Tuesday, May 1, 2014, Microsoft released a critical security update for Internet Explorer (IE). Users are encouraged to run Windows Update to patch their system. All versions of IE have a patch issued, including Windows XP.
If you have either KB update mentioned above - your Internet Explorer is patched and you should feel "safe" to use IE again.
For personal home computers
Make sure your system is enabled to get updates automatically from Microsoft. For instructions to get security updates automatically from Microsoft, visit: www.microsoft.com/security/pc-security/updates.aspx
(NOTE: SVSU managed systems are already set to automatically obtain updates)
For those interested in the technical details about this security bulletin from Microsoft, visit: technet.microsoft.com/library/security/ms14-021
For known issues about the security update: support.microsoft.com/kb/2965111
If you have any questions or concerns, please contact the I.T. Support Center at 989-964-4225.
The Department of Homeland Security (DHS), along with US-CERT (Computer Emergency Readiness Team), have issued an advisory for users of Internet Explorer (IE) to discontinue use of IE until it is patched by Microsoft. The vulnerability is active and is being used to exploit and compromise systems. Data and personal information are at high risk.
CERT has recommended users switch to another browser (Firefox/Chrome) until Microsoft has issued a fix. As noted in a previous news article, users of Windows XP are even more vulnerable to this exploit.
Until further notice, SVSU ITS recommends all users switch and use Firefox or Chrome.
Download Firefox from: www.mozilla.org
Download Chrome from: www.google.com/intl/en/chrome/browser
To learn how change your default browser in Windows 7, watch this tutorial we put together: www.youtube.com/watch?v=VeKGU9UrS7c
For more details about this CERT alert: www.kb.cert.org/vuls/id/222929
From Microsoft, their technical details and workaround are posted in the following article:
As many of you may have heard, a flaw has been discovered in a common Internet security method. Although no specific security breaches have been identified, the flaw could allow malicious users to steal personal information. The flaw is associated with specific versions of OpenSSL, which is software that is widely used to secure web server traffic. The flaw is known as the "Heartbleed" vulnerability.
Many common websites using OpenSSL have been identified as vulnerable, including Yahoo!, Flickr, NASA and Facebook, among others. A fix for this flaw, which was announced this week, is available, and Internet service providers and website managers around the world are working to implement the patch.
ITS is strongly urging all SVSU students, staff and faculty to change your network password. To change your password, please go to my.svsu.edu and click on "changing your password" below the login box and follow the prompts to change your current password.
To get detailed information on this bug, you can visit the http://heartbleed.com/ website.
The safety and security of the Saginaw Valley community is paramount – please use the above resources to ensure your personal information is protected.
Frustrated with trying to conjure up a password that no one could guess and that you’re not supposed to write down? You’re not alone.
This training bulletin is designed to help. In addition to offering the current “best practice” advice on passwords, some helpful tips are included.
Password Best Practices:
How could anyone remember a password that complies with all of these best practices? Here are some tips:
Think of some activity or place that you enjoy or find interesting, but avoid subjects that you discuss in social media, birthplaces, etc. For example, you might say that Brazil, South America is interesting. Start by making the password a manageable length, like BrazilSoAm. Next, employ some of these ideas, or come up with your own variations:
Some other ideas to get you thinking: The letter “B” looks a little like “(3” or “/3”. An “S” could be replaced with “$”.
Effective April 8th 2014 Microsoft has announced that they are discontinuing support for Windows XP. Because of this, SVSU will be upgrading all Windows XP computers (about 400) to Windows 7 and converting the computers from Novell to Windows Active Directory. This upgrade project will take place over the next 2 months.
Each computer user will be interviewed to determine what files, printers, and applications they have. All personal files will be backed-up and re-loaded on the computer after the upgrade. A full copy of the original computer will be maintained for two weeks to provide a safety net in case any files were missed during the upgrade process.
ITS has contracted with the company SPI to help make the migration happen as quickly as possible. The SVSU ITS Technical Services team will work closely with SPI to make sure the upgrade goes smoothly, and ITS Support Center will be available to answer questions.
