11-07-2018 There’s a newish social media company, BrightCrowd, sending out invitations to UNC folks asking them to join. This is not affiliated with UNC, we have no reason to suspect they are malicious but the email does look like a phishing scheme. Also, Exxon has botched the rollout of a new program for Plenti cardholders, the email is confusing and can lead users to bad websites. If you get one of these emails, it would probably be worth waiting a good while before going to the site. More infro from Brian Krebs here:
25-04-2018 State IT auditors prepared a report last year with recommendations on steps units at UNC CH need to take to mitigate risk of sensitive data exposure. As part of our response to those recommendations we have started auditing cs system. In particular we are looking at ssh keys, directory permissions, and will offer scanning service of home directories and google drive for SSNs.
11-04-2018 Please be aware that scammers pretend to be IRS agents. The real IRS does not call people and ask for payment via credit card, to talk about an unexpected refund or threaten to call the police. More information on this kind of thing here:
12-01-2018 Well, it’s been a busy week. Gary pointed me to a good article explaining the meltdown vulnerability for folks interested in details. In terms of mitigation, the short version is folks should regularly run updates for both the operating system and applications. (While I have your attention, Personal Software Inspector is a good free tool for personal windows machines, it will let you know when there are updates for common applications and help you update there.) There is also an Intel AMT vulnerability and this one is pretty bad if someone has physical access. Intel’s Active Management Technology provides a way to remotely manage computers, and if a user doesn’t set the password in the computer’s BIOS or firmware, a malicious actor could gain control of the AMT and use that to control/access the computer. More info here on the issue and how to mitigate it.
09-01-2018 If you have an AMD CPU instead of an Intel CPU in your windows 10 computer, you may want to hold off a bit before applying the recent meltdown patches. For more info: https://www.pcworld.com/article/3246189/security/microsoft-halts-meltdown-patches-windows-amd-pcs-unbootable.html
04-12-2017 There’s a new phishing scheme out now targeting Paypal users with “failed transaction” emails. One clue that this is a phishing scheme is the fake sites asks for much more information than Paypal would need, including physical address, phone number, mother maiden’s name, date of birth, and payment card information (name, number, card number, expiration date, security code). Paypal has pretty decent two factor authentication, if you use Paypal, you should consider enabling that. More information here: https://www.helpnetsecurity.com/2017/12/04/paypal-holiday-phishing/
28-11-2017 Users with macs running High Sierra need to set a root password as soon as possible as it’s possible to get root access from the user interface with no password. Other versions of OS X are not known to be affected and I could not replicate this on my machine running “low” sierra. More info here: https://www.theregister.co.uk/2017/11/28/root_access_bypass_macos_high_sierra/
17-11-2017 We’re getting a lot of phishing emails with “Your University of North Carolina at Chapel Hill5 email account has been suspended. You must verify it immediately or your account will be closed or wouldn’t be able to send or receive mail” in the message body. Remember, ITS will not send out such messages and you should not click on links in email.
08-11-2017 There’s an artful phishing scheme which purports to be a Netflix suspension notice, tailored to individual user and using design elements from the Netflix site. Remember to now click on links in email–instead, go directly to the site before logging in. More info here: https://www.helpnetsecurity.com/2017/11/08/netflix-themed-phishing/
18-09-2017 Dou authentication will be required on the Campus VPN as a second factor starting on Monday, September 18th. ITS documentation on this starts here:
12-09-2017 Make sure to patch your phone or other linux/android devices or turn off bluetooth, there a new attack method that doesn’t require a user to click anything and can compromise any affected system at a distance. More info here and here.
11-09-2017 Please change your UNC Computer Science password BEFORE Wednesday October 11th, 2017. All Computer Science users must change their passwords between July 1st and October 11th to retain access to our systems. You received this email because you have not changed your password since July 1st, so you will need to change your password BEFORE October 11th, 2017.
IF YOU DO NOT CHANGE YOUR PASSWORD BEFORE October 11th, YOUR ACCOUNT WILL BE DISABLED on October 11th. If your password gets disabled you can change your Computer Science password based on knowing your Onyen. See the following URL more information:
08-09-2017 Equifax was hacked in May of this year, private data of over 143 million people was exposed. More information on the breach (including a link to an Equifax site you can go to to see your data was comprised and to sign up for one year of monitoring) is here and here, but note that if you go to check on whether your data may have been exposed, you might be giving up your right to sue Equifax. Brian Krebs has a good followup article here
12-08-2017 ITS is requiring use of two factor authentication at the campus VPN starting the 18th of September. Here’s some info on two factor authentication.
19-07-2017 Apple posts updates for many of their products. Some of the vulnerabilities patched allow remote code execution, so please check your apple devices for available updates.
14-05-2017 Wannacry ransomware: This has been very active in Europe, and can infect window machines via phishing schemes and worming over the network into machines lacking a systems patch. The exploit code is believed to be based on the EternalBlue exploit designed by the NSA and leaked to the public. The ransomware encrypts files on windows machine and mounted disks, and infected machine post a notice offering decryption for a $300 fee. Microsoft has released patches for this vulnerability for the no-longer-updated XP and 2003 operating systems.
What to do? These suggestions are specific to Windows systems, but the same basic practices are recommended for other operating systems.
1 – Make sure your system is patched, just open Window Updates and update your system. Do that now if you haven’t done this recently. Check the update history to see that updates are regularly successful.
2 – Open your anti-virus software and make sure that is also up to date.
3 – Make sure you have off line backups–an easy way to do this is get a couple of external USB drives. Connect one or the other to your machine every week or so and make a backup. If your machine is a Desktop, keep the drives at another location, if it is a laptop, keep one at work and one at home.