Archive for 2013

Ransomware Infections on the Rise.

by in , , , , , , , , , , ,

In a recent news release by US-CERT, the United States Computer Emergency Readiness Team, US-CERT stated they are aware of a malware campaign that surfaced in 2013 and is associated with an increasing number of ransomware infections. CryptoLocker, a new variant of ransomware, restricts access to infected computers and demands the victim provide a payment to the attackers in order to decrypt and recover their files.  As of this time the primary means of infection appears to be phishing emails containing malicious attachments.

Everyone who makes use of computer systems, including email, should be on guard for these types of malware infection attempts.  In many cases the email will appear to be legitimate and harmless but you need to ask yourself if you were expecting this communication, and if not, contact the sender to make sure it's legitimate.

To help mitigate any loss of data should you fall victim to this infection, you should take regular backups of your system and store your important files onto your file server which is backed up regularly.

To get more information about CryptoLocker, follow this link to the US_CERT website and think before you click!

View Award Winning National Cyber Security Awareness Month Videos Available for Viewing

by in

Come celebrate National Cyber Security Awareness Month by viewing some of the 2013 award winning videos and public service announcements that cover security topics everyone should be aware of.

While your at it, why don't you also view some of the previous year's winning videos and public service announcements which can be found here.



October is National Cyber Security Awareness Month (NCSAM)!

by in , , , , , , , , , , , ,


Each and every one of us needs to do our part to make sure that our online lives are kept safe and secure. That's what National Cyber Security Awareness Month—observed in October —is all about!

Please take the time to review some of our resources available to help you become more aware of the current landscape for cyber-threats.




Think you deleted that file from your system? Think again!

by in , , , , , , , ,

new video released by SANS.org this month titled "Data Destruction" will help you learn just how difficult it is to truly delete data, and that it actually requires a process called wiping.

Print from your mobile phone, tablet or laptop

by in , , ,

In case you missed the announcement in the August 22 issue of Wavelength, Technology & Communication is very pleased to announce a new service which enables students and employees to print documents from their mobile phone, tablet, or laptop.

Printing from any of these devices is a simple, 3-step process:

  1. Attach any documents you want to print to an email from your official CI email address and send the email & attachments to:
    PrintBW@csuci.edu for black-and-white printing; OR
    PrintCOLOR@csuci.edu for color printing

  2. You'll receive an automated email reply from "Pharos Mobile Printing" confirming that your document is ready to be released.
  3. Finally, go to any MobilePrint-compatible printer on campus and release your print job using your DolphinOne Card
MobilePrint-compatible printers are located throughout Broome Library and many other spaces on campus.
You must complete the release of your print job at a MobilePrint printer within 2 hours, otherwise you'll need to re-send via email again (as described in Step #1 above).

Need more information? Visit the T&C Mobile Printing web page

How to spot a phishing email.

by in , , , , , , , , , ,

With the recent flurry of phishing emails being received these days I thought I would post this quick guide to assist you in determining if the email you received may actually be a phishing email.

It could be a phishing email if:

  • There are misspelled words in the email or it contains poor grammar.
  • The message is asking for personally identifiable information (PII), such as credit card numbers, account numbers, passwords, PIN's or Social Security Number.
  • There are "threats" or alarming statements that create a sense of urgency.  For example: "Your account will be locked until we hear from you" or "We have noticed activity on your account from a foreign IP address".
  • The domain name in the message isn't the one you're used to seeing.  It's usually close to the real domain name but not exact.  For example:
    • Phishing Website:  www.regionsbanking.com
    • Real Website:  www.regions.com

Beware of Texting Hacks and Scams

by in , , , , , , , ,

You get a text message claiming your email account has been hacked. The message asks you to text back in order to reactivate your account. Has your account really been hacked, or is this a scam?  Read this short article to see what you should do if this happens to you.

Protect Yourself When Using Cloud Services

by in , , , , , , , ,

In simplest terms, cloud computing is a subscription-based or free service where you can obtain networked storage space and other computer resources through via the Internet. While these systems may remove the need for owning physical components, they also introduce new risks to your information. Before you float your digital assets to the cloud, make sure you take the appropriate steps to protect yourself.

Know your needs. Before you start, make sure you carefully plan what your security and privacy needs are. This includes knowing what your legal and regulatory requirements are for protecting data.
Read the contracts. End User License Agreements and Service Level Agreements are important because they describe the terms and conditions of the cloud service. If you're not sure of what they do or do not provide, contact the provider to clarify the services.
Protect Your Machine. Enable your firewall, use anti-virus/malware and anti-spyware software.
Protect your data. Don't store unencrypted sensitive information in the cloud. You don't know with whom you're sharing the cloud!

