Aug
4
2008

Think before you click “send” »

The Internet is littered with countless stories of individuals who sent emails they shouldn’t have or sent emails to unintended recipients. Before you send an email, ensure that it’s only going to go to the intended recipients and think twice about sending it if it could have a negative impact if it was read by an unintended recipient.
And if you are planning on sharing confidential VCU data with someone via email be sure to encrypt it or to utilize a different secure method to share it instead. VCU’s Securty Standard for Transmission of Confidential Data Through Email prohibits transmission of confidential data via email unless it’s encrypted.

Posted by Samuel Kennedy in the Information Security blog.
Aug
2
2008

GIFAR attack – it looks like an image, but it has a malicious paylod »

At this week's Black Hat security conference, researchers will discuss an attack which they've coined the GIFAR attack. The attack involves combining a JAR (Java Archive) file with another file, such as a GIF image file (GIF + JAR = GIFAR). The user's browser would consider the file a valid image file and display it properly, but the Java Virtual Mach . . .
Posted by Samuel Kennedy in the Information Security blog.
Jul
31
2008

SANS web application security course »

The SANS Institute is offering their Web Applications Security Essentials course (SEC422) via their @Home (webcast) program. There's a 40% discount for those who attended their now defunct Web Application Security Workshop in the last 18 months. VCU hosted that course last June and numerous VCU staff attended it. @Home consists of live webcasts, thoug . . .
Posted by Samuel Kennedy in the Information Security blog.
Jul
30
2008

Application feature – alerting user of concurrent sessions »

Earlier this month Google's Gmail added several new security features to the latest version of Gmail. A user can now see a list of current open sessions associated with the user's account. See an open session from an IP address you don't recognize or an access type you don't use (Mobile for example)? It may be indicative of a compromised account. Per . . .
Posted by Samuel Kennedy in the Information Security blog.
Jul
28
2008

Companies collect and share your data – check it for free »

Numerous private organizations collect data about you and share it with your creditors, employers and insurers. The Fair Credit Reporting Act requires that the 3 national consume reporting companies (Equifax, Experian and TransUnion) each provide you a free copy of your credit report at your request once every 12 months. You can request all 3 at the s . . .
Posted by Samuel Kennedy in the Information Security blog.
Jul
25
2008

“Spam King” sentenced, but another spammer escapes »

In a victory for email recipients everywhere, "Spam King" Robert Soloway was sentenced to 47 months in federal prison. Soloway had been accused of violating the federal CAN-SPAM Act. In loosely related news, convicted spammer Edward "Eddie" Davidson escaped from a minimum security federal prison camp in Colorado after serving 5 weeks of a 21 month sen . . .
Posted by Samuel Kennedy in the Information Security blog.
Jul
24
2008

SSN exposure at University of Maryland »

The University of Maryland mailed parking brochures to about 24,000 students on July 1st. Each student's Social Security number was included on a mailing label attached to the brochure. The school discovered the problem on the 8th. It's recommending that recipients place a free 90 day fraud alert on their consumer credit and the school is offering a . . .
Posted by Samuel Kennedy in the Information Security blog.
Jul
23
2008

The cat’s out of the bag – DNS flaw details revealed »

On July 9th security researcher Dan Kaminsky announced a serious flaw in DNS. Dan had been working with vendors to address it, but he refused to share the details until Black Hat USA 2008 in August. But now the cat's out of the bag. Halvar Flake took a stab at it, then Matsano Chargen accidentally posted <a href="full details about it, then D . . .
Posted by Samuel Kennedy in the Information Security blog.
Jul
22
2008

Distance education required to play Big Brother? »

There's a bill in Congress related to the Higher Education Act, which has implications for schools with distance education programs. The bill includes a single sentence that states that such institutions must implement processes to verify that a student who registers for a course (or program) is the same as the one who participates in it. Here's what . . .
Posted by Samuel Kennedy in the Information Security blog.
Jul
21
2008

San Francisco’s rogue network admin »

The lead network engineer for the city of San Francisco was arrested a week ago and charged with 4 counts of computer tampering. He is being held on $5 million bail for refusing to hand over the administrative password to the WAN, FiberWAN, which carried more than 60% of the city government traffic. Yes, $5 million. As of today he still hasn't handed . . .
Posted by Samuel Kennedy in the Information Security blog.

Categories

Our Weblogs

Need Help?

If you need immediate assistance, please contact the helpIT Center at (804) 828-2227 or submit a ticket online. You can also submit feedback through our Feedback form above or leave a comment on specific blog entries.

Don't Get Phished

Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, social security number or confidential personal information. Learn more about phishing ยป

Follow Us On Twitter

What is VCU Technology Services?

We are responsible for implementing and supporting the technology used around campus, such as the network, phones, enhanced classrooms, and Internet-based systems including myVCU, Blackboard, email, and more.

Archives by Month

2008