Category: Security

Accounts and Passwords, Email, Security

Password Requests via Email = Bogus!

Nick

On a regular basis, the Swarthmore community receives emails from malicious individuals requesting their passwords and sometimes other personally sensitive information. These emails are often cleverly disguised to look like they originated from an official source such as ITS. These attacks on the community are known as “phishing”. {For more info, see http://en.wikipedia.org/wiki/Phishing} Unfortunately, when community members respond to these bogus password requests, it results in their email accounts being used (almost instantaneously) to send massive quantities of spam to the Internet. {See a blog entry from this summer: Email, Spam & Undeliverable Messages } Further, this can result in … Continue reading Password Requests via Email = Bogus!

Email, Security

Email, Spam & Undeliverable Messages

dtedesc1

The College’s mail servers receive approximately 4 million messages a month. of which, roughly 60% are spam. It’s quite clear why scanning inbound messages for spam and viruses is desirable. These message are stopped by our scanning service and are never delivered to our servers. That’s why you need to log in to an external service to take any further action on those messages. You can configure this scanning to always deliver, or whitelist, particular addresses or domains, ie, allow everything from vassar.edu. Plans are being made to implement outbound message scanning. The College’s servers don’t send out a huge … Continue reading Email, Spam & Undeliverable Messages

Email, Faculty/Staff, Security

Microsoft Security Update Spam in Circulation

Nick

DO NOT open any email claiming to be a Security Update from Microsoft. Email users in the Swarthmore community are reporting that email pretending to be from microsoft.com is currently in circulation. The subject of the email claims that it contains information about an important security update. Below is one example of the subject line being reported (other variations may exist): Important update from Microsoft Windows XP/2003 Professional Service Pack 2 (KB946026) The file associated with these emails has been confirmed as malware and initially looks like it could be used for “keylogging” (i.e., keeping track of every key a … Continue reading Microsoft Security Update Spam in Circulation

Faculty/Staff, Help Desk, Security, Software, Tips

Time for QuickTime Updates (and more)

Nick

Late last week, Apple released some security fixes for its QuickTime application so users (any platform) should update to the latest version (7.4.5) as soon as they can. This latest update fixes eleven assorted security vulnerabilities. Users who have QuickTime configured to check for updates automatically just need to enable the installation. Otherwise the update can be found at: http://www.apple.com/support/quicktime/ While on the topic of application updates, it’d be worthwhile to verify your current versions of Adobe Acrobat, Firefox, Opera, OS X, etc. against the most recent versions available. There have been security updates released for these packages in the … Continue reading Time for QuickTime Updates (and more)

Faculty/Staff, Help Desk, Security, Software, Students, Tips

McAfee SiteAdvisor Makes Safe Surfing Easier

Nick

McAfee SiteAdvisor is now bundled with Swarthmore McAfee Anti-Virus/Anti-Spyware Version 8.5 for Windows PCs. You’ll know that SiteAdvisor is running on your PC if you notice an icon like the following on your Internet Explorer (shown) and/or Firefox browser: SiteAdvisor visually indicates whether a web site you’re visiting has been determined to be safe or otherwise. The SiteAdvisor icon will be one of the following colors: green – the site has been judged by McAfee to be safe yellow – the site has user feedback indicating it may not be safe red – the site contains malicious software, downloads or … Continue reading McAfee SiteAdvisor Makes Safe Surfing Easier

Email, Security

Happy Valentine’s Day?! Join a Botnet!!

Nick

Malware writers are hoping that you’ll open that Valentine’s Day card they sent you. Unfortunately, in addition to a greeting, the seemingly innocent “card” will be downloading malicious software to your PC. Once downloaded, your PC will become a bot, or drone, and will then join a “botnet“. The good news is that these trojan Valentine’s Day cards require you to click on a URL link within the email. That link will then show you festive images (below) while it downloads malicious software such as ‘valentine.exe’. The downloads are constantly changing (morphing) so as to avoid detection by anti-virus software. … Continue reading Happy Valentine’s Day?! Join a Botnet!!