Category: Information Security
Oct. 8 Information Security Awareness Week – Free Document Shredding
This message is from: Quinn Shamblin / Executive Director of Information Security
Wednesday, Oct. 8
11 a.m.-1 p.m.
Talbot Building Green
As part of the Fourth Annual Information Security Awareness Week, BU Information Security will be bringing a shredding truck to locations around BU. We will be accept your sensitive documents (both personal and work) and ensure they are immediately shredded. If you have any paper containing sensitive information, CDs or old floppy disks that you would like to have destroyed, bring them that day. BUMC IT will also help you dispose of old computer hard drives, or even entire computers or laptops.
As described last week in a BU Today article, members of the BU community were recently victims of phishing; and IS&T has again received several reports of a phishing message being received by members of our community like the one below.
We believe the scammers are trying to use the fact that they were successful last time to continue and extend their crime. The message to watch out for claims to be from BU Security and talks about protecting you from the evils of phishing. You can tell the message is a fake because it claims to be from BU, and even uses the BU logo, but it is pointing you to a link that is not a bu.edu link.
A real BU link will always have “ .bu.edu/ ” in it. There is always a dot before bu and a slash after edu, as shown below.
Other things to watch out for:
- If you are prompted to Web Login, make sure it is the authentic BU Web Login page which begins with https://weblogin.bu.edu/something
- Remember that BU will NEVER ask you for your password or ask you to “verify” it; nor would any other legitimate business or institution. It is important that you safeguard your passwords and never give them to anyone.
For more good ways to detect phishing, go to: www.bu.edu/infosec/howtos/how-to-detect-phishing/.
Additional information on phishing is provided by IS&T at www.bu.edu/tech/phishing.
Making your spam/phishing filter more effective
Mail that is clearly spam is filtered for you, automatically. However, one person’s spam might be another person’s research project, so other messages are simply tagged as suspicious and then allowed to go through. You can decide how to handle suspicious mail that does get through, following the tips for Managing Spam provided by IS&T at www.bu.edu/tech/comm/email/unwanted-email/spam/.
If you see a phishing message, please send it and full headers to firstname.lastname@example.org. For details on how to do this, see www.bu.edu/tech/comm/email/unwanted-email/report-abuse/.
BUMC IT and Information Security is sponsoring several events on the BU Medical Campus Oct. 9 and 11, so mark your calendar. This coincides with Information Security Awareness Week!
Take this opportunity to get sensitive papers out of your office and get them properly destroyed. A shredding truck will be on the BU Medical Campus located between BUSM and BUSPH, adjacent to Talbot Green, Oct. 9, 11 a.m.-1 p.m. BUMC IT and Information Security personnel will be available to accept custody of your sensitive paper documents and ensure they are immediately shredded. CDs or old floppy disks will also be accepted and destroyed.
Hard Drive and Computer Disposal
Personnel will also be available to answer questions about computer and IT security, and will accept old computers and hard drives at a table near the Shredding truck on Wednesday, Oct. 9 and in the BUSM lobby Friday, Oct. 11, 11 a.m.-1 p.m.
If you have questions or need more information about this event contact the BUMC IT Service Desk at 617 638-5914 or email email@example.com.
BUMC IT and BU IS&T Information Security will be sponsoring a paper shredding day, Thursday, June 13 from 10am to 1pm along the Talbot Green. Bring any work related or personal documents that you would like to have securely shredded on site at the shredder truck. We will also have an area nearby where you can drop off computer equipment you would like recycled as well as hard drives you would like destroyed.
When will this change happen?
Monday 10/29 through Friday 11/2
*Due to Hurricane Sandy this update will only take place Tuesday 10/30 through Friday 11/2
What is changing?
McAfee is being upgraded from an unmanaged installation to a managed installation using McAfee ePolicy Orchestrator (ePO)
If you do not have McAfee installed it will not be installed on your system this is only an upgrade to existing McAfee installations.
Why is this change happening?
