Archive for June 2013

Google Strengthening Keys on SSL Certificates to 2048 Bits

by Neal Fisch in attacks, cloud, data security, email, encryption, passwords, security 0

As attacks against cryptographic systems and the SSL infrastructure have advanced in recent years, experts have begun to fret about the future utility of the system. Companies that rely on the security of the SSL technology are beginning to take steps to address the issue, with the latest being Google, which is planning to change the length of the keys on all of its SSL certificates to 2048 bits.

Follow this link to read the full article from Threatpost.com.

Think Before you Click!

by Neal Fisch in awareness, data security, email, faculty, personal security, phishing scams, security, spear phishing attack, staff, students, tips 0

Be cautious about all communications you receive, and clicking on links in an email, instant message or a website. Even if you know and trust the sender of the email, or an instant message, or are on a known website or a friend's social networking page, it is still prudent to use caution when navigating pages and clicking on links or photos, because links, images or other content contained on the pages may include malicious code placed there by hackers.

For more information, please visit:
SANS OUCH! Newsletter on "Email Phishing Attacks"

Protect Yourself When Using Cloud Services

by Neal Fisch in awareness, cloud, data security, faculty, personal security, security, staff, students, tips 0

In simplest terms, cloud computing is a subscription-based or free service where you can obtain networked storage space and other computer resources through via the Internet. While these systems may remove the need for owning physical components, they also introduce new risks to your information. Before you float your digital assets to the cloud, make sure you take the appropriate steps to protect yourself.

Know your needs. Before you start, make sure you carefully plan what your security and privacy needs are. This includes knowing what your legal and regulatory requirements are for protecting data.
Read the contracts. End User License Agreements and Service Level Agreements are important because they describe the terms and conditions of the cloud service. If you're not sure of what they do or do not provide, contact the provider to clarify the services.
Protect Your Machine. Enable your firewall, use anti-virus/malware and anti-spyware software.
Protect your data. Don't store unencrypted sensitive information in the cloud. You don't know with whom you're sharing the cloud!

Don't Reply to Unsolicited Email Messages (SPAM).

by Neal Fisch in awareness, counterfeit websites, data security, email, faculty, passwords, personal security, security, spear phishing attack, staff, students, tips 0

By responding to these messages, you're only confirming that your email address is active. Another thing you shouldn't do is click the "remove me" link in the message. Links in email can point to an IP address other than what is being represented or referenced. The best thing you can do is delete the message.

Many free email service providers (MSN hotmail, Yahoo!, AOL or GMail) will allow you to easily report it as spam if you received it through their email systems.