Breach Security Note for Registered Users of RateMyProfessors.com

by in , , , , , , , , , , 0

On December 24, 2015, RateMyProfessors.com observed suspicious activity on one of its backend systems and promptly investigated. As a result of that investigation, RateMyProfessors.com believes that on or about November 26, 2015, hackers gained access to one of the backend systems of RateMyProfessors.com through a decommissioned version of the RateMyProfessors.com website. These hackers acquired email addresses and passwords for some registered users of the active RateMyProfessors.com website (“Site”). We have not seen indications that the compromised information has been used without authorization or that ratings submitted to the Site were implicated in the incident.

It is important to note that, if you used RateMyProfessors.com only as a non-registered user, no information about you and no ratings you submitted were implicated in the incident.

Additional information may be found on the RateMyProfessor site at http://www.ratemyprofessors.com/securityFAQs.

Protect Yourself Against Cyber Threats - Social Networks

by in , , , , , , , , , , , , 0

Continuing our blog series targeted at protecting yourself against cyber threats, today's blog topic covers Social Networks

Today's guest blog contributor is Eric Varela. Eric is a student here at CSU Channel Islands majoring in Information Technology with a minor in Security Systems Engineering.

Think before you post:  Limit the amount of personal information you post publicly. Do not post information that would make you vulnerable, such as your address or information about your schedule or routine.  If your friend posts information about you, make sure the information is something that you are comfortable sharing with strangers.

Once posted, always posted:  Protect your reputation on social networks.  What you post online stays online.  Think twice before posting pictures you wouldn't want your parents or future employers to see.  (Tip: Recent research found that 70% of job recruiters rejected candidates based on information they found online).

Get smart and use privacy settings:  Take advantage of privacy and security settings.  The more information you post, the easier it may be for a hacker or someone else to use that information to steal your identity, access your data, or commit crimes such as stalking.  Use site settings to limit the information you share with the general public.

Be honest if you're uncomfortable:  If a friend posts something about you that makes you uncomfortable or you think is inappropriate, let them know.  Likewise, stay open-minded if a friend approaches you because something you've posted makes him or her uncomfortable. (Tip: People have different tolerances for how much the world knows about them; respect those differences).

Know when to take action:  If someone is harassing or threatening you, remove them from your friends list, block them, and report them to the site administrator. (Tip: It may also be appropriate to report it to school officials who may have separate policies for dealing with activity involving students).

Derived from NICCS and StaySafe Online

Protect Yourself Against Cyber Threats - Setting up Proper Controls

by in , , , , , , , , , , 0

We are starting a new series of blogs targeted at protecting yourself against cyber threats.  This series will run over the next few months and cover varying subject matter related to cyber threat protection.

Today's guest blog contributor is Eric Varela. Eric is a student here at CSU Channel Islands majoring in Information Technology with a minor in Security Systems Engineering.

Connect securely wherever you are: Only connect to the Internet over secure, password-protected networks. Free public WI-FI, from popular patronage sites such as Starbucks, McDonalds, Subway, etc. - provide convenience over security. If you must use public WI-FI, use it for browsing purposes only and not for private transactions such as banking or emails.

Think before you click: Do not click on links or pop-ups, open attachments, or respond to emails from strangers. Even if an email message has a sender address of someone you know, be sure the email attachments or links were requested from the source. It is possible for sender addresses to be spoofed or taken over. When it doubt, throw it out. A link or attachment could contain malware, and a single click is all it takes to get infected.

Respond only to trusted messages: Do not respond to online requests for personal information such as your date of birth or your credit card numbers; most organizations-banks, universities, companies, etc.-do not ask for your personal information over the internet. (Tip: CSUCI will never ask for your password or login information via email.)

Use passwords properly: Select strong passwords, with a minimum of eight characters and a mix of upper and lowercase letters, numbers and symbols, and change them frequently. Password protect all devices that connect to the internet and user accounts.

You should also remember to:
  • Not share your password with others.
  • Make your password is unique to your life and not something that is easily guessed.
  • Have a different password for each online account.
  • Write down your password and store it in a safe place away from your computer.
  • Change your password several times a year. (Tip: At the beginning and end of each semester.) 


Stay aware: Routinely monitor bank and credit card accounts for unauthorized charges and unauthorized accounts that have been opened under your name. Annually, you are entitled to a free credit report by the three big credit reporting agencies by federal law. Take advantage of these free reports and stay current on your credit score and history.

Google Releases Security Update for Chrome

by in , , , , , , , , , 0

Google has released Chrome version 45.0.2454.85 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of one of these vulnerabilities may allow an attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.

Mozilla Releases Security Updates for Firefox

by in , , , , , , , , , 0

US-CERT released on Thursday, August 27th, 2015 that the Mozilla Foundation has released security updates to address a critical vulnerability in Firefox and Firefox ESR.  Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

Available updates include:

  • Firefox 40.0.3
  • Firefox ESR 38.2.1

US-CERT encourages users and administrators to review the System Advisories for Firefox and Firefox ESR and apply the necessary updates.

