You are a SPECIAL Librarian! You are a Military Librarian!

Archive | Web/Tech

Microsoft Ending Support for Windows XP and Office 2003

Microsoft Ending Support for Windows XP and Office 2003 Source: U.S. Computer Emergency Readiness Team (US-CERT)

Computers operating Windows XP with SP3 or running Office 2003 products will continue to work after support ends. However, using unsupported software may increase the risk of viruses and other security threats.

Users have the option to upgrade to a currently supported operating system or office productivity suite. The Microsoft “End of Support” pages for Windows XP and Office 2003 offer additional details.

There are software vendors and service providers in the marketplace who offer assistance in migrating from Windows XP or Office 2003 to a currently supported operating system or office productivity suite. US-CERT does not endorse or support any particular product or vendor.

Users who choose to continue using Windows XP after the end of support may mitigate some risks by using a web browser other than Internet Explorer. The Windows XP versions of some alternative browsers will continue to recieve support temporarily. Users should consult the support pages of their chosen alternative browser for more details.

Posted in Current Events, Web/TechComments Off

Monthly Cyber Security Tips Newsletter – 2014 Cyber Security Outlook

As we look ahead toward the cyber threats facing us this year, some key challenges will result from the advancements in technology that are becoming part of our daily lives. Ranging from the Internet of Things to online currencies, devices and systems have never been more interconnected. Before we adopt these new technologies, we need to ensure we understand the security implications, and have appropriate layers of defense in place.    

Below are highlights of several of these new advancements and how they may affect us:  

The Internet of Things 

What is the Internet of Things?  Put simply, the Internet enables connectivity from virtually any end-user device or thing. The latest trend is connecting things such as small appliances, refrigerators, personal medical devices, wearable health trackers, and many other items. 

One of the most common examples of how the Internet of Things impacts our daily lives is the automobile, which has become a sophisticated computer device. Researchers have demonstrated the ability to hack an automobile’s systems to control the brakes, steering wheel, and even shut down the engine. Numerous discussion forums focus on the use of vehicle-to-vehicle (or V2V) technology, which will allow vehicles to talk to each other via wireless connectivity. 

Bluetooth, a standard feature in many automobiles with options to include a personal hotspot, can allow a modern smartphone to connect to the automobile’s stereo system to receive continuous Twitter feeds, or a system that may allow a technician to provide assistance in case of emergencies. Researchers have discovered ways to inject malicious codes/programs through CD players or iPod connectors. Theoretically, an infected song on your iPod or CD, when played in your automobile, potentially can spread malicious code from the automobile’s entertainment network to other components of the automobile without many restrictions. 

In another example of how the Internet of Things can impact us is from a recent news story that suggested electric tea kettles and other small appliances were able to exploit unencrypted WiFi and send data back to foreign servers [1].  

Internet-connected devices that are able to process sensitive personal information tend to be high priority targets for cyber criminals. It will become increasingly critical in 2014 to protect these devices from unintended or unauthorized connectivity. 

Bitcoins 

A Bitcoin is a digital currency stored in a downloadable wallet on a user’s personal computer or with an online wallet service provider. Each wallet has a unique identifier that allows users to transfer bitcoins to other users’ wallets. Bitcoin is a decentralized, peer-to-peer payment system, currently with no regulatory authority. It is gaining popularity, with mainstream businesses adopting it as an alternative form of payment or investment.      

 While the long-term use of Bitcoin is uncertain, for at least the near term in 2014, the increasing adoption and publicity will continue to draw the interest of cyber criminals who target Bitcoin users’ wallets for theft, or compromise systems to generate bitcoins via malware infection.      

 Mobile Transaction Risks 

 Every new smartphone, tablet or other mobile device provides an opportunity for a potential cyber attack. New features such as Near Field Communications (NFC), as well as AirDrop and Passbook for Apple, will continue to expand in 2014, increasing the opportunities for cyber criminals to exploit weaknesses. NFC and AirDrop allow for similarly configured smartphones to communicate with each other by simply touching another smartphone, or being in proximity to another smartphone. This technology is being used for credit card purchases, boarding passes, and file sharing, and will most likely be incorporated into other uses in 2014.     

