Get Anti-Virus Software FREE!

computervirus
Welcome Students!

The new school year brings new virus and malware threats to your Mac and Windows computers. The ResNet Resource Center has a stack of Apples and PCs that are infected with viruses. Long gone are the days when Apple users are immune from viruses and malware. The viruses today attack both Macs and Windows with equal success and damage.

The only way to help protect your computer is to install anti-virus software. Fortunately Northeastern offers Symantec Endpoint Protection (anti-virus) for both Mac and Windows for FREE!

Download Symantec Endpoint Protection FREE today!

Why should you install anti-virus software?

The viruses today are much more dangerous than in the past; and may cause much irreversible damage such as:

  • Stealing your email password and hijacking your account
  • Stealing your social media passwords and hijacking your accounts
  • Stealing your personal information and photos
  • Encrypting and holding all your data hostage
  • Corrupting your operating system, making your computer unusable
  • Hijacking your computer to make it part of an international crime bot-net (not as cool as it sounds)

Wiping the computer and reinstalling the operating system from scratch is often the only way to remove the viruses. Do not be left without a computer or your data. Get FREE anti-virus software to help keep your computer safe and secure.

Contact the Service Desk at x4357 or the ResNet Resource Center for assistance.

Image credit: IntelFreePress, on Flickr

Posted in Apple, Malware, Anti-Virus, Phishing, Scams, Safe Computing | Comments closed

Decrypt CryptoLocker Ransomware Files for Free!

cryptolocker

Victims of the CryptoLocker ransomware are now able to decrypt and recover their files for free.

The BBC is reporting the website https://www.decryptcryptolocker.com will provide users the decryption key and recovery program that will decrypt all the files on their computer encrypted with CryptoLocker. The service was developed by the security companies Fox-IT and FireEye after their research on CryptoLocker uncovered the master decryption key used by the malware.

If your files are encrypted by CryptoLocker, first remove the malware using standard malware removal software. Next, to go the www.decryptcryptolocker.com and submit a file that has been encrypted along with your email address. The site will provide the decryption key for your computer and a program that will remove the encryption.

Please contact the Service Desk (617.373.4357) for assistance removing the CryptoLocker malware and recovering your files.

The best protection against CryptoLocker and future variants of the malware is to have anti-virus software installed and a current backup of your data. In the event that this service cannot decrypt your files a good recent backup is the only solution to recover your data.

BBC: Cryptolocker victims to get files back for free

SecureNU: What is CryptoLocker Ransomware?

Posted in Malware, Anti-Virus, Phishing, Scams, Safe Computing | Comments closed

Criminals Steal 1.2 Billion Usernames and Passwords

hacker

The New York Times and other media outlets are reporting that a Russian criminal gang has acquired over 1.2 billion unique usernames and passwords. The user credentials were gathered through security holes in over 420,000 websites. The list of websites has not been released but the New York Times has verified it contains a wide range of companies, “from Fortune 500 companies to very small websites.

Internet users are urged to once again change all of their passwords, from banking to social media.

THE FACTS

This particular group is comprised of less than a dozen Russian men in their 20’s.

They began purchasing stolen credentials back in 2011 but recent accelerated their activity beginning this past April.

They are capturing credentials mainly using botnets. Anytime a user infected with the virus visits a website, a test is run to see if that particular website is vulnerable to hacking techniques (mainly SQL injection). If the website is vulnerable, the hackers make a note and return at a later time to extract the full content of the website.

It is estimated that this particular group had collected 1.2 billion unique usernames and their associated password by July of this year.

Additionally, because people tend to use the same passwords for different sites, the Russian hackers have used the stolen credentials to gain access to sites such as banks or brokerage firms.

WHAT’S NEXT?

At this point, the security firm does not believe that the stolen credentials are being sold on the internet, but mainly being used to spam on behalf of other organizations and collecting a fee for doing so. Since it is more profitable to sell credentials online, we cannot rule the possibility that it will be done in the future.

The security firm, Hold Security, has begun to alert those companies and organizations that were victimized, but they indicated they were not able to reach all of them. The NYT article also referenced a site where individuals would be able to test to see if their credentials have been compromised. However, this site has yet to be deployed.

WHAT CAN I DO TO PROTECT MYSELF?