Apple patches security flaws with new versions of iOS, OS X

by in , , , , , , , , , , , , 0

Apple has packed patches for dozens of security flaws into the new versions of its iOS and OS X operating systems.

The company noted Tuesday in a security advisory that just-released version 8.4 of the iOS mobile operating system contains more than 20 fixes for vulnerabilities that could lead to remote code execution, application termination and the interception of encrypted traffic, among other issues.


Read more about these updates here.

July 2015 - secureCI Monthly Newsletter

by in , , , , , , , , , 0

secureCI presents Ouch!

The SANS Monthly Information Security Bulletin at CI


Social Media
In This Issue…
  • Overview
  • Privacy
  • Security

GUEST EDITOR
Tanya Baccam is a longtime security consultant. She has been a SANS author and instructor for over a decade, having taught and written SEC502, SEC542, SEC401, MGT414, AUD507 and many other courses. Follow her on Twitter at @tbaccam.

OVERVIEW
Social media sites, such as Facebook, Twitter, Instagram and LinkedIn, are amazing resources, allowing you to meet, interact and share with people around the world. However, all this power also brings risk for you, your family, friends and employer. In this newsletter, we explain what these dangers are and how to use these sites securely and safely.

PRIVACY
A common concern with social media is protecting your personal information. Potential dangers include:

Impacting Your Future: Some organizations search social media sites as part of background checks. Embarrassing or incriminating photos or posts, no matter how old, could prevent you from getting hired or promoted. In addition, many universities conduct similar checks for new student applications. Privacy options may not protect you, as these organizations can ask you to “Like” or join their pages or certain posts may be archived on multiple sites.

Attacks Against You: Cyber attackers can analyze your posts and use them to gain access to your or your organization’s information. For example, they can use information you share to guess the answers to the secret questions that reset your online passwords, create targeted email attacks against you (called spearfishing) or call someone in your organization pretending to be you. In addition, these attacks can spill into the physical world, such as identifying where you work or live.

Accidentally Harming Your Employer: Criminals or competitors can use any sensitive information you post about your organization against your employer. In addition, your posts can potentially cause reputational harm for your organization. Be sure to check your organization’s policies before posting anything about your job. In addition, some of your social media posts may be monitored.

The best protection is to limit what you post. Yes, privacy options can provide some protection. However, they are often confusing and change frequently without your knowledge. What you thought was private can quickly become public for various reasons. In addition, the privacy of your posts is only as secure as the people you share them with. The more friends or contacts you share with, the more likely that information will become public. You should assume anything you post can or will become a public and permanent part of the Internet.

Finally, be aware of what friends are posting about you. If they post something you are not comfortable with, ask them to take it down. If they refuse or ignore you, contact the social media site and ask the site to remove the content for you. At the same time, be respectful of what you post about others.



SECURITY
In addition to privacy concerns, here are some steps to help protect your social media accounts and online activities:

Login: Protect each of your accounts with a strong, unique password and do not share them with anyone else. In addition, many social media sites support stronger authentication, such as two-step verification. Always enable these stronger authentication methods whenever possible. Finally, do not use your social media account to log in to other sites; if it gets hacked, then all of your accounts are vulnerable.

Privacy Settings: If you do use privacy settings, make sure you review and test them regularly. Social media sites often change privacy settings and it is easy to make a mistake. In addition, many apps and services let you tag your location to content that you post (called geotagging). Regularly check these settings if you wish to keep your physical location private.

Encryption: Social media sites use encryption called HTTPS to secure your online connections to the site. Some sites (like Twitter and Google+) enable this by default, while others require you to manually enable HTTPS. Check your social media account settings and enable HTTPS as the default connection whenever possible.

Email: Be suspicious of emails that claim to come from social media sites. These can easily be spoofed attacks sent by cyber criminals. The safest way to reply to such messages is to log in to your social media website directly, perhaps from a saved bookmark, and then read and reply to any messages or notifications from the website.

Malicious Links/Scams: Be cautious of suspicious links or potential scams posted on social media sites. Bad guys use social media to spread their own attacks. Just because a message is posted by a friend does not mean that message is really from them; their account may have been compromised. If a family member or friend has posted an odd message you cannot verify (i.e., they have been robbed and need you to send money), call them on their mobile phone or contact them by some other means to confirm the message is truly from them.

Mobile Apps: Most social media sites provide mobile apps to access your online accounts. Make sure you download these mobile apps from a trusted site and that your smartphone is protected with a strong password. If your smartphone is unlocked when you lose it, anyone can access your social media sites through your smartphone and start posting as you.

Social networking sites are a powerful and fun way to communicate with the world. If you follow the tips outlined here, you should be able to enjoy a much safer online experience. For more information on how to use social networking sites safely or report unauthorized activity, be sure to review the security pages of the sites you are using.

RESOURCES

Passphrases:

Two-Step Verification:


LEARN MORE
Subscribe to the monthly OUCH! security awareness newsletter, access the OUCH! archives, and learn more about SANS security awareness solutions by visiting http://www.securingthehuman.org. OUCH! is distributed under the Creative Commons BY-NC-ND 4.0 license.