Welcome to Smart Computing @ EKU!

Welcome to the website for EKU's IT security. We will be providing security education and guidance related to EKU's information technology environment. Our goal is a safe and secure atmosphere for teaching, learning, service, and the conduct of university business. In the event you can't find what you're looking for, email us at smartcomputing@eku.edu and we'll be happy to assist you. We hope this website will be useful to you.

Follow Us On Twitter!

We now have a Twitter account

that you can follow our updates on!

How did I get that???

A lot of times users are confused about where their security problems come from...what happened...who did this to me....etc. Do you to these things?

Do you surf the Internet without using a firewall program? There are alot of programs you can use, for example, ZoneAlarm is free for personal use. These programs must be trained with what may or may not access your computer (programs, websites, etc.) but can be extremely helpful in the fight against malware and viruses.
Do you ever update and run your antivirus program or your anti-spyware programs? You should update and run these WEEKLY, not just when you have a problem or suspect that you've become infected! Programs like Symantec Endpoint, Malwarebytes Antispyware, etc. are very helpful when it comes to fighting an infestation, however, you have to update and use them first!
Do you open every attachment you get in an email or from an instant message? Those are some of the most common places to hide viruses. What's especially nice about those in an email or an IM program such as AOL Instant Messenger or MSN Messenger is that they usually attack your address book...sending the virus on to everyone you have in your contact lists/buddy lists.
Do you click on everything? Have you ever received a link from a friend in your IM program and clicked on it without really knowing what it was or why it was sent...maybe the link was proceeded with "Check this out!" and you clicked? Or you saw something cool on MySpace or Facebook and clicked it? Those are more prime spots for viruses and malware and common infestation points!
Do you file share? Do you use P2P programs such as Limewire, Bittorrent, Frostwire, etc.? If so you're in trouble on two counts. First, most of the items shared on these programs are illegal and you can be caught and fined for that. Secondly, these shares are full of viruses and malware that will absolutely destroy your system and important files.
Do you use a wimpy password or the exact same password for all of your accounts? If so you're opening your door to hackers! Be sure your passwords are long (8+ characters), no words/names/common numbers like a phone number or birth date, etc. and that EVERY account you have (every email account, every login to a social networking site like MySpace or Facebook or Twitter) all have DIFFERENT passwords. You can use a program like KeePass to keep all your passwords in one safe location and only have to remember one to open that program to see all the others, in case you forget.

IE, Chrome, Safari duped by bogus PayPal SSL cert

EKU: September 2009 Data Exposure Incident

Website for more information

Phone number to call: 859.622.7777

Synopsis of incident from President Whitlock's email to the campus community on Wednesday, September 23, 2009:

I have been notified by the Eastern Kentucky University Computing Emergency Response Team (ECERT) that a file with names and Social Security numbers, along with other directory type information, was inadvertently posted into a directory on September 29, 2008, where it could have conceivably been accessed on the web. As you will read below, we have no evidence the file was accessed. This file included 5,045 names of faculty, staff, and student workers who were on the EKU payroll during the 2007-08 academic year. If you were not an active member of the faculty and staff or a student worker during this period, you are not affected by this email.

Phishing Email: Webmail Quota Has Exceeded The Set Limit

Obviously, don't respond to this because it is a phishing email:

Sent: Wednesday, September 16, 2009 11:21 AM

To: info@webmail.edu

Subject: Webmail Quota Has Exceeded The Set Limit

Your mailbox has exceeded the storage limit which is 20GB as set by your administrator,you are currently running on 20.9GB,you may not be able to send or receive new mail until you re-validate your mailbox.To re-validate your mailbox please CLICK HERE [Link deleted

Thanks

System Administrator

Phishing Scam: Wal-Mart & $150 Gift Certificate

Beware of this phishing email:

From: Walmart [survey@walmart.com]
Sent: Monday, September 07, 2009 9:44 AM
To: Steinmetz, Kevin F.
Subject: You Have Been Selected by Walmart to Win!

You have been selected to access the Walmart 2 Steps Survey and
win a $150.00 gift certificate.

Please click this link:
http://survey-walmart.org/complete/survey.html

And complete the form to receive your reward. Thank you.

This is an automated message. Please don't reply. Message ID:
0019362574-WMRTSRV.

Mac OS X v10.5.8 Update

Update

released for the Macs.

Could Twittering (or announcing information on other social networking sites) about your vacation put your home at risk?

An interesting article

about putting too much information out on the Internet for everyone!

Update your Firefox Browser

Today From US-CERT:

The Mozilla Foundation has released Firefox 3.0.13 and Firefox 3.5.2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, display misleading SSL information about a web page, intercept and modify encrypted communication, execute arbitrary JavaScript with chrome privileges, or cause a denial-of-service condition.

Mozilla Security Advisory for 3.0.13

Update Today!

Microsoft Critical Update Today

Note: This affects Internet Explorer,

Visual Studio, Windows Server, and Active X Controls!