It is not clear how the botnet computers were first infected with the virus, but this is a good example of why it’s important to be vigilant when browsing the internet.

If a download seems too good to be true, it probably is! Downloading files like software or other media can install malware or viruses on your computer without you even knowing it. Make sure you are downloading and install software from trust sources only, such as well-known publishers or authorized resellers. You can also use antivirus software to scan files before installing the files. Northeastern provides all faculty, staff and students with a free copy of Symantec Endpoint Protection, which can be downloaded through myNEU > Software Downloads.

It would also be wise to change all your passwords. Make sure to use different passwords for different sites. Worried about forgetting all those passwords?

Apps, like Dashlane, LastPass, and KeePass are free and let you store your passwords in a secure location so you don’t forget them.

Remember to create secure passwords. Strong passwords are at least 10 characters in length and should be contain uppercase, lowercase, numbers and symbols. Strong passwords should not contain any dictionary words, your name or your username. Make sure all your passwords are different than the last. A good example of a strong password would be IL0v350cc3r!75.

Note: A controversy with Hold Security has emerged as the company is offering services to potential victims of the breach for $120 a year. Hold Security has been faulted with having a huge financial incentive in creating a public panic with their choice of words in their public communications.

The Washington Post: Russian hackers steal more than 1 billion passwords. Security firm seizes opportunity.

Forbes: Firm That Exposed Breach of Billion Passwords Quickly Offered $120 Service To Find Out If You’re Affected

Image credit: Flickr: Christophe Verdier

Posted in Malware, Anti-Virus, Phishing, Scams, Safe Computing | Comments closed

Protect Your Keys from Scanning App

front-page-top

Key.me is one of a handful of new online services that provide physical key replacement. A free mobile app stores a picture of your key and for a small fee will either send you a physical copy or you can pick it up at a local kiosk (in NYC). The service is designed for people who find themselves locked out of their house or constantly losing their keys.

The concern is third parties such as valets, stalkers, and criminals making copies of your keys and entering your house. Realistically if a thief wants to break into your home they will find a way, though opportunity does provide an incentive. Key.me offers some protections against this type of abuse such as requiring a credit card for payment. Unfortunately a Wired author demonstrated these protections are easy to bypass.

The real problem is not key duplication services, it is who you trust with your keys. We are often talking about securing your digital accounts with strong passwords and keeping them private. In real life keeping your physical keys secure is just as important.

• Only give your car key to the valet; and only for businesses that offer valet service.
• Keep your keys out of sight and on your person when you are at the bar or other public places.
• Don’t leave your keys out in the open on your desk at work.
• Don’t keep your home address printed with your keys.

Services like Key.me provide a resource for people who are constantly locking themselves out of their apartment or losing their keys. Just remember, it only take a few seconds to take a picture of your keys. Simple precautions make sure they are secure.

Links and Resources:

Key.me
Wired: The App I Used to Break Into My Neighbor’s Home
Sophos: How to break into people’s homes with your mobile phone

Posted in Uncategorized | Comments closed

Beware Keyloggers at Hotel Computers

keyboard

Brian Krebs is reporting the Department of Homeland Security (DHS) is warning hotels that criminals are installing key loggers on publically available hotel kiosks and business center computers. Keyloggers are either software or USB type sticks that capture every keystroke a user makes on the computer. Criminals install these programs and devices to steal user information for use in fraud, identity theft, and other criminal activities.

From the DHS advisory:

“The suspects were able to obtain large amounts of information including other guests personally identifiable information (PII), log in credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business center’s computers.”

Unfortunately there is not much a user can do to tell if a public hotel computer is compromised. To stay safe do not log into any website or corporate server from a public kiosk or business center computer. This may inconvenience the business or casual traveler, but not entering your credentials is the only way to offer protection from snooping keylogging criminals.

More about Keyloggers at hotel business centers:

KrebsonSecurity: Beware Keyloggers at Hotel Business Centers

Image Credit: Flickr: Bull3t Hughes

Posted in Safe Computing | Comments closed

Securely Delete Phone Data for Resell

iphone5sm

Yesterday a report released by the security company Avast shows that a typical factory reset on your phone does not remove all personal data. Of the 20 secondhand phones purchased for the study the company was able to retrieve more than 40,000 photos, 750 emails and text messages, a loan application, and other personal data.