Scan Your Computer

by in , , , , , , , ,


Once an anti-virus and/or anti-spyware package has been installed on your computer, you should scan your entire computer periodically. If your anti-virus package has the ability to automatically scan specific files or directories and prompt you at set intervals to perform complete scans, enable this feature.

What can I do to protect my computer?

  • Don't click on pop-up ads that advertise anti-virus or anti-spyware programs 
  • Use and regularly update firewalls, anti-virus, and anti-spyware programs 
  • Properly configure and patch operating systems, browsers, and other software programs. 
  • Turn off ActiveX and Scripting, or prompt for their use.
    For more information, please visit:

    CI's use of Social Media in an emergency

    by Anonymous in ,

    I recently came across a blog post by a graduate student at San Jose State discussing our approach to social media during the Springs Fire. Take a look.

    Network Groupshares are now Available

    by in , , , ,

    The issue with our groupshares has been identified and corrected.  The parties who had their workstations affected have been contacted and are in the process of having their workstations corrected.    No data was lost as a result of this issue.

    Network groupshares are now available.  Public drive Z:/ will not be available until Noon today.

    Network Groupshares Currently Unavailable

    by in ,


    The following network groupshare drives are currently offline, G:\, H:\ and Z:\ drives. T&C Infrastructure is currently researching the issue. Please navigate to the T&C Information Security web page for status updates. The next update is scheduled for 9:00 AM unless the issue is resolved before then.

    New Cloud Security Awareness Video Now Available.

    by in , , , , , , , , ,

    new video released by SANS.org is available this month to help you learn what the cloud is and how you can use it securely.

    Mobile Users: watch "Mobile Campus" episode #2

    by in , , , ,

    About 2 weeks ago, we introduced a new video series about making CI more mobile-friendly.

    In Episode 2, we discuss mobile users, as well as some of the challenges they face, and how to keep them happy.



    What other challenges face mobile users at CI? Share your thoughts here, and stay tuned for more episodes!

    New Social Networking Security Awareness Video Now Available

    by in , , , , ,

    A new video released by SANS.org is available this month to help you learn some of the most common risks of online social networking and the steps you can take to protect yourself and your family.

    3 Questions

    by Anonymous

    I was recently interviewed for a blog "Simplicity 2.0" - if you're interested, you can see the results here.

    - Michael Berman

    April 2013 - secureCI Monthly Security Newsletter Now Available

    by in , , , ,

    secureCI, CI's monthly information security awareness newsletter is now available for viewing. Please follow this link to view the April issue of secureCI.

    The Mobile Campus - new T&C video series

    by in , , ,

    In March 2013, the Division of Technology & Communication (T&C)  hosted the first Open Forum on Mobile Strategy and "unconference".

    The lively discussion at the forum emphasized the varying levels of awareness of mobile concepts and strategies by members of the CI community. Three themes recurred frequently in discussions:
    • "Keeping up with the rate of change for [mobile] technology"
    • building a "baseline of commonplace knowledge" for what works well on mobile devices (and what doesn't); and
    • providing "simple steps to get started" for users and organizations that want to "go mobile"
    To help introduce mobile concepts and terminology to the CI community, T&C is pleased to introduce a new video series of short episodes about making CI a more mobile-friendly place. These videos will be hosted on a new "Mobile Strategy" web site, along with news and other resources related to mobile technology at CI.

    What does "mobile" mean anyway?  In short, it's about a lot more than just mobile devices. Watch our first episode (about 2 minutes) about how we define what "mobile" means: 

    Don't Get Caught by an IRS Phishing Scam!

    by in , , ,

    As we near "Tax Day 2013", many spamming and phishing groups are increasing their attempts to try and get at your personal information.  Please be sure to execute caution before responding to any email claiming to be from the IRS or any other government group and think before clicking that link.  

    Wireless Hotspots... Limit Activity to Web Surfing Only!

    by in , , , ,

    View today's CI Information Security Awareness blog post to see why you should use caution before connecting and using a free open wireless hotspot!

    IRS Releases the Dirty Dozen Tax Scams for 2013

    by in , , , , , ,

    View today's CI Information Security Awareness blog post to read about the IRS "Dirty Dozen" Tax Scams for 2013.

