November 2006

IT = Information Technology

IT Happens

Read all about IT…

In this issue…

we will cover: who to call with computer issues, volume of e-mails coming into campus, protecting your desktop and deterring shoulder surfers.

Quote of the Month:

Only I can change my life. No one can do it for me.

Carol Burnett

US actress & comedienne (1936 - )

This quote is from http://www.quotationspage.com/

Who do I call…?

Except for those issues listed below all computer issues should be reported to The Technical Assistance Center (TAC), located in Darden 110, which is the hub for all faculty, staff, and student computer related issues. This location is the best option for all computing and website issues. Hours of operation are Monday - Friday, 8:00 a.m. to 5:00 p.m.; closed on Saturday and Sunday.

TAC Phone Number: (276) 376-4509

TAC E-mail: user-support@uvawise.edu

Threatening emails should be reported immediately. If you feel threatened by the contents of an email received through your uvawise.edu account during normal business hours (M-F 8:00-5:00) you can report it to abuse@uvawise.edu or (276) 376-4641 or contact the Campus Police anytime at 911 or (276)328-COPS. Do not disregard a threat, take all threats seriously.

Scam and spam e-mails – check the Scams page under alerts to see if these emails have been reported. If they have been reported then you need to delete the e-mail from your IN box and do not click any of the links. If the e-mail does not show on the Scams alerts page then please forward the e-mail to abuse@uvawise.edu.

If you are receiving harassing e-mails to your uvawise.edu account please forward the e-mail to abuse@uvawise.edu and/or call extension 4641 to report the abuse.

Did you know...

that during the process of doing your job on a daily basis you may unwittingly provide opportunities for information/data theft? Most of us have sensitive and sometimes confidential information for which we are responsible. Some methods used to gain access to this information both at work and at home include:

Allowing someone to shoulder surf (look over your shoulder) so that they:
- see what you are typing in by watching the keyboard
- can see the computer screen
- can see the keypad on an ATM/Credit Card device when you are making a transaction
- see the keypad when entering a code for access to a door/building/office.

This may be done even when you are not aware.

Leaving your computer screen “unlocked” when you are away from your desk.
Leaving your computer “on” for extended periods.
Logging onto your computer using an “Administrator” account.
Leaving the guest account enabled
Allowing unnecessary services to run on your computer
Visiting and using Peer-to-Peer sites such as Gnutella, Ares, Morpheus, e-donkey, KaZaa to name a few. When you use these programs they often “download” more than you bargained for and most times even more than you are told about.
Using social engineering software such as MySpace and Facebook.

That having been said…

remembering just a few easy rules will help secure you and the information for which you are responsible:

Be aware of who and what is going on around you. Don’t let someone sneak in behind you and shoulder surf without you knowing. Always block the keypads for ATM’s and coded door locks from “peepers”.
Locking your computer screen allows you to keep all your windows open but won’t allow “Joe User” to come into your area and gather sensitive/confidential data or possibly send e-mail or other files to a recipient(s) in your name but without your knowledge. Lock your computer by holding down the Windows key and pressing the letter L.

Logging onto your computer using an “Administrator” account and/or leaving the “Guest” account enabled are not good ideas. If someone does hack into your computer and gains access to the “Administrator” account they have just taken control of your computer, most of the time without your knowledge. They can load software, change configuration settings and pretty much anything else they want to do, all without you suspecting a thing. The “Guest” account means that anyone can log on to your computer and no preexisting account or password is needed.
Services are always running in the background on your computer. Hackers often use these services to help hide their malicious scripts and programs by naming them similarly to needed services that run your computer. Don’t just go in and stop services without knowing what you are doing but do request that all unnecessary services be stopped when you purchase your computer and/or have it repaired.
Peer-to-peer file sharing is an excellent way to get hacked or become a victim of viruses, trojans, worms, and other types of mal-ware. Or possibly even becoming part of a botnet. (To quote the Borg – “You will be assimilated, resistance is futile.”) Peer-to-peer programs are notorious for infecting computers.
Never give out personal information that can be used to locate you and make you a victim of on-line predators. Your friends know where to find you. Do yourself a favor and keep the rest guessing. Making new friends is fun, making yourself a target is not.

For more helpful tips please visit: www.uvawise.edu/oit/security

Danger!!!

Never provide personal or financial information to anyone with whom you did not initiate the contact whether via an e-mail or a phone call. Financial institutions should not solicit this kind of information through an e-mail and you should always be able to verify the identity of the person calling. If your financial institution solicits personal financial data in this manner I would consider changing financial institutions. Quickly!

E-mail…can be very frustrating when

it seems as though every day you are inundated with thousands of useless and annoying e-mails. There are very few days that go by where I don’t hear someone complaining about the junk e-mail. Well I’m not going to tell you that you don’t have a legitimate gripe, but the fact is that you don’t receive but a fraction of the e-mails that come onto campus. Through some sophisticated e-mail filtering IT is able to discard many e-mails before they ever reach your desktop.

On Wednesday 11/08/06 we actually had more than 107,000 e-mails received to our Spam Firewall. A grand total of 107,123 e-mails were received and of those: 77,547 were blocked (388 of those were blocked because of viruses), 12,955 were tagged as SPAM/Bulk, and only 16,621 were identified as legitimate e-mails. So you only deal with around 30% of all the e-mail traffic. Not bad, huh?

Want to know where these e-mails come from? FYI: This appears to be the culprit for the recent SPAM surge

'Pump-and-Dump' Spam Surge Linked to Russian Bot Herders
By Ryan Naraine
November 16, 2006

SEE THE SCAM : These images show the scammers at work.

The recent surge in e-mail spam hawking penny stocks and penis enlargement pills is the handiwork of Russian hackers running a 70,000-strong botnet powered by hijacked computers in more than 160 countries. SecureWorks researcher Joe Stewart reverse engineers a SpamThru Trojan and finds evidence of a well-heeled spam operation.

READ MORE...

The Trojan, which uses peer-to-peer technology to send commands to hijacked computers, has been fitted with its own anti-virus scanners level of complexity and sophistication that rivals some commercial software.

SpamThru trojan uses p2p, anti-virus solutions to wipe out competitors, spread spa...
Find SpamThru trojan uses p2p, anti-virus solutions to wipe out competitors, spread spam and all latest security news, security features, analysis and opinions from SC Magazine US, the onli...
http://www.scmagazine.com/us/news/article/600066

A Word from our Director

(Interim – Sheila Combs)

The Vice Chancellor of Information Technology search continues. The search committee is exploring a viable candidate. Further information will be forthcoming as it is made available.

We would request that topics you would like to see covered and/or comments be sent to sherron@uvawise.edu.