Take these steps to ensure your data is destroyed before you sell or donate your old phone.

From Lifehacker, instructions on how to securely delete your personal data.

SIM Card:

• For all phones with SIM cards, remove and keep the card. If you do not need the card, physically destroy the card.
• If the card needs to stay with the phone, first erase and format the card to remove all personal data. Generally the existing SIM card is not required when turning in a used phone.

iPhone:

Settings > General > Reset > Erase all Content and Settings

Android*:

1. Encrypt the phone using the built in encryption software
2. Preform a factory reset

*Encrypting the phone will take some time depending on the size of the phone storage.

Blackberry and Microsoft:

1. Encrypt the phone using the built in encryption software
2. Preform a factory reset

Note: No process is 100% guaranteed to make all your data unrecoverable. If you are worried that your data may be recovered do not resell or donate your phone.

Related Information:

Lifehacker: How Do I Securely Erase My Phone Before I Sell It?

ConsumerReports: Avoid ID theft and protect personal data when getting rid of a gadget

Image credit: Flickr – Vincent Lee

Posted in Safe Computing | Comments closed

New Lynda Video: Creating Secure PHP Websites

lynda.com

Lynda.Com has released a new course on creating secure PHP websites. This video is a must for anyone developing PHP websites and applications.

Watch for free with your MyNEU credentials

Link to the course: Creating Secure PHP Websites

From the Course Details:

Hackers target PHP web applications more often than other sites because most PHP code is written by developers with little security experience. Protecting web applications from these attacks has become an essential skill for all PHP developers. Creating Secure PHP Websites shows you how to meet the most important security challenges when developing websites with PHP. Instructor Kevin Skoglund covers the techniques and PHP code needed to develop sites that are more secure, and to avoid common mistakes. Learn how to configure PHP properly and filter input and escape output. Then check out step-by-step defenses against the most common forms of attack, and the best practices to use for encryption and user authentication.

Topics include:
Cross-site scripting (XSS)
Cross-site request forgery (CSRF)
SQL injection
Encrypting and signing cookies
Session hijacking and fixation
Securing uploaded files
User authentication
Throttling brute-force attacks
Blacklisting IPs
Implementing password reset tokens

Posted in Website Security | Comments closed

Changes to NU Wireless Guest Access

Next week, in an ongoing effort to enhance the security of our campus wireless networks, Information Technology Services will be implementing changes to the unsecured wireless network NUwave-guest.

On May 21, 2014, ITS will enable registration requirements and a time limit for NUwave-guest access on the Boston campus. All other Northeastern locations will implement these changes at a later date. Individuals wishing to use the guest wireless network will need to register through a new guest wireless portal page, similar to those used by coffee shops and airports. These changes provide a greater level of security for our campus networks by limiting Internet access to identified guests visiting Northeastern for a certain period of time.

As a reminder, NUwave-guest access is intended for limited guest wireless access only. Northeastern students, faculty, staff and sponsored accounts must use the secure wireless network NUwave.

Registration Details

Individuals wishing to use NUwave-guest will need to register through the guest wireless portal registration page, providing their name, cell phone number and email address. Guests will receive a text message containing their user name and an access code to be entered into the guest portal login page for network access, on up to three devices. Additionally, there will be a new eight-hour time limit for NUwave-guest. Once the allotted time expires, guests will be required to re-register in order to receive a new access code to continue to use the guest wireless network.

Conference and Event Planners

ITS has worked with conference and event organizers to ensure a smooth transition. Organizers may submit a myHelp request one week prior to the event in order to pre-register attendees and provide wireless access for the duration of the event. For access beyond what is already provided with NUwave-guest, organizers may submit a myHelp request two weeks prior to the event date and ITS will work to provide the proper solution. Additional information on how conference and event organizers can provide wireless access to their attendees is located on the NUwave-guest Wireless Network FAQ page.

 

Want to learn more? Visit the NUwave-guest Wireless Network FAQ page on the ITS website.

Questions or concerns? Please contact the ITS Service Desk at 617.373.4357 (xHELP) or help@neu.edu.

Posted in NU Policy, Safe Computing | Comments closed