Dr. Fraenkel shared information with us regarding a newer virus that is particularly bad. More information here:
As always, it is better to be safe than sorry and email support if you have questions about any mail or items you receive.
Security
Announcements concerning online security threats.
Research Lab Break in
Please make sure that you take personal items home that are of value. Some research labs and the graduate student office were broken into last night. Absolutely every drawer in the lab, every storage area, including the chemical storage areas, and every drawer in the desks were opened and sorted through. The glass on the lab door was shattered and removed; then the thieves obviously let themselves into the lab.
Computer Thefts in PRB
There was a laptop theft today in PRB room 2131 between 2:30-3:00 pm. It was an IBM T60. A police report was filed.
Please be vigilant and lock your doors when you leave your office or lab.
Report any suspicious activity to OSU Police.
Disk encryption is a viable alternative to losing a laptop that may contain sensitive data to theft, reporting it, and incurring the financial and related costs.
Email Phishing Reminder – Always Ask Before Sending Passwords/Infomation
Specifc Recent Threat: http://8help.osu.edu/status/933.html
General Information: “PHISHING” SCAM ALERT FROM OIT
These Scams involve asking you to send your Password & more. DO NOT REPLY!
Recently, a number of e-mails began circulating from a source claiming
to be from the Ohio State webmail team or admin managers. The e-mails
ask people to submit their osu.edu e-mail account information and
password, sometimes along with personal information like a birth date.
Some other qualities of these attacks may include a non-OSU reply-to
address, poor grammar and incomplete or improper OSU branding. These
messages are not from OIT and, furthermore, OIT will never ask you for
your password. These e-mails are phishing attempts and not legitimate
requests. You should never reply to these e-mails and never give your
password to anyone. OIT expects these attacks to continue because
senders expect financial gain by accessing your account to send mass
mail or having your personal information. If you ever have a question
about the legitimacy of an e-mail, please call 688-HELP (8-HELP) for
verification. More information on phishing is available on the Buckeye
Secure phishing page.
Recent Computer Thefts
Rememer to be vigilant about your personal property and property owned by OSU. Thieves are always on the look out for an opportunity.
From Gerry:
3 PCs and 2 iPAQs were stolen from room 2045 MP yesterday. Please make sure you lock your offices and labs, be extremely vigilant and report any
suspicious activity to the police.
Security: Recent Computer Thefts
FYI, there were 2 computer thefts in the PRB on 04/07/2008 in the afternoon.
Please make sure to lock your labs and offices and report suspicous activity
to the police.
MySpace, Facebook problems with IE 6,7
Apparently, there are some real security problems with Facebook and MySpace plug-ins for IE 6,7 (ActiveX).
From Slashdot:
According to the Washington Post’s Security Fix blog, cyber criminals are populating the Internet with Web sites designed to exploit several recently-discovered security holes in a half-dozen widely used ActiveX plug-ins for IE 6 and 7, most notably the one offered by Facebook and MySpace to help users upload photos. The sites, advertised via links in email and instant message spam, also ‘probe for other vulnerable IE plug-ins, including two recently discovered from Yahoo! and one for QuickTime (this one attacks a vulnerability Apple patched just last month). The sites also throw in an exploit against a six-month-old IE flaw.’ The article notes that the SANS Internet Storm Center has released a GUI tool to help users safely deactivate the vulnerable plug-ins in the Windows registry.
Users of these social networking sites should aim to secure their personal machines against possible exploitation.
Phishing – Requests for Username/Password
A reminder to all users- never respond to requests for account information of any kind. When in doubt, contact support and ask for clarification. The following Phishing attack came in on Feb. 23rd, 2008:
Notification from osu.edu this site is under serious construction
We are upgrade the site to the 2008 edition of uso.edu webmail technology,
All customer are therefore advice to provide us with the following informaton
Personal Domain Information
ACCOUNT USER NAME,
ACCOUNT PASSWORD,click reply to send information
This is not a legitimate request and the best response is to ignore these kinds of emails.