Special Security Issue

Information Technology Services recently learned of two security issues possibly impacting our campus community. We regard the following information as a significant threat, requiring immediate notification to InfoShare subscribers.

If your colleagues are not receiving the InfoShare, forward this message to them so that they may subscribe.

Sincerely,

Kathie Surface

InfoShare Editor

Hackers and Scammers Use World Events to Spread Malware

Security Alert

Osama bin Laden's death is the most recent example of hackers taking advantage of our curiosity about world events to spread malware.

Computerworld magazine reported on May 3, 2011 that users should steer clear of spam e-mails that claim to contain photos of bin Laden after he was shot and killed by U.S. special forces. Some attachments to these e-mails have been found to contain a Trojan that will sniff out online banking sessions and then try to redirect payments to other accounts.

There has also been a campaign convince both Windows and Mac users to download fake security software to by using unethical tactics to promote malicious URLS to high spots in Google search rankings of Osama bin Laden. Scams are also spreading on Facebook as well with users being invited to watch an exclusive CNN video; or to celebrate his death with free products. (Osama bin Laden Spam/Ads on Facebook) These convince users to link to a customized URL and enter personal information or post comments to get to the advertised information or products. What the scammers get is your information.

Anyone using these links is advised, with popups and alerts, that their computer is infected; and that they should download "supposed" security software to correct the problem.

IT Services is reminding everyone to never respond to unsolicited invitations no matter how interesting or appealing. You should go directly to legitimate news sources and software vendors. Type in the URL or use saved bookmarks.

Always feel free to contact the IT Services Help Desk whenever you have questions about the authenticity of e-mail messages that you receive. You may report anything that you think may be a problem at any time by phone (260-481-6030), e-mail (helpdesk@ipfw.edu) or by using the new problem reporting form.

Configuring your SPAM Block list

IPFW Resources for the IT Incident Response Policy

(Hacker information summarized from Computerworld's May 3, 2011 article by Gregg Keizer)

LastPass - Password Management Service

LastPass Warns Users to Change Master Password

LastPass is a password manager service which allows management of all your accounts and passwords using a single master password.

This service is used by some individuals at IPFW who should be informed of the company's recent announcement about possible compromises of their account.

LastPass recently noticed some unauthorized activity in a noncritical server. While there is no evidence that user data information has been compromised, the company is taking a proactive stance and asking it's users to change the master password for their account.

Any IPFW employee using this service is advised to change their LastPass master password as soon as possible.

Because LastPass has a large customer base, you could experience some delay in reaching their password service center. If that should occur, passwords to your individual accounts can be changed independently for added protection.

IT Services does not endorse or support password tools. Please be very cautious when using any tool that generates passwords. Do not make master passwords easy for others to guess. Feel free to contact the IT Services Help Desk if you have questions.

Password Requirements for IPFW Accounts

(LastPass information summarized from Password Manager Service LastPass Investigating Possible Database Breach, Posted by Kelly Jackson Higgons on Thursday May 5th, 2011, Dark Reading.com)

IPFW is an Equal Opportunity/Equal Access University