 Risks of these technologies could include eavesdropping (through which the cyber criminal can intercept data transmission such as credit card numbers) and transferring viruses or other malware from one NFC/AirDrop-enabled device to another.  

 Summary 

 Before adopting any of the myriad new technologies that are rapidly being deployed, it’s important to understand the implications and risks. While interconnectivity can yield many benefits, the risk could outweigh the benefit if the devices, systems, and technologies are not properly secured.  

 Additional Resources: 

 NYS Office of Information Technology Services Enterprise Information Security Office Newsletters : http://www.dhses.ny.gov/ocs/awareness-training-events/news/

Georgia Tech: Emerging Cyber Threats Report:  http://www.gtsecuritysummit.com/2014Report.pdf

 Sophos: Security Threat Report 2014  http://www.sophos.com/en-us/threat-center/security-threat-report.aspx

 Websense: 2014 Security Predictions  http://www.websense.com/2014predictions?cmpid=prnr11.14.13

 Symantec: 2014 Predications http://www.symantec.com/connect/blogs/2014-predictions-symantec-0

 [1] http://www.businessinsider.com/russia-claims-china-bugged-tea-kettles-2013-10#ixzz2nM6vxMX8

    Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS. 

 

Brought to you by: the Center for Internet Security  

 William F. Pelgrin, President and CEO 

 www.cis.security.org

Posted in Current Events, Links, Web/TechComments Off

Identity Theft: Trends and Issues

Identity Theft: Trends and Issues (PDF)
Source: Congressional Research Service (via Federation of American Scientists)

In the current fiscal environment, policymakers are increasingly concerned with securing the economic health of the United States—including combating those crimes that threaten to undermine the nation’s financial stability. Identity theft is one such crime. In 2012, about 12.6 million Americans were reportedly victims of identity fraud, and the average identity fraud victim incurred a mean of $365 in costs as a result of the fraud. Identity theft is often committed to facilitate other crimes such as credit card fraud, document fraud, or employment fraud, which in turn can affect not only the nation’s economy but its security. Consequently, in securing the nation and its economic health, policymakers are also tasked with reducing identity theft and its impact.

Posted in Current Events, Links, Web/TechComments Off

The Communicative Functions of Emoticons in Workplace E-Mails: ;-)

The Communicative Functions of Emoticons in Workplace E-Mails: ;-)
Source: Journal of Computer-Mediated Communication

CMC research presents emoticons as visual representations of writers’ emotions. We argue that the emoticons in authentic workplace e-mails do not primarily indicate writers’ emotions. Rather, they provide information about how an utterance is supposed to be interpreted. We show that emoticons function as contextualization cues, which serve to organize interpersonal relations in written interaction. They serve 3 communicative functions. First, when following signatures, emoticons function as markers of a positive attitude. Second, when following utterances that are intended to be interpreted as humorous, they are joke/irony markers. Third, they are hedges: when following expressive speech acts (such as thanks, greetings, etc.) they function as strengtheners and when following directives (such as requests, corrections, etc.) they function as softeners.

Posted in Current Events, Links, Web/TechComments Off

Monthly Cyber Security Tips Newsletter – Cyber Hygiene with the Top 20 Critical Security Controls

Cyber Hygiene with the Top 20 Critical Security Controls
 
In this digital age, we rely on our computers and devices for so many aspects of our lives resulting in a need to be proactive and vigilant to protect against cyber threats. However, in order to be as secure as possible, we need to use good cyber hygiene – that is, making sure we are protecting and maintaining systems and devices appropriately and using cyber security best practices.
 
Many key best practices are outlined in the Top 20 Critical Security Controls, managed by the Council on Cyber Security. These Controls assist in mitigating the most prevalent vulnerabilities that often result in many of today’s cyber security intrusions and incidents. The Center for Internet Security (CIS) provides free, PDF-formatted configuration guides (Benchmarks) that can be used to implement the Controls and improve cyber security.
 
