Achived Security Information 2005 -- 2009

3-30-2009
The National Cyber Alert System has issued a warning about a worm that is targeting Microsoft Windows systems. The Conficker worm can infect a Microsoft Windows system from a thumb drive, a network share, or directly across a network if the host is not patched with MS08-067. To prevent infection by this worm we encourage you to run Microsoft update http://update.microsoft.com. or http://support.microsoft.com.
3-3-2009
The Office of Information Technology has become aware of a scam e-mail message being sent to members of our campus community. It purports to be from the Internal Revenue Service and requests the user fill in information via an attachment. The body of the message simply requests the user fill in the information in the attachments and fax it to a number. THIS IS A PHISHING SCAM! DO NOT RESPOND TO THE EMAIL OR CALL THE NUMBER! The body of the message is simply: Please see the attachment make sure you fill all the columns and send fax to: 1-646-308-1145. While the University e-mail system has filters in place to prevent most virus and spam messages from getting through, some will inevitably reach our users' inboxes. If you should receive any questionable e-mail, please forward it to abuse@olemiss.edu so that we may deal with it as necessary. If you have further questions, please contact the IT Helpdesk at 662-915-5222.
9-15-2008
The Office of Information Technology has become aware of a scam e-mail message being sent to members of our campus community. It purports to be from the school Webmaster and requests that you fill in your username and password for database updating purposes. THIS IS A SCAM. We are not making any database updates, as it suggests, and we will never ask for anyone to put his or her password in an e-mail message. (Doing so would violate our Appropriate Use Policy.) This e-mail is simply one of many examples of "phishing" and if you should receive it, your best response would be to delete it. While the University e-mail system has filters in place to prevent most virus and spam messages from getting through, some will inevitably reach our users' inboxes. If you should receive any questionable e-mail, please forward it to abuse@olemiss.edu so that we may deal with it as necessary. If you have further questions, please contact the IT Helpdesk at 662-915-5222. Thank you for exercising judgment and responsibility when using your Ole Miss e-mail and WebID accounts.
8-25-2008
The Office of Information Technology has become aware of a scam e-mail message being sent to members of our campus community. It purports to be from our Helpdesk and requests that you fill in your username and password for database updating purposes. THIS IS A SCAM. We are not making any database updates, as it suggests, and we will never ask for anyone to put his or her password in an e-mail message. (Doing so would violate our Appropriate Use Policy.) This e-mail is simply one of many examples of "phishing" and if you should receive it, your best response would be to delete it. While the University e-mail system has filters in place to prevent most virus and spam messages from getting through, some will inevitably reach our users' inboxes. If you should receive any questionable e-mail, please forward it to abuse@olemiss.edu so that we may deal with it as necessary. If you have further questions, please contact the IT Helpdesk at 662-915-5222. Thank you for exercising judgment and responsibility when using your Ole Miss e-mail and WebID accounts.
Merrill Lynch Phishing Scam October 18, 2007
There have been numerous reports of the campus community receiving a Phishing e-mail using Merrill Lynch as a pretext. Due to this scam and other Phishing attacks everyone should beware of messages that ask you to visit sites and divulge personal information. As a general rule you should never click on links inside e-mails that ask you to divulge personal information. You should only go to sites via known sources (Your favorites, or via a link on a known web page). These schemes appear to be from legitimate sources, however e-mail addresses and links within e-mail can be forged.
Strong Passwords
The role that passwords play in securing an organization's network is often underestimated and overlooked. Passwords provide the first line of defense against unauthorized access to your organization. Weak passwords provide attackers with easy access to your computers and network, while strong passwords are considerably harder to crack, even with the password-cracking software that is available today. Password-cracking tools continue to improve, and the computers that are used to crack passwords are more powerful than ever. Password-cracking software uses one of three approaches: intelligent guessing, dictionary attacks, and brute-force automated attacks that try every possible combination of characters. Given enough time, the automated method can crack any password. However, strong passwords are much harder to crack than weak passwords. A secure computer has strong passwords for all user accounts. Please go to : Microsoft Technet for more information on strong passwords.
Microsoft Internet Explorer 7 Phishing E-mail March 30, 2007
Several states reported receiving e-mails asking users to download Internet Explorer 7 by clicking on a link embedded in the e-mail. If the user follows the instructions, their computer will be infected with malware. This information Bulletin discusses the characteristics of the e-mail in more detail. Bulletin: The e-mail appears to originate from admin@microsoft.com asking users to download Internet Explorer 7 contains a graphic of IE 7 and links to various URLs. Clicking on the picture results in a file, IE7.0.exe, being downloaded to the user's machine. Note that currently this file does not auto-execute so at this point the users computer is not yet compromised.
Security presentation
If you could not attend the security presentation by Mr. Willoughby on March 9’th, the PowerPoint slides are available here. Mr. Willoughby has conducted security workshops in six foreign countries and more than 30 states. Professionally, he holds certifications as a Microsoft Certified Systems Engineer (MCSE), a Certified Information Systems Security Professional (CISSP), a Certified Information Security Manager (CISM), and Certified Ethical Hacker (CEH). Willoughby served in the US Intelligence Community and the Department of Defense for more than 30 years. Presentation Abstract: "Hackers and criminal elements have ramped up their malware-generating machine in the past few years, honing methods to create powerful malicious code. Indeed, the small trickles of advanced malware that we have seen in recent months are indicative of a tumultuous future. This presentation will address trends expected to emerge on the malware front."
