Santa Clara University

Information Security Office

News and Events

 
RSS

Information Security News and Events

News, events, views, tips, and hints for keeping your personal information private.

The following postings have been filtered by tag information security. clear filter
  •  Be Wary of Telephone Scams

    Wednesday, Apr. 29, 2015

    Not only do cyber criminals send you fradulent (phishing) email messages and set up fake websites, they also may call you on the phone. Often times, they will offer to help solve your (nonexistent) computer problems or sell you a software license. The most common type of phone scams is tech support scams. Cyber criminals can be very persuasive in getting you to trust them. They might know your name and other personal information, usually gained from public phone directories or even through research. They might even guess what operating system you're using. After they have gained your trust, they might ask for your username and password or ask you to go to a website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information is vulnerable. 

    Once they have access to your computer, they will be able to do the following things:

    • Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you to remove this software.
    • Take control of your computer remotely and adjust settings to leave your computer vulnerable.
    • Request credit card information so they can bill you for phony services.
    • Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.

    So how can I protect myself from phone tech support scams?

    • If you feel that you have received a fraudulent phone call :
    • Do not purchase any software or services.
    • Ask if there is a fee or subscription associated with the "service." If there is, hang up.
    • Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer
    • Take the caller's information down and immediately report it to your local authorities.
    • Never provide your credit card or financial information.

    More information

    http://scu.edu/is/secure/blog/index.cfm?c=19636 

     

  •  Encrypt Zip Files

    Friday, Feb. 20, 2015
    7zip logo

    Need to encrypt your files, but don't have the software to do it? LOOK NO FURTHER! I am here to show you how to encrypt your files! 

    If you are Mac user, please follow this link (click here) to encrypt your files because the software I will be talking about is for Window users. Alternatively, you can download Keka, which is a free file archiver for Mac OS X, here. Instructions on how to use Keka can be found here.

    If you are a Window user, please keep reading. If you use Linux, you can google it or click here: (option 1) or (option 2)

    Let's get started. The software that I will be talking about is called 7-Zip.

    7-Zip is an open source software used to compress or zip files secured with encryption. Alternatively, you can also use WinZip (click here for WinZip). To download 7-Zip, click here

    After the software as been installed, you can proceed to encrypt a file or folder:

    STEP 1:

    Right click on the file/folder to be encrypted. 

    Select "7-Zip" and then "Add to archive"

    STEP 2:

    Change the name of the archive you wish to create.

    7zip2a

    STEP 3:

    Change the Archieve format to "Zip".

    7zip3a

    STEP 4:

    Change the Encryption method to "AES-256". You can also select ZipCrypto, but AES-256 is more secure. However, if AES-256 is selected, the recipient of the zip file may have to install 7-Zip or another zip program to open it. Selecting ZipCrypto allows users to open a zip file in Windows without a zip program. 

    I strongly recommend that you use AES-256 to protect your data. 

    7zip5a

    STEP 5:

    Enter a strong password. Here are some tips on how create a strong password: (option 1) or (option 2).

    7zip5a

    STEP 6:

    Select "OK" to create the encrypted archive file. This file will be located in same file as the original.

    You have encrpyted your file! Congratulations! 

    *to open the file, you just need to enter the password

     

     

     

     

     

  •  De-Cloud Your Life

    Wednesday, May. 21, 2014

    The term "the cloud" can be used to refer to the Internet. Marketers have popularized the phrase "in the cloud" to refer to software, platforms, and infrastructure that are sold as a service. Usually, the seller has servers that host products and services from a remote location, so users don't have to. They can just log on to the network without installing anything. These services may be offered in a public, private, or mixed network. Google, Amazon, IBM, Oracle Cloud, Microsoft Azure, and Dropbox are some examples of cloud vendors.  

    Cloud services have expanded as more and more users are using the Internet. Cloud services can be quite useful as a cheap "offsite backup". For example, keeping documents or a list of serial numbers of your things in case of a robbery or catastrophic event, such as an earthquake.

    Let's use Dropbox for an example.

    Dropbox usually requires a username and password to access documents. It even offers a two-factor solution as an option. However, a user can allow others to view a document by sending them a "secret link". But links can be easily leaked. As users rely more on cloud services to share files, with passwords that are too troublesome to set up, leaked links will become more commonplace. 

    Let's assume that the cloud service works as designed and your username and password is strong enough. But when you share files with other people, you run the risk of others not taking extra care with the files as you would. Their passwords could be weaker than yours or they could share the link onto the Internet.  

    Although cloud services are good, there are just some information that you shouldn't store into the cloud, such as confidential, personal, finacial, or medical information, unless you encrypt them before uploading. 

    Here are a couple of ways to "de-cloud" your life:

    • Setup an "ownCloud" server. It works very much like Dropbox with mobile clients available for Android and iOS. But you will have to run the server. I suggest you make it accessible via a VPN connection only. Sharepoint may be a similar solution for Windows folks.
    • Run your own mail server: This can be a real pain and even large companies move mail services to cloud providers. But pretty much all cloud mail providers will store your data in the clear, and in many ways they have to. Systems to provide real end-to-end encryption for cloud/web-based e-mail are still experimental at this point.
    • Offsite backup at a friend's or relative's house. With wide spread use of high speed home network connections, it is possible to setup a decent offsite backup system by "co-locating" a simple NAS somewhere. The disks on the NAS can be encrypted and the connection can use a VPN again.
    • For Apple users, make local backups of your devices instead of using iCloud. iCloud stores backups unencrypted and all it takes for an attacker to retrieve a backup is your iCloud username/password.
Information Security Office, 1-408-554-5554, iso@scu.edu