Microsoft Security Bulletin MS09-034-Critical

Microsoft Security Bulletin MS09-035-Moderate

Microsoft Security Advisory (973882)

Information regarding this from US-CERT

Ransomware/FAKEAV

A new variant of the FAKEAV ransomware "terminates any executed file with an .EXE file extension and displays a pop-up message saying that the .EXE file is infected and cannot execute." (TrendMicro Malware Blog) First you'll see a fake warning when clicking on a link...one variant was a link off Google for the solar eclipse 2009 in America! Next begins the installation of the scareware/ransomware malware.

Scareware1

Scareware2

Useful Links

OnGuard Online from the FCC and others "provides practical tipes from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information.

Bleepingcomputer.com "is a community devoted to providing free original content, consisting of computer help and tutorials" that consists of a lot of good spyware removal information.

StaySafeOnline from the National Cyber Security Alliance is a website who's mission it is "to empower and support digital citizens and to use the Internet securely and safely, protecting themselves and the cyber infrastructure."

Berkman Center for Internet & Society at Harvard University is a site that has been "exploring cyberspace, sharing in its study & pioneering its development" for 10 years now.

Phishing Scam: Dear Eku Webmail user (Same message...different day)

Dear Eku Webmail user,

We are undertaking some essential to verifying our Eku webmail subscribers email account(s) , but extensive maintenance to improve Your First eku webmail Service. During the maintenance period, users will experience problems accessing their eku webmail account.

We are deleting all unused E-maill account, To confirm your account is currently in use and join in the recent maintainance taking place in the ercom webmail system, You must reply to this email by providing your email details in the details below. Failure to do this will immediately render your email address inactive from the database system.

To verify your eku webmail Login information Enter your information as require below

*USERNAME:
*PASSWORD:

Re-login to Validate Your eku webmail Account Information

Attention! If your account is not updated within Seven days after receiving this warning message, Your account will be permanently deleted.

We sincerely apologise for this inconvenience. Your account is in great shape and we are working to have it in a good state again as quickly as possible.

Thanks for using eku webmail account.

EKU WEBMAIL TEAM MAIL SUPPORT
Copyright © 2009 EKU WEBMAIL TEAM, INC. All rights reserved.

Phishing Scam: Confirm Receipt (June 26)

The latest phishing email to hit EKU:

June26PhishingEmailatEKU

Notice the use of the "stolen" EKU logo and the email address that "looks" legitimate? NOTE: Legitimate companies (for- and non-profits) don't ask for your personal/financial information (e.g., passwords, bank account/credit card information, Social Security numbers, etc.) via email. Also, never trust unsolicited contacts via emails, links, files, or over the telephone.

Are Your Search Terms Dangerous?

You don't have to search for porn or warez to become infected while surfing on the Internet.

The most dangerous web search term you can use is: screensavers. You have an almost 60% chance of becoming infected from these sites. Infections can include malware and viruses.

Download and read the complete PDF file from McAfee

Twitter Bible: All You Need to Know About Twitter

The page is listed here

and gives great information to cover Twitter usage. Great resource with etiquette information.

Under Attack!

Do you use Twitter--the wildly popular microblogging tool? If so, this article is for you. If you don't yet but plan to start using it, this article is for you!

Twitter recently found a Cross-Site Scripting (XSS) vulnerability in the Twitter application that was exploited by a 17-year-old hacker.

Two exploits seen on Twitter include:

stalkdaily which directs unsuspecting people to stalkdaily.com. Common twits seen:

Dude, www.StalkDaily.com is awesome. What's the fuss?
Virus!? What? www.StalkDaily.com is legit!

Mikeyy

which mentions this name over and over again. Common twits seen:

Man, Twitter can't fix shit. Mikeyy owns. :)
Dude! Mikeyy! Seriously? Haha. ;)
Dude, Mikeyy is the shit! :)
damn mikeyy. haha.
Twitter should really fix this...
Mikeyy I am done...
MikeyyMikeyy is done..
Twitter please fix this, regards Mikeyy
Wow...Mikeyy.

If you have become infected, here are instructions on how to remove from a TechRepublic blog:

How to remove

Even though the developers at Twitter have somewhat rectified the problem, there are still the infected profiles. So, I’ve looked around and found removal instructions for both the StalkDaily and Mikeyy variants of the worm on the Twittercism Web site:

In your browser, clear your cache and empty all of your cookies. (This can be found in your settings.)
Log out of TweetDeck or any external applications you are using.
Check the URL and location areas of your profile (in Settings/Account on Twitter.com) for evidence of any malicious scripts. It’ll be obvious - something you haven’t added to these areas yourself. If you find anything, remove it.
On Twitter.com, change your password.
Log back in.
Go back and delete any tweets sent by you recommending StalkDaily. This is important.
Report @stalkdaily in a tweet to Twitter’s @spam account as follows: @spam @stalkdaily.

What can you do to prevent this?

Instead of doing your Twitter business via the web, use a Twitter client like TweetDeck.
Avoid visiting profiles on twitter.com
Be wary of shortened URLs like those from tinyurl.com

Why use Twitter? Lot's of EKU areas are already using it:

ResNet

EKU News

EKU Dining

EKU Libraries

SGA