BOT Program
Recently a new BOT program identified as W32.Spybot.ACYR by Symantec, has compromised a small number of systems at various universities, including about 30 systems at the University of Arkansas and another 150 systems at the University of New South Wales in Australia. Both Microsoft and Symantec have released patches that resolve this vulnerability. For prevention, please make sure your Windows system is patched by selecting "Start", then "All Programs", then "Windows Update" to ensure your system is patched to the latest release. To manually update Symantec Antivirus, click the yellow shield in your task bar and select "Live Update" then follow the prompts to download and install the latest updates. Link for details: http://www.securityfocus.com/news/11426/1
Microsoft security bulletin (MS06-055)
Microsoft has released a new security bulletin (MS06-055) that supplies a patch which addresses the VML vulnerability affecting Microsoft Internet Explorer and Office. We recommend that these patches be installed immediately on all affected systems after appropriate testing. To immediately check if your system requires these patches, select "Windows Update" from the start menu on windows systems. Patches are for Windows 2000, Windows 2003 and Windows XP. Also, check that your settings are configured to download and install windows updates daily. Instructions to configure automatic updates can be found on the itsecurity.olemiss.edu web site in the left column, second entry, "Configuring Windows for Automatic Updates".
Security Awareness Training
Aug. 30, 2006 The Office of Information Technology (IT) is offering security awareness training sessions for employees authorized to access, store, and maintain confidential data. Sessions will be held in the Union Ballroom Tuesday, September 5 from 9:00 a.m. till 11:00 a.m. Wednesday,September 6 from 1:00 p.m. till 3:00 p.m. Employees who wish to participate in these sessions should indicate this by contacting the SAP Support Desk (x5556 or sap@olemiss.edu). Many UM departments necessarily access and accumulate information about faculty, staff, students and external entities for the purposes of daily business. Departments and individuals that manage electronic information are responsible for safeguarding this information from improper access or disclosure. Accordingly, the security awareness training sessions will focus on helping employees understand their security-related responsibilities and providing practical strategies for safeguarding systems and data.
National Cyber Alert System
Aug. 08, 2006 Technical Cyber Security Alert TA06-220A Microsoft Windows, Office, and Internet Explorer Vulnerabilities Source: US-CERT Systems Affected: * Microsoft Windows * Microsoft Office (Windows and Mac) * Microsoft Internet Explorer Overview Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Office, and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Note that one of the updates released today addresses a critical vulnerability in the Microsoft Server Service (MS06-040). We have received reports that this vulnerability is actively being exploited. The most recent version of this document can be found at: http://www.us-cert.gov/cas/techalerts/TA06-220A.html Click HERE for more important info.
Security Awareness Training
The security awareness training slides and talking points offered are now available online. Please click on the links below to view. The Slide Show requires a Powerpoint viewer. If you do not have powerpoint installed, click here to download a viewer. Security Awareness Training Slide Show Security Awareness Training Handout
Worries increase over WMF flaw
01-02-2006 The New Year has brought a new exploit for the Windows Meta File flaw and more attacks. Many security experts believe that the situation poses such a danger that they have recommended that users install an unofficial patch. The flaw occurs in Microsoft Windows' Graphics Rendering Engine. A specially crafted image file can take advantage of the flaw to compromise a Windows system that opens the image. Applications that use the vulnerable Windows operating system code include Internet Explorer, Windows Explorer, and the image viewing capability of Lotus Notes. Viewing a maliciously created image in those applications will run any embedded code. In a blog entry, a member of the Microsoft Security Response Center said that the team is investigating solutions for the security issue. http://www.securityfocus.com/brief/92
SANS Flash Report
25 January, 2006 SANS Internet Storm Center has found that more than 500,000 personal computers have been infected by the 'Grew' worm (it goes by a number of different names, e.g. 'Nyxem'). On February 3rd, it will delete all documents (Word, Excel and a number of others). Make sure your mom and your kids (and everyone else who may call you when they lose data) to update their AV signatures and run a full scan. "Update now or all your files may get lost." A special Storm Center website on the problem: http://isc.sans.org/blackworm This site will be updated, more information is discovered.
Browser Security Tip:
12-02-2005 Any time you access information that requires verification via a username and password, you should always receive a prompt that requires you to enter this information. Most Web browsers have the capability to store login name and passwords locally for easy access to information you have authorization to view. While this feature can save time it is a potential security threat to your data. Setting your Web browser to not save this login information is a good security practice that all users should perform. Also, clearing your browser cache should be performed by anyone who uses a browser to access confidential data. The following steps outline the procedures users should perform to turn off the password caching utility and the steps necessary to clear their browser cache. To disable the password caching feature visit the following link: Configuring Browser Password security
What is Phishing and Pharming
Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials. Social-engineering schemes use 'spoofed' e-mails to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers. Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond. Technical subterfuge schemes plant crimewareonto PCs to steal credentials directly, often using Trojan keylogger spywarePharming crimeware misdirects users to fraudulent sites or proxy servers, typically through DNS hijacking or poisoning. Anti-Phishing Work Group Web Site
Increase Your Browsing and E-Mail Safety
Malicious hackers and virus writers can take advantage of low security settings in your e-mail and Web browsing software to infect your computer. They can do this by sending you a malicious e-mail message or by enticing you to visit a malicious Web site. By increasing your security settings in Microsoft Internet Explorer, Microsoft Outlook, and Microsoft Outlook Express, you can help limit your chances of being attacked. There are four things you can do right now to increase your security.