- McAfee ePO allows BUMC IT to set the same antivirus policies on all Windows computers
- McAfee virus definition updates can be pushed out and updated to ensure your computer has the most recent version instead of relying on a set schedule that requires your computer to be on when it is scheduled
- Virus infections will be reported back to a central server so threats can be analyzed by BUMC IT staff
- New versions and patches to McAfee can be quickly deployed to all computers to reduce errors and improve the functionality of McAfee
- Computers which have McAfee disabled and/or who have outdated virus definitions can be identified then updated by BUMC IT staff before they are infected
What change will I see?
In the lower right corner of your computer (near the clock) you will see the following icon meaning your computer has McAfee antivirus installed.
After the upgrade, the icon will change to this.
*If you don’t see either McAfee shield above on your computer please contact the BUMC IT service desk at 617-638-5914
What computers are affected by the change?
All Windows computers that have been setup and are managed by BUMC IT will have McAfee Antivirus installed. Computers that have been setup and are managed by BUMC IT will have one of the following tags on them. If you are on a BMC computer you are not affected by this change.
If you have any questions about the change please feel free to contact the BUMC IT Service Desk at 617-638-5914
Win cash, gain experience, and earn international recognition with one short video or a poster!
The EDUCAUSE & Internet2 Higher Education Information Security Council (HEISC) is conducting a contest in search of short information security awareness videos and posters developed by college students for college students. The contest seeks creative, topical, and effective videos (two minutes or less) and posters that focus attention on information security problems and how best to handle them.
Winners will receive cash prizes, and their videos and posters will be featured on the HEISC website (www.educause.edu/security). The winning videos and posters may be used in campus security awareness campaigns.
A gold, silver, and bronze prize will be awarded in three categories—training films of two minutes or less, 30-second public service announcements (PSAs), and posters—for a total of nine cash prizes. Honorable mention prizes will also be awarded.
Cash prizes for videos
- Gold: $2,000
- Silver: $1,500
- Bronze: $1,000
Cash prizes for posters
- Gold: $1,500
- Silver: $1,000
- Bronze: $500
Deadline: March 8, 2013.
For more information, visit http://www.educause.edu/SecurityVideoContest.
BUMC IT will be in the BUSM Lobby on Monday (10/1), Wednesday (10/3) & Friday (10/5) from 11am-2pm to provide information and answer questions about information security as well as help you properly get rid of old computer hard drives. Bring your old computer hard drives or magnetic tapes, etc. and BUMC IT will ensure your data is securely destroyed.
Even more, you can bring your whole computers or laptops and BUMC IT staff will remove the hard drive for you and make sure hard drive and computer are properly disposed of.
All BUMC faculty staff and students are invited to stop by.
Avoid being a victim of phishing! If you are ever unsure whether an e-mail you receive is legitimate or if you receive an e-mail messages that is abusive or harassing in nature, you can forward it to firstname.lastname@example.org for verification. Read the following tips to protect yourself from phishing…
A new zero-day vulnerability in Java—a Poison Ivy variant—has been discovered and exploits have been found. The flaw affects all versions of Oracle’s Java 7 (version 1.7) on all supported operating systems. No patch is available at this time. Java 6 and earlier are currently unaffected (although that will possibly change soon).
If your computer is managed by IS&T using KACE or is running Blackboard, it should be running Java version 6 and is currently not affected by this issue.
Find out if your computer can be exploited: www.isjavaexploitable.com
In order for this vulnerability to be exploited, you have to visit a web page or follow a link to an infected site. If your computer has been exploited, the software can do anything with your computer that you can.
- If you are not using any programs that require Java, remove it from your system altogether. Java is one of the most heavily-exploited platforms in the world today due to its almost ubiquitous presence.
- If you have to have Java for a specific program, but don’t need it for the web pages you visit, disable Java for universal use on your browsers. (Links to instructions listed below.) It is safest to allow use of Java browser plug-ins on a case-by-case basis when prompted for permission by trusted programs.
- If you cannot disable Java in your browsers, confine your browsing to regular commercial sites which, while not immune from being infected, are typically more carefully maintained and monitored and represent a lower risk. This is not a reliable security approach, but it is better than nothing.
- Internet Explorer
(For Firefox on Mac OS X, it is like Windows XP (Tools > Add-ons))
While in Chrome, enter this URL: chrome://plugins/ then click Disable under Java.