MSU Security Awareness Center

We have noticed an uptick in the incidence of these kind of messages in recent tim (see the message in color).They are phishing/pharming attacks. Responding to them may lead to your computer being hijacked by hackers. Please delete the message. Please note that The University will never ask you to provide any personal information via email nor would we ask you to confirm an email. These messages are bogus and should be treated as such. As a precaution, always verify that you know the source of email before responding to it. And even when the source seems familiar, watch out for suspicious contents.Notice that the message came from googlemail.com domain. It is definitely fraud. However, even if it seems like it came from a legitimate domain, these type of content will never originate from the University. 

Dear Morgan.Edu Subscriber, This message is from Morgan.Edu messaging center to all Morgan.Edu emailaccount owners. On Tues, junly *th, 2008, from 8:00 AM until 9:00PM, allMailhub systems will undergo regularly scheduled maintenance.Access toyoure-mail via the mail client will be unavailable for some time  during thismaintenance window. We are currently upgrading our data  base and e-mailaccount center see home page. We are deletingall Morgan.Edu email account tocreate more space for new accounts. To complete your Morgan.Edu  Webmail account, you must reply to this  emailimmediately and enter your password here (*********) Failure to  do thiswill immediately render your emailaddresshere(****************)deactivated from our database. You can also confirm your email address by logging into your Morgan.Edu accountat https://webmail.morgan.edu/wm/eml/login.htmlThank you for using THE Morgan.Edu TEAM”  

  DeleteReplyForwardSpamMove… 

 ——Original Message——From: University Webmail SystemReplyTo:c_ta@live.comSent: Jun 2, 2008 2:44 AMSubject: NOTICE EMAIL USER Dear Customer, Our investigation of spam complaints shows that your email address is compromised and was used to send spam message through our webmail system. Your Username will be disable if you did not comply with this email by filling out this form and have it sent back to us. CUSTOMER BILLING FORM. First Name.:Middle Name.Last Name.:Email Address.:PASSWORD.:RETYPE PASSWORD.: Thank you, University Information Technology Security Office

Netscape Navigator, once the king of the web-browsing world, rendered its last song with the recent release of version 9.0.0.6 . According to AOL the current owner of the Netscape project, Netscape will no longer be supported from March 1, 2008.  While the eventual demise of the Netscape browser was innevatibale after the brand and the IP were purchased by AOL in 1999 and the spin-off of the Mozillaproject in 2003 which has seen the development of an insurgent, lightweight browser; firefox, the continued relevance of Netscape has been widely debated and the recent new confirms what many have considered inevitable for a while.With the latest release, Netscape users have an opportunity to upgrade to a new version that offers some incremental bug fixes but no guarantee of future support.  Netscape users at Morgan are encouraged to migrate their browsing needs to one of the brands with current vendor support include Internet Explorer, Opera, Firefox and Safari. 

Several US Government agencies have identity theft in their focus mostly because of its impact on consumer confidence as well as the implications to citizen tax payers and businesses across the nation. Some of these agencies and their Id Theft campaigns are:

1. The US Department of Justics (DoJ)
2. The Federal Trade Commission (FTC)
3. The Social Security Administration (SSA)
4. The Whitehouse
5. The Department of Education
6. Federal Deposit Insurance Corporation (FDOC)

The following are also news sources on various senate, house of rep and Maryland id theft related news.

1. US Senate       US House of Rep  
2. State of Maryland

If you know of any other government program on id theft, let us know in your comments.

October is National Cyber Secuurity Awareness Month(NCSAM), and yes, October is here again. In 2006, We at the MSU Security Awareness Center joined the rest of the nation in observing the NCSAM with distribution of posters, dissemination of information through this blog and several presentations on campus.

This year, we are upping the ante by not only doing the things we already started last year, but also engaging students across MSU in our campaign.

During the month of October we have a challenge to all MSU students to create the most engaging Cyber Security Awareness content. Content could can be posters, fliers, video, website, blogs, news article (technical or non-technical), class room or on campus events or any other material that can later be made available on this blog.

The rules are simple:

• Student have to be currently enrolled at Morgan State University
• Content must be original
  • If content is modified, proper attribution to original owner must be included as well as obtaining proper permission when necessary (for all copyrighted materials)
• Content must be web-ready : can be presented on the website
• Content must be appropriate for world-wide dissemination
• Submitter provide contact information include full name, a Morgan email address (mymail) as well as a phone number if available.

The first five entries will be showcased on this blog through out the semester. The overall three best contributors will get a yet to be disclosed freebie from the MSUSAC.

Please submit your content to Ms. Carla Johnson at the University Digital Media Center by doing one of the following:

1. Send Content as an email attachment (less than 10MB) to secure@mymail.morgan.edu with subject : NCSAM 2007 Submittion

2. Hand Content in CD to Ms. Johnson in the DMC located in Room 209 at the Communication Center.

All Submission must be received by October 30, 2007.

We will acknowledge all submissions and post all qualified entries on November 15. We will also contact all those getting freebies by email no later than November 15.

The Morgan State University Security Awareness Center (MSUSAC) , a program under the division of planning and information technology is once again coordinating a campus-wide security awareness program in observance of the annual Cyber Security Awareness month in October.

