Security

Announcements concerning online security threats.

Flash ransomware vulnerabilities

by at

The number of nasty things that can happen to systems with old versions of Flash is growing.  See this article for an overview.  Although Windows systems are the big targets, there is nothing stopping the technique described being used against Mac and Linux laptop and desktop systems.

We try to make 3rd-party software updates available to our Windows users, but the system is far from perfect.  The saving grace is that CBC Windows users are pretty good about not saving files on local drives.  So ransomware is not quite as dangerous.  However, for personal systems, or for systems not in the Chemistry domain, I strongly recommend that you check your version of Flash by going to here.  You should run the check found there from any of the browsers you use.

I just ran the check myself on one of my systems, and I see that the Adobe site is not completely clear about whether the version I was using was out-of-date on not.  (It was out-of-date.)  You can reference this page to see what the current version is for your OS and browser.

Checking your laptop for encryption

by at

OSU-owned laptops used by faculty, staff, and students must, whenever possible, use whole disk encryption to protect data stored on these devices. There are a few products, for example on some high-end ultrabooks, that perform data encryption at a hardware level. However, almost all Windows laptops running Enterprise versions of Windows 7 or 8 can support the use of BitLocker. Mac OS X Lion or later can support the use of FileVault 2. Both of these products perform whole disk encryption.

To see if your Windows laptop has already been encrypted, do the following:

  • Go to the Start button, and in the Search box type ‘BitLocker’. Click ‘BitLocker Drive Encryption’ when it appears on the Start menu.
  • You will see the C: drive listed. If to the right it says, “Turn off BitLocker”, then the drive is already encrypted. If to the right it says, “Turn on BitLocker”, then you should contact CBC Computer Support. Please note that you can turn on BitLocker yourself, but if we help, we can show you how to store the recovery key securely.

To see if your MacBook or Mac Air has already been encrypted, do the following:

  • Click the FileVault tab in the Security & Privacy pane of System Preferences.
  • If you see a button that says “Turn Off FileVault..” your Mac is already encrypted. If you see a button that says “Turn On FileVault..” then you should contact CBC Computer Support. Please note that you can turn on FileVault yourself, but if we help, we can show you how to store the recovery key securely.
  • For older versions of OS X, you should contact Computer Support for assistance.

See this support doc for more information about FileVault.

If your laptop is already encrypted, do not decrypt it. If you possess a paper copy of your recovery key, do not tape it to the body of the laptop, or otherwise store it together with the laptop.

Linux Server & Workstation Maintenance

by at

All Linux servers & workstations connected to linuxfs will be rebooted Thursday (8/27) beginning at 9:00 pm so that security updates can be installed.  This includes the Linux file server (linuxfs) and web servers (web, group, legacyweb).  Linux workstation users should close all remote connections and log out completely before 9:00 pm.  Linux workstations connected to instruments or the old chemistry server will not be affected.  Maintenance should be completed by 11:00 pm, but check the blog for confirmation.

A reminder about securing your credentials

by at

If you receive an email similar to the following, do not respond:

Dear Webmail User,The Helpdesk Program that periodically checks the size of your e-mailspace is sending you this information. The program runs weekly to ensureyour inbox does not grow too large, thus preventing you from receiving orsending new e-mail. As this message is being sent, you have 18 megabytes(MB) or more stored in your inbox. To help us reset your space in ourdatabase,please enter your current user name(_________________) password(_______________)You will receive a periodic alert if your inbox size is between 18 and 20MB. If your inbox size is 20 MB, a program on your Webmail will move youroldest e-mails to a folder in your home directory to ensure you cancontinue receiving incoming e-mail. You will be notified this has takenplace. If your inbox grows to 25 MB, you will be unable to receive newe-mail and it will be returned to sender. All this is programmed to ensureyour e-mail continues to function well. Thank you for your cooperation.Help Desk.Important:

Email Account Verification Update ! ! !

Do not fall for this kind of scam. If you are questioning if a request for information, account info, passwords, etc. is real. Ask us. We’re happy to help.

virus protection (& the conficker worm)

by at

About The Conficker Worm

The Conficker worm (set to “strike” today) has been receiving much coverage. Most antivirus software could detect and block the Conficker worm, so if you have updated antivirus software on your computer, you are at a much lower risk of being infected by the Conficker worm. To be sure your departmental WINDOWS computer is up to date, locate the McAfee icon in your System Tray (bottom right) and select “Update Now…”(see attached below).