If you have any questions about the upgrade or upgrade process, please call the ITS Project Manager, John LaPrad at 989-964-7134.
Thank you in advance for your understanding and cooperation during this process.
Microsoft has announced the end of their support for Windows XP on April 8th. For those that still use it, you should be aware that your system will no longer receive:
If you choose to keep using Windows XP after April 8th, your system and data are at a greater risk of attack or data theft/loss. Your system will not be compatible with newer software, as well.
Internet Explorer version development for Windows XP ceased a long time ago, and future updates/patches for those older versions will cease. It has been recommended to use other browsers for Windows XP, to help mitigate risk. Please note: due to the lack of future support for Windows XP, software developers (including browsers) will likely abandon further development and patches for their XP products.
Your best course of action, to protect your system and maintain performance, is to upgrade to a newer operating system. For university-owned equipment, there is an action plan coming forth and you should look for that communication coming soon.
This advisory is really intended for the campus community and their personal home computer systems.
We have another round of phishing/spam attempts circulating. This time they spoof the Sender information and make it appear as if sent from firstname.lastname@example.org and "Web-mail Administrator". It is an attempt to collect your account username and password to compromise your account to send out additional spam.
ITS will not ask you to verify or update your account using links. When in doubt, give the I.T. Support Center a call - or click on your SPAM button to report the message and remove it from your inbox.
Here is an example of the most recent attempt:
You have probably heard about "phishing" by now. You have also probably been told to look for clues in emails that indicate that someone may be trying to get personal information from you. What should you look for in an email? Here are a few tips to keep you and your information safe from would-be thieves.
Something Smells Phishy (464kB)
Criminals use manipulative techniques known as "social engineering" to deceive their victims into revealing sensitive information. Such scams play on emotions like fear and the human tendency to want to help or trust others. A common approach uses fraudulent "phishing" e-mails, as in fishing for information. The scamming e-mail is often designed to look as though it comes from an individual or organization the recipient will recognize, or has an existing relationship with. The message attempts to fool the recipient into revealing sensitive information. The mechanisms used may entice the recipient to (a) click on a link leading to a fraudulent website (although it may appear legitimate), (b) reply to a specific offer or request in the e-mail, or (c) download an infected attachment.
Defending against social engineering attacks is difficult because cyber thieves are creative and constantly coming up with new approaches, but the following guidance can help avoid becoming a social engineering victim.
Think before you click. Be cautious with any message you don't expect or that doesn't make sense. If you get a message from the New York police about a speeding ticket but you have not been driving in NY recently, it's bogus. Delete immediately. Even if you had been driving in NY, ask yourself whether it makes sense that the NY police have your e-mail address. Probably not.
Be wary of offers of something for nothing. These are most likely scams. Won the lottery without entering? A free gift card from a store you don't patronize? Likely bogus.
Check validity with a web search. If you suspect the offer/threat could be real, don't click. Search instead. Many sites list known hoaxes. Reading through these can put your mind at ease.
Carefully scrutinize the destination of links in e-mails and text messages. Hover your mouse/finger over the link to see where it really goes. Clever phishers sometimes include valid links among the malicious links in the e-mail in a further attempt to disguise their intent.
Do not respond to unsolicited requests for sensitive information, whether by e-mail, phone, or text message. If an unsolicited caller starts asking for personal information, it's time to end the call.
Do not submit personal information via website pop-up screens. Legitimate organizations do not ask for personal information via pop-ups.
If you think a request might be valid but can't verify the identity of the requester, then contact the organization making the request yourself so you can be sure of whom you are talking to.
As users of the SVSU ITS Service Management System for IT requests, you now have the ability to submit new IT requests, to see status updates, and to track the progress of your requests online at: mysupport.svsu.edu
Additionally, ITS is launching the Service Request Management Customer Satisfaction Survey, which will allow users to provide valuable feedback specific to their requests. We plan to use your responses to better understand and serve the campus.
A quick overview document (with screenshots) can be found here??.
By visiting www.svsu.edu/its you will find a link to mySupport Online under the Contact Us section.