    Be careful with cyber-cafe computers.

    by in , , , , ,

    Cyber-cafe's offer a convenient way to use a networked computer when you're away from home or office. But be careful though. It's impossible for an ordinary user to tell what the state of security on those computers might be. Since anyone can use them for anything, they've probably been exposed to viruses, worms, Trojans, keyloggers, and other nasty malware. Should you use them at all? They're okay for casual web browsing, but they're NOT okay for connecting to your email, which may contain personal information; to any secure system, like the network or server at your office, bank or credit union; or for shopping online.

    CI Mobile Forum - notes from proceedings

    by in , , , ,



    On Thursday March 14, 27 students, faculty and staff met for the CI Open Forum on Mobile Strategy, and engaged in lively and thoughtful discussion of the challenges and opportunities CI faces in building a mobile campus and the future of mobile technology at CI.  

    You can view notes from the mobile strategy forum and “unconference” proceedings.

    As requested by forum participants, we’ll be sharing some narrated videos about mobile terminology, concepts and considerations on this same web site in the near future.

    In the meanwhile, if you have any further thoughts, questions or comments about making CI more mobile-friendly, please feel free to contact Peter Mosinskis at peter.mosinskis@csuci.edu.


    March 2013 - secureCI Monthly Security Newsletter Now Available

    by in , , , ,

    secureCI, CI's monthly information security awareness newsletter is now available for viewing. Please follow this link to view the March issue of secureCI.

    Future of Mobile Technology at CI - RSVP Today!

    by in , , , ,

    What does it mean to have a mobile campus, and what will it take for CI to get there? 

     The Division of Technology & Communication (T&C) is pleased to invite students, faculty, staff and members of the community to join CI leaders, technology professionals and mobile technology enthusiasts for an interactive discussion on the future of mobile technology at CI.

    Bring your laptop, tablet or smartphone to the forum; there will be opportunities for live mobile collaboration. Feel free to invite a friend!

    Light refreshments will be served.

    Date: Thursday, March 14, 2013
    Time: 10:00am - 12:00pm
    Location: Broome Library 1360
    Who: anyone interested in mobile technology and campus strategy

    Please RSVP by Thursday, March 7 using our RSVP form.

    Please contact Peter Mosinskis, Director of IT Strategy, at peter.mosinskis@csuci.edu, or call 805-437-8587 with any questions. We look forward to seeing you at the event. 

     In the meanwhile, feel free to post your thoughts about how mobile technology is shaping the way you learn, work and live at CI. 

    Evernote Compromised, But Says No User Data Affected

    by in , , , ,

    For those who use Evernote, the online service that enables users to store and sync all kinds of data across multiple devices, please view this information concerning the recent intrusion that occurred there.


    If your browser questions a website's security, stop, think, and verify.

    by in , , , ,

    When visiting "https://" secure sites of banks and online shopping retailers, you may see onscreen warnings such as "There is a problem with the website's security certificate" or "Secure Connection Failed." Don't just click through to continue, or make a "one time" exception. The warning may only indicate that there is a harmless temporary problem with the site or with the network, but it can also mean that the site is bogus or has been compromised by hackers, and someone is listening in on your conversation with your bank or retailer.

    Be smart. Contact your bank or retailer by phone and find out if they know about a problem with their website or the network. Don't be the next victim of fraud.

    How to Spot a Phishing Scam

    by in , , , ,

    We've all received them, emails from a seemingly trusted source like a bank, delivery company or even your own place of employment, claiming there was some type of issue or another requiring you to offer up some personal information or to click on a link or button to help clear the issue up. If you receive an email similar to this DO NOT CLICK ON ANY LINK OR OFFER UP ANY INFORMATION! 


    This is a common form of security attack called a phishing or spear phishing scam.

    Groups attempting to steal personal information will often use e-mails that appear to originate from a trusted source to try and trick a user into entering valid credentials at a fake website. Typically the e-mail and the web site look like they are part of a bank or some other organization the user is doing business with.

    For example, it could be a phishing email if...
    • There are misspelled words in the e-mail or it contains poor grammar. 
    • The message is asking for personally identifiable information, such as credit card numbers, account numbers, passwords, PINs or Social Security Numbers. 
    • There are "threats" or alarming statements that create a sense of urgency. For example: "Your account will be locked until we hear from you" or "We have noticed activity on your account from a foreign IP address." 
    • The domain name in the message isn't the one you're used to seeing. It's usually close to the real domain name but not exact. For example: 
      • Phishing website: www.regionsbanking.com 
      • Real website: www.regions.com
    If you receive an email like this and you think it may be fraudulent, please report it immediately to the T&C Helpdesk at X8552, helpdesk@csuci.edu, or infosec@csuci.edu. Our technicians will assist you and instruct you on how to effectively remove it.