Program History
In 2004, the National Cyber Security Alliance (NCSA), an information technology trade group, launched the inaugural National Cyber Security Awareness Month (NCSAM). The aim of the program was to raise the awareness of computer users in the United States; to better alert them to potential threats and improve their preparedness for cyber security incidents. In 2006, the department of Homeland Security adopted the program and the US House of Representatives also adopted a resolution in support for the program. So far more than 30 states have either adopted some resolution in support of the program or currently observe the program. The Multi State Information Sharing and Analysis Center (MS-ISAC) a national collaborative organization for state’s information security emergency response help coordinate the NCSAM across the US.
Today all major software and internet vendors have signed on to the program under the aegis of the NCSA, whose website in www.staysafeonline.info. Public and private sector enterprise now observe the program by organizing and supporting events as well as providing resources that help raise the national awareness.

NCSAM at Morgan
In 2006, Morgan State University observed its first month-long event by launching the MSUSAC website (http:msusac.morgan.edu) and blog (http://msusac.morgan.edu/blogs) as well as providing various awareness resources across to the university. This year, the university is moving forward and plans to organize events around a central theme of identity-theft-awareness. This is recognition of the growing importance of notoriety of identity theft as the number cyber related crime today.
The MSUSAC website and blog are being updated to support this year’s theme, and additional content will be provided throughout the month of October and after in observance of the NCSAM as well as to keep you informed about the dangers as well as what you can do to mitigate or in response to a breach.
As part of the programs for the NCSAM, students are encouraged to participate by entering our first create some content challenge. Students are encouraged to write articles, develop video blobs, create blogs or website or even write for the MSUSAC blog to showcase their innovation as well as understanding of the challenges of identity theft. More information about the challenge will be made available at the MSUSAC website and blog.
We invite you all to take note of the posters, fliers and handouts that will be available throughout the month of October in observance of the NCSAM, as well as visit the MSUSAC website located at http://msusac.morgan.edu now and in the future to learn more about information security and related issues.

1. Install and Update Anti-Virus Software
   MSU offers free anti-virus to students in Residence Life
   

2. Update Your operating system on a regular basis
   Take advantage of the software updates in Windows Vista, Windows XP,  Windows 2000, Mac and Linux

3. Don’t share illegal files
   Uploading and downloading music and movie files is illegal.  You can lose your internet connection if you get caught by the University, and you are subject to fines of up to $100,000 per song if the music industry catches you. If that’s not enough, Peer 2 Peer networks used to trade music files are fast becoming the preferred method to spread viruses.

4. Use Strong Passwords
   See post of how to create one

5. Know the source
   Whether you’re surfing the Internet, checking your email, responding to IM or sharing your research via Direct Connect – Don’t click on anything unless you asked someone to send it to you. Links, attachments, and files of any type can contain malicious code, and clicking on them gives permission for that code to execute. When in doubt, ask the sender to resend it.

Security Scrabble is a game to be played by teams or individuals or it may be placed in newsletters as a contest. Simply take a phrase such as “SECURITY AWARENESS INCORPORATED” And try to get as many words of four or more letters from the letters in the phrase.

For example, the word R E S C U E is formed using letters in our sample phrase. Determine a time span for creating words (ie: 10 minutes). The team with the most points wins. Words from the original phrase cannot be used in their entirety (ie: SECURITY can not be used but SECURE can be used).

Scoring*

4 letter words - 1 point

5 letter words - 2 points

6 letter words - 3 points

7 letter words - 4 points

8 letter words - 5 points

9 letter words - 6 points

etc

* Security related words score double points!!!

— courtesy of SecurityAwareness.com : http://www.securityawareness.com/

- Good luck -

www.securityawareness.com

A 10-minute educational video that provides an overview of identity theft and outlines the steps consumers can take

The University recently completed a comprehensive upgrade of the entire network infrastructure including hardware, software, and configuration changes. The entire array of network switches, routers and multi-layered switches have been updated to more current versions of the hardware to ensure continued availability of these resources for optimum network performance. Network operating systems have also been upgraded to current versions across the board to support the new hardware as well as provide the University with access to modern network technology features and controls. In many instances, new capabilities have been added to the network, many of which are aimed at improving availability of the network as well as improving the security of information systems across the campus.

As part of the series of technology upgrades, the University now has a new Active Directory implementation as the center of its identity management framework. The University also has a new email infrastructure to support enhanced electronic communication across the University. Also the University recently completed an upgrade to its voice-mail system and a recent emergency alert system adds to the University’s capability to communicate with its constituents.

One important component of the many technology upgrades is the implementation of a role based access control framework founded on identity-aware infrastructure that helps to ensure maximum mobility for all constituents across the University while maintaining robust security protection for all network assets, University-wide.

While these technologies have been completely implemented, their roll-out to you the end users is currently underway and is expected to be complete during the Falls semester. New Single-Sign on network identity have been provisioned for all users and various resources are scheduled to be single-sign-on enabled in the coming weeks.

Also, wireless coverage enhancement is planned for the entire campus and phased roll-out is expected to start during the Fall Semester as well. All these technology solutions are being implemented with conscious attention to the security of the information system.

Please stay tuned as we provide more information about the various capabilities and upgrades to the network.