Update Virus Definitions

What if your department computer becomes infected with the Cornficker Worm? 

Definitely let us know if you suspect that your department PC is infected. If your computer is infected with the Conficker worm, you may be unable to download certain security products, such as the Microsoft Malicious Software Removal Tool or accessing certain Web sites, such as Microsoft Update.

As always, with questions email support@chemistry.ohio-state.edu. For more info on this security theat, visit here: http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx

Be Mindful of General Security

by at

It is always a good idea to be vigilant, make sure doors and property are secure, and to look out for one another. See incident below from yesterday:

The Department has received a report of an unidentified person inside
Smith Lab RM1132. (Gramila Cryostat Lab)

The person was met and questioned by a graduate student while leaving
the lab on Saturday at approximately 3:30 pm.

The person is described as a tall, African-American male, wearing a dark
jumpsuit.

Based on the description/lack of uniform, location, and time, FOD
reports that this was not likely one of their staff.

Although no items are reported missing, a University Police report has
nonetheless been filed.

Occupants will recall past periods of increased incidents of theft and
are encouraged to heighten their awareness.


Jenny Finnell
Assistant to Dr. Arthur J. Epstein; Synthetic Metals Editorial Assistant
The Ohio State University Department of Physics
191 W. Woodruff Ave. #2188, Columbus, OH 43210-1117
Phone:  614-292-4443, E-mail:  finnell@mps.ohio-state.edu

UPS Virus (and viruses in general)

by at

Becky Gregory alerts us to a potential virus threat this morning. Her notice is useful, and a reminder to be vigilant when choosing which mail to trust and which to seek help about.

She received an email regarding tracking a package via UPS- with an attachment. She did not order a package and the zip file is most likely a virus. It is best to delete these emails immediately or, as in Becky’s case, send us an email. See below.

Descriptions

Following a spate of viruses purporting to be about undelivered UPS parcels, we are receiving some virus messages which seem to be targeted at University mail recipients. It looks something like this:

Attachment: ReIn86192.zip

Subject: UPS: Your Tracking #(long number)

Sorry, we were not able to deliver postal package you sent on November the 25th in time because the recipient’s address is not correct.

Please print out the invoice copy attached and collect the package at our office.
If you do not receive package in ten days you will have to pay 36$ per day.

Your UPS Support Team

---

Do NOT open attachments, and do NOT reply. Thanks for the notification Becky. Raising alerts like this, and informing everyone keeps us all safer from these kinds of threats.

Avoid falling victim to Phishing Scams like this one:

by at

There is an e-mail circulating extensively, if my account is any indication.   It appears to be from ‘The Ohio State University’ with the subject ‘news’. The content is simple (note that URL has been modified to render it unusable):

“Please read our latest news and information: http://webmail.osu-edu.xxx/et cetera. Ohio State University ”

When the user clicks on the URL, an exact copy of the OSU Webmail page displays.  If the unwitting user types their username and password, the credentials are harvested immediately.

Do not click this link or respond to this email message should you receive it.

Scam Alert: Email from Microsoft

by at

If you receive an email from Microsoft like the following:

Dear Microsoft Customer,
Please notice that Microsoft company has recently issued a Security Update
for OS Microsoft Windows. The update applies to the following OS versions:
Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium,
Microsoft Windows XP, Microsoft Windows Vista.

please delete it and do not open any attached files. Our security updates are handled automatically by our Windows system and any request to install or execute a file from any vendor is most likely a scam.

Feel free to ask if you receive such emails. Better to be safe than sorry and we’re happy to help provide information about what is real and what is a virus, scam, etc.

Avoid common scams online

by at

It is better to be safe than sorry. IF you are unsure of the validity of an email you receive, especially if the email asks for account information, run it by computer support to see if it is real. The latest such scam may have shown up in your inbox this morning entitiled:

“Final Upgrades/Account Verification Required Urgently.”

Delete the email and forget about it. 99.99999% such emails are a scam…. and never give out your username, password, or any other senstive data.