    Please remember... nobody from T&C will ever ask you for any personal information, including your password!

    President Obama Signs Cybersecurity Executive Order

    by in , ,

    The executive order that President Barack Obama signed on February 12th in advance of his State of the Union Address contains a lot of provisions for information sharing on attacks and threats on critical infrastructure, and also calls for the development of a framework to reduce cybersecurity risks in federal agencies and critical infrastructure. 

    Read the executive order on cybersecurity and see what is identified as mandated and what is being classified aside as volunteer initiatives.

    ThreatPost has additional information about this executive order.

    A password should only be used by one person.

    by in , , , ,

    Passwords are like bubble gum, they're much better when used by only one person. If you share your computer with others, each person should have a unique account, username, and password. Don't allow another user to know or use your password, and don't ask another user if you can use theirs. When it's your turn to use the computer, log the last user off, and then log on using your own username and password. When you take a break, don't leave your computer open. Log off or lock it, and remember, passwords shorter than 8 characters are easy to crack. Avoid common words, proper names, and use both uppercase and lowercase letters, numbers, and symbols when creating your password.

    CI Open Forum on Mobile Strategy

    by in , , ,

    The Division of Technology & Communication (T&C) is pleased to invite students, faculty, staff and members of the community to join CI leaders, technology professionals and mobile technology enthusiasts for an interactive discussion on the future of mobile technology at CI.

    Bring your laptop, tablet or smartphone to the forum; there will be opportunities for live mobile collaboration. Feel free to invite a friend!

    Light refreshments will be served.

    Date: Thursday, March 14, 2013
    Time: 10:00am - 12:00pm
    Location: Broome Library 1360
    Who: anyone interested in mobile technology and campus strategy

    Please RSVP by Thursday, March 7 using our RSVP form.

    Please contact Peter Mosinskis, Director of IT Strategy, at peter.mosinskis@csuci.edu, or call 805-437-8587 with any questions. We look forward to seeing you at the event.

    We're now in Solano!

    by Anonymous in

    Most of the Technology & Communication staff are now located in Solano 2. (The Help Desk and some of the direct support team are still located in Broome Library, Sage Hall, Madera, and Bell Tower.) We really appreciate having this great space to do our work. Feel free to come by and say hello!

    Teaching with Technology News

    by Anonymous

    About a year ago, Jill Leafstedt created a "Scoop It" page to post links to interesting articles and blog posts about Teaching with Technology. Generously, she has allowed me to contribute to it as well. There has been so much news related to this area in recent weeks! If you're interested, take a look and sign up for the page - we hope you find it useful: http://www.scoop.it/t/blended-learning-csuci

    January 2013 - secureCI Monthly Security Newsletter Now Available

    by in , ,

    secureCI, CI's monthly information security awareness newsletter is now available for viewing. Please follow this link to view the January issue of secureCI.

    Sharing Documents in CI Docs

    by in , , ,

    CI Docs is a powerful service for creating and collaborating on documents, spreadsheets and presentations within the CI community.


    The powerful sharing features in CI Docs enable users to share documents with one or more CI students, faculty and staff for real-time collaboration. It's just as easy for CI Docs users to share their documents with friends and colleagues outside of CI. 

    Want to learn more? Take a look at the brief guide on how to share documents using CI Docs. We'll be publishing additional guides to using CI Docs throughout the spring 2013 semester. 

    New Privacy Awareness Video Now Available!

    by in ,

    SANS and EDUCAUSE have developed a free privacy awareness video that colleges and universities can use during Data Privacy Month in January, and throughout the year, in their privacy education and training efforts. High and low resolution versions of the video are available.

    Attackers Using Fake Chrome Updates to Lure Victims

    by in , ,

    Google patched nearly two dozen security vulnerabilities in Chrome on Thursday and a day later attackers have begun circulating fake Google Chrome updates that actually are part of a scam related to the Zeus botnet and is designed to steal online banking credentials, among other things.  Follow this link to view the full article from Threatpost.

    The Year Ahead in IT, 2013

    by Anonymous in ,

    From Lev Gonick, formerly of Cal Poly Pomona and CSU Monterey Bay and now CIO at Case Western University, comes this excellent essay - http://www.insidehighered.com/views/2013/01/03/predictions-about-higher-ed-technology-2013-essay.

    Security Vulnerability Found in Microsoft's Internet Explorer

    by in , , ,

    Internet Explorer users beware, there is a new zero day (previously unknown, unpatched vulnerability) attack targeting your browser.  Follow this link to view the details and what you can do at this time.