Below are several best practice strategies for strengthening defenses.  The numbers that follow each best practice are the related Control and the CIS Benchmark. The CIS Mitigation Strategies Crosswalk link below details a complete mapping of the Controls to Benchmarks.
 
Update Your Applications, Software, and Operating Systems
Even though you may be diligent in keeping your software up-to-date, you are still at risk from malware infections. Malware can infect your computer from a variety of different vectors, including compromised websites, malicious attachments in email, and infected thumb drives. This is why strong malware defenses are crucial. Anti-virus and anti-spyware will scan your files to see if there’s any malware in the files. It may even tell you if you’re about to download a potentially malicious file. Update your anti-virus software regularly. Keeping applications, software, and operating systems patched will help keep you more secure by providing you with the most recent and secure version.
Critical Security Control(s): 2, 3, 5
 
Securely Configure Your Systems and Devices
The “out-of-the-box” configurations of many devices and system components are default settings that are often set for ease-of-use rather than security. This often results in vulnerabilities that offer easy targets for hackers to exploit, often using automated programs that scan for holes. To mitigate risk, systems and devices should be configured according to industry-accepted system hardening standards.
Critical Security Control(s): 3
 
Secure Your Browser and Browser Add-ons
Cyber attackers search for programming errors and other flaws in web browsers and associated plug-ins in order to exploit them. These vulnerabilities, if successfully exploited, can give cyber criminals access – and sometimes control over – your computer system. To minimize these risks, keep your browser(s) updated and patched, and set to auto update.  In addition, keep any programs (known as plug-ins) updated and patched, block pop-up windows, as this may help prevent malicious software from being downloaded to your computer, and consider disabling JavaScript, Java, and ActiveX controls when not being used. Activate these features only when necessary.
Critical Security Control(s): 2
 
Back Up Your Data
Be sure to back up your important data so you can retrieve it if your computer fails. Most operating systems provide backup software designed to make the process easier. External hard drives and online backup services are two popular vehicles for backing up files. Remember to back up data at regular intervals and periodically review your backups to determine if all your data has been backed up accurately.
Critical Security Control(s): 8
 
 
Secure Your Wireless Network
Before the days of wireless (Wi-Fi) home networks, it was rather easy to see who was linked into your home network; you could simply follow the wires. You wouldn’t allow a stranger to connect to your wired network, so check to see who is connected to your wireless network. The first step is to lock down your wireless network with a strong password and encryption. This will prevent people who don’t have the password from connecting to your network.
 
While there are fewer wires to follow, you can still follow some digital breadcrumbs to see who is connected to your network. Connect to your router (for more information refer to the manufacturer’s user guide) to see who the clients (the connected devices) are. Are there more devices connected to your network than you expect? If there are some devices you don’t recognize, change your security settings and passwords. Don’t forget about your printers, many of which can connect to your network and are Wi-Fi enabled.
Critical Security Control(s): 7
 
Protect Your Administrative Accounts
Administrator or “admin” accounts give a user more control over programs and settings for a computer than a typical user account. If an intruder accesses an admin account, he could potentially take over your computer. Non-administrator accounts, or guest accounts, can limit the ability of someone gaining unauthorized access. It is important to change the default password on your admin accounts and to always log on to your computer as a non-administrator or non-admin account.
 
Another aspect to protecting admin accounts is to change default passwords on your devices. Many of them are published on the Internet, so be sure to change them to something unique and strong. Default passwords are especially prevalent in routers, wireless access points and other networked devices.
Critical Security Control(s): 3, 12
 
Use Firewalls
Many computer defaults are set for ease of use, which is convenient not only for us, but also for cyber criminals. Cyber criminals can use weak or unnecessary services as a first step to compromising your computer. Many computers and routers already come with a firewall built in to prevent malicious access to these services. It is recommended that you set the firewall to the securest level you think is appropriate: if this is a laptop you’ll use for traveling and connecting to public networks, it is recommended that you choose the strictest level of security and only allow exceptions for services you need. You can always relax the controls if necessary.
Critical Security Control(s): 10
 
For More Information:
 
 
Brought to you by the MS-ISAC

Posted in Current Events, Links, Web/TechComments Off

Blog Archives