No one likes being tricked into doing something they wouldn't want to do or could harm themselves or others. That is what phishing tries to get you to do, for example, giving away your login credentials or social security number. That doesn't have to happen if you learn how to read the clues.
Here's an example of a recent phishing email that includes tips on spotting a phony email.
(Click here for PDF version)
Brown instructors, have a project in mind to make your class more engaging involving technology? Want to spend a few days this summer learning what technology support Brown has to offer and getting hands-on help developing a project plan? Academic Technology is now accepting proposals for faculty instructional projects and our Annual Brown Summer Institute for more information contact firstname.lastname@example.org. The deadline for Summer Institute Applications is April 27th.
The Brown University Library is hosting an Edit-a-Thon in memory of Adrianne Wadewitz on May 22, from 1:30-6pm in the Rockefeller Library DSL. All welcome, bring your laptop and be ready to write enrich articles on women, women's issues and other topics that continue Wadewitz's work.
View details and sign up on the Wikipedia event page.
Have you downloaded the Brown mobile app yet? Brown Student Agencies worked with CIS to develop a official Brown University Mobile App for iOS and Android! The Brown mobile app allows you to track your academics, check out dining hall menus, manage Bear Bucks accounts, and more.
We've heard from a lot of students who don't realize it's possible to print to PAWPrints from their own computers. We've recorded Mac and PC videos of the setup. Remember that you need to be connected to Brown-Secure wireless or with an ethernet cable on campus in order to print. Follow along with the text instructions here.
Yesterday, Microsoft issued the last update for Windows XP. As a result, Computing and Information Services will not be able continue supporting XP. For security reasons, CIS recommends upgrade or replacement of your computer as soon as possible. Faculty and staff, please consult your department's IT support professional prior to upgrading your operating system.
Background on OpenSSL and Heartbleed
Late on Monday, April 7, researchers discovered a flaw in the security tool, OpenSSL, which provides the encryption that protects Internet traffic and communications between one device and another. Most users would know this as the small, closed padlock and "https:" on web browsers to signify that your Internet traffic is secure. The flaw, nicknamed "Heartbleed", allows an attacker to capture usernames, passwords, and pretty much any other information.
Why this matters
OpenSSL is used everywhere: when you shop at Amazon, access your personal email, use your personal banking, or visit your social network, blogging and sharing sites. It can also be used to secure communications on personal mobile devices, such as smart phones and tablets, through the securing of web browsers, or installations of web apps you may have installed. The "Heartbleed" vulnerability in OpenSSL could allow a remote attacker to access sensitive data that is passed through it, such as login information like usernames and passwords.
What Brown is doing
Brown technical staff has been engaged and responding to this issue as soon as the bug became public. The Information Security and Network Technology groups in CIS, in conjunction with the technical staff members across campus, have assessed the areas at Brown that are impacted by this vulnerability. Most fixes are already in place, while others are in progress.
What you should do
Most of the work that needs to be done is by technical staff who must patch the affected servers and systems, whether for Amazon, Yahoo, your bank, social network, etc., or here at Brown for those few servers and systems that must be updated.
There are, however, there are a few tips and actions you may want to consider for your personal computing. The following have been gathered from multiple open sources, and are based upon guidance and advice from experts across many areas:
- At this time, Brown University is not asking users to change their Brown network passwords.
- Regarding your other passwords, we recommend that you update them but only after it has been confirmed that the websites have taken the proper measures and are secure. Many sites and services are already sending emails to their customers that they have taken the proper actions.
- If the sites and services that you use include alternate ways of confirming your identity, such as a cell phone number for confirmation text messages, consider using them. This will mitigate an attacker if your password has been compromised.
- You should exercise caution when visiting websites, as "Heartbleed" can affect web browsers. Expect all major browsers to address this issue very soon with an update, if they have not already.
- You can test sites using the Heartbleed Test Site (https://lastpass.com/heartbleed).
- In the short term, when finished with a website, completely log out if you were logged in (such as with Facebook, Yahoo, etc), and when finished surfing the web, close your browser.
- We anticipate a new wave of phishing messages using this vulnerability as an excuse to steal login credentials and compromise accounts. Beware of spam messages about "Heartbleed."
- Monitor financial statements closely. Check bank and credit card statements for unusual activity.
- Unless you have heard from your bank directly that they are not vulnerable, we recommend refraining from doing any online banking for a few days.
- Heartbleed Bug: Recap + Q&A Brown Bag | Sign-up for Brown Bag at brown.edu/go/heartbleed-brown-bag
- Background Information: The Heartbleed Bug
- Heartbleed Bug Health Report
- The Heartbleed Hit List: The Passwords You Need to Change Right Now
- NPR Marketplace story: The Heartache of Heartbleed
- Brian Krebs: What Can You Do?
- How to talk to your kids (or manager) about "Heartbleed"
ISG has added the new section How Do I ...? to their web pages. From the main "Information Security" link, click on the "How Do I ...?" link for a collection of commonly asked questions with quick answers, plus links to more details.
Brown's Google Apps service allows each of us to have 30 GB shared storage for email and Google Drive. If you're getting close to your limit or just feel like keeping things clean, you can find big files in your mail and drive using the following instructions.
There's now an easier way to search your emails by size. Open the Advanced Search by clicking the triangle on the inner right of the search box at the top of your email.
You'll see an option to enter a size in the Advanced Search. You might want to start with 15 MB - if you don't find enough results, decrease the number and try again.
Once you delete emails, they will be automatically removed from your trash after 30 days. You can also empty your trash manually.
You can also sort your Google Drive by size to find the biggest files. Find a column heading (such as 'Owner' or 'Last Modified') and click the small triangle next to it. Choose to sort by Quota Used. In Drive, the trash does not automatically empty - if you move a file to the trash and want to lower your used quota, you will have to click the Trash link on the left menu and then the Empty Trash button.