[IS&T Security-FYI] Newsletter, September 7, 2007

Fri Sep 7 08:58:54 EDT 2007

In this issue:

1. Back to School Tips from Tony Bradley
2. Schools In the News: Johns Hopkins University
3. Tip of the Week: Beware Domain Renewal Fraud

-----------------------------------------------------
1. Back to School Tips from Tony Bradley
-----------------------------------------------------

Summer is over and schools are back in session. Now is a good time  
for students, parents, teachers, and school administrators to learn  
(or refresh their memory on) some basic computer security concepts to  
make sure everyone's computer usage is safe and secure. Some of the  
things to keep in mind:

- Using the Internet Safely
Whether it's MySpace or FaceBook, these social networking sites are  
so popular that they are often the target of hackers, predators, and  
other people with bad intentions. Kids often share too much  
information online and are gullible when it comes to clicking on  
interesting-looking links. A 2005 study shows that one in three  
children ages 6 to 17 reported being bullied online; 17% had been  
harassed; 8% had been threatened; 6% had been stalked; another 6% had  
been victims of identity theft. (These numbers are just from those  
who reported. Who knows how many have kept silent.) Adults should  
talk with young people about the threats and how they can prevent  
becoming victims. It is the best way to make sure they understand  
what they are doing when they surf the Web.
<http://netsecurity.about.com/od/newsandeditorial1/p/myspace.htm>

- Peer-to-Peer Networks
The popular activity of downloading, uploading and sharing files  
through a peer-to-peer (P2P) network can get people into more hot  
water than they anticipate. The concept of sharing seems benign  
enough, but it comes with risks. Not only can you be held accountable  
for infringement if the files you are sharing are copyright  
protected, but sharing files on your computer goes against many of  
the basic principles of securing your computer.
<http://netsecurity.about.com/od/newsandeditorial1/a/p2psecurity.htm>

- Protect Yourself from Spyware
In addition to protecting your computer from viruses and the like  
caused by malware, you should also control the onslaught of spyware  
and adware. These programs can track and monitor what you do on the  
Web or in the worst-case scenario actually monitor keystrokes and  
capture passwords. Five tips on protecting against these threats are  
listed at the following site:
<http://netsecurity.about.com/cs/generalsecurity/a/aa050204.htm>

- Identity Theft
Social engineering and computer theft can often lead to data breaches  
that put people's personal information and identities at risk. When  
your password or personal identifiable information is stolen,  
criminals can use it to gain access to your money or to commit crimes  
in your name. It is up to each individual to monitor and protect  
their personal information and credit. View ten tips on identity  
theft here:
<http://netsecurity.about.com/od/newsandeditorial1/a/aaidenttheft.htm>

- Using Wi-Fi
Wi-Fi (wireless) networks are another modern day computer risk. As  
more people set up wireless home networks, hackers find ways to get  
their personal information. Using other people's wireless networks  
can also be risky. Find out more here:
<http://netsecurity.about.com/od/hackertools/a/aa072004b.htm>

---------------------------------------------------------------
2. Schools In the News: Johns Hopkins University
---------------------------------------------------------------

Johns Hopkins University waited five weeks before notifying patients  
and their families about the theft of a desktop computer containing  
patient information. The computer, taken from an "administrative  
area" of Johns Hopkins University Hospital contained patient names,  
Social Security numbers, dates of birth, medical history and other  
personal information. According to University officials, the computer  
was secured to the desk by a steel cable and it was password- 
protected. However, the computer did not contain an encryption  
software to protect the data nor was a the data password-protected.

Read the full story in the Baltimore Sun: <http:// 
www.baltimoresun.com/news/health/bal-te.theft01sep01,0,1208422.story>

-----------------------------------------------------------------
3. Tip of the Week: Beware Domain Renewal Fraud
-----------------------------------------------------------------

If you registered a Web site you may receive a letter or email from  
Domain Registry of America, Domain Renewal, or others, suggesting  
that since the renewal of the domain's registration is coming up, you  
should renew the domain with them. I received one of these letters in  
the mail just about a month ago from Domain Registry of America. The  
letter stated that paying $30 would guarantee that my site would  
remain registered and not fall into the hands of anyone else.

Lucky for me, I learned that this is a ploy used by some companies to  
"steal" your domain name, your money, and to lure customers away from  
legitimate Web hosts. Anyone can look up a domain name and see if it  
is registered. They can then find your contact information and  
attempt to trick you into "registering" the domain with them. Don't  
fall for this trap, as I almost did. To learn more see these articles:

E-Week: <http://www.eweek.com/article2/0,1759,2159134,00.asp>

Domain Name Wire: <http://domainnamewire.com/2007/07/16/new-domain- 
name-renewal-scam-hits-inoxes/>

------------------------------------
Let us know how we're doing
------------------------------------

Do you find this communication helpful?  Are there other items of  
interest you would like to see included as well?  Please take a  
moment to let us know. <ist-security-fyi-owner at mit.edu>

Thank you,

Monique
=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security