to install malicious code or visit sites that they didn’t choose. Many of the phishing attempts here at Swarthmore seem to fall into one of two categories:
– Email account and/or password related
– Government related (i.e., IRS, Federal Reserve, ACH, etc.)
It should be pretty easy to recognize the first category since Swarthmore ITS will never ask for your password in an email and will never disable your email account while actively enrolled at or employed by the college.
As for emails that appear to come from the U.S. Government, the question to ask yourself is whether the sending organization (typically spoofed) actually has your Swarthmore email address? Also, would that organization really try to reach you by email without prior contact by you?! I’m pretty sure the Federal Reserve Bank doesn’t maintain a list of Swarthmore email addresses!
Phishing emails typically try to elicit an immediate reaction from you (say, panic) so that you’ll click on the provided link or open the attachment without thinking. Next time you get one of these emails, ask yourself the questions above and whether the situation makes sense. And, if you’re still unsure, don’t hesitate to check it out with Client Services or me.
You also have a better chance of spotting faked URLs (web page links) in email if you display them as text rather than HTML. For more on reading email as text, see this blog article.
There’s a whole page of prior phishing attempts against the community here and below are some recent phishing email Subject lines (note spelling errors):
Your Tax Return
Federal Tax Transaction Cancelled
Western Union transfer is available for withdrawl
Facebook Password Reset Email Issue
Treasury Inspector General for Tax Administration
Notice of Underreported Income
etc. , etc., etc.