Skip to Navigation | Skip to Content

ITS News

search the news

Your source for the latest news about computing and networking at NYU. See the About ITS section for more about this blog.

Categories

Archives

Recent Posts

Subscribe to this blog's feed »

February 24, 2015

TA15-051A: Lenovo Superfish Adware Vulnerable to HTTPS Spoofing

Summary:
A piece of pre-installed adware (Superfish) on recently purchased Lenovo consumer PCs can allow an attacker to view normally secured web communications.

What Does This Mean For Me:
This software may expose web mail, banking, and shopping transactions and information, and more, regardless of which web browser (Internet Explorer, Chrome, Firefox, etc) you are using.

Detailed Description:
Adware (software designed to intercept user data for advertising purposes) that was preinstalled by Lenovo, Superfish, is vulnerable to being redirected to a malicious server, used to collect private information. The nature of this vulnerability means that your information is acquired before it is encrypted by your browser, known as a "Man-in-the-Middle" attack. Lenovo itself has "shut off" the data collection on its own servers, but the software remains vulnerable to malicious third parties. This attack bypasses even secured connections (HTTPS). Follow the directions below under the Solution section to remove Superfish and its supporting software.

For more information on this alert and Lenovo's response, the following CNET article is included for reference:
Lenovo's Superfish security snafu blows up in its face

Technical Details:
Alert (TA15-051A) Lenovo Superfish Adware Vulnerable to HTTPS Spoofing

Solution:
Remove the Superfish adware and its associated components.

Removal Instructions (Automatic):
1) Download the automatic removal tool from Lenovo, located here:
Superfish Automatic Removal Tool
2) Locate the downloaded file, and run the program.
3) Click "Analyze and Remove Superfish Now." You will be prompted to close any open browsers. Wait while the program runs.
4) At the conclusion of the scan, the tool will indicate whether or not Superfish was identified on your system, and what action was taken.

Removal Instructions (Manual):
Lenovo has provided a detailed set of instructions for removal here:
Superfish Uninstall Instructions
Alternatively, Naked Security, a cyber-security blog run by the antivirus firm Sophos, has also provided their own removal instructions if you prefer:
How to Get Rid of the Lenovo "Superfish" Adware

February 18, 2015

*New York University Email Alert [Code: 3141]* phishing scam

There are new reports about a phishing message that purports to come from "New York University Technical Service " The phishing message claims "Dear User, The following alert has been posted to your webmail account regarding an unauthorized access to your account," and instructs the recipient to click on a web link. An adjacent URL takes victims to a malicious website that requests, amongst other things, the NetID and password. This message is a forgery and should be deleted immediately.

Continue reading "*New York University Email Alert [Code: 3141]* phishing scam" »

February 06, 2015

Nominate a Student for a $500 NYU IT Computing Prize

NYU IT and the Courant Institute of Mathematical Sciences (CIMS) annually sponsor two student computing prizes: the Max Goldstein Prize and the George Sadowsky Award. Nominations are open until the dates specified below, and can be submitted by any NYU community member.

The Max Goldstein Prize of $500 is awarded to an NYU undergraduate who has applied computing in a creative and practical way to improve the academic, cultural, or social life of the NYU community. Please send nominations—including the student's full name, school, and class year, your relationship to the nominee, and a brief description of his/her accomplishments—to maxgoldsteinprize-group@nyu.edu by Sunday, March 8 at midnight ET.

The George Sadowsky Award of $500 is awarded to an undergraduate or graduate student who exhibits exemplary innovation in using the Internet for community service. Please send nominations—including the student's full name, school, and class year, your relationship to the nominee, and a brief description of his/her accomplishments (including the website address)—to sadowskyaward-group@nyu.edu by Sunday, March 8 at midnight ET.

February 05, 2015

A Note On Illegal Downloading

Marilyn McMillan, Vice President, Information Technology & Chief Information Technology Officer

A large percentage of people who use the Internet have downloaded music or movies. And most of the individuals who download these files—through paid services, file-sharing applications, or peer-to-peer networks—by now are aware of how prominent the issue of illegal downloading has become.

The University's stance on this issue is simple: using your computer to download or distribute copyrighted material illegally is impermissible, and you should not do it. Be aware: some applications for downloading music, movies and other files actually turn your computer into a server, allowing it to be used for distributing copyrighted material. If you are doing illegal downloads or distributions now or have done so, you should stop.

The music industry thus far has principally targeted those whose computers distribute illegally downloaded music, rather those who simply download. The Recording Industry Association of America (RIAA) is using the legal tools provided by the U. S. Digital Millennium Copyright Act (DMCA) of 1998. When a copyright complaint is received, the student responsible for the network address listed in the complaint is notified by email and sent a copy of the complaint. The student is asked to review NYU's policies, and to confirm in writing that s/he will abide by them. If the student does not respond, his/her network connection is blocked. If there are repeated incidents, the matter then is referred to the student judicial process. A range of penalties is available within the judicial process; the specific penalty depends upon the result of that process and may include suspension of account privileges. If the RIAA believes you are involved in illegal downloads or distribution of copyrighted materials and submits a valid subpoena to NYU seeking your identity, the University will comply with the subpoena and furnish your name and contact information to the RIAA's lawyers.

Federal copyright law itself includes a range of penalties, from $750-$130,000 per infringed work, or as much as $150,000 per work, if the infringement is deemed "willful". See Copyright Law of the United States of America (www.copyright.gov/title17/92chap5.html). A claim of "fair use" can be used as a defense against a claim of infringement, see Limitations on exclusive rights: Fair use (www.copyright.gov/title17/92chap1.pdf), the NYU guide to copyright law as it relates to academic research, teaching, and publication (library.nyu.edu/copyright/), NYU's Copyright and Fair Use resource (www.nyu.edu/footer/copyright-and-fair-use.html), and NYU's Statement of Policy and Guidelines on Educational and Research Uses of Copyrighted Materials (www.nyu.edu/content/dam/nyu/compliance/documents/
CopyrightedMaterials.1.6.14.pdf
). There may also be criminal penalties for willful copying of a work for profit or financial gain, or if the work has a value of more than $1,000. Penalties can include a one-year jail sentence plus fines. If the value is more than $2,500, you may be sentenced to five years in jail plus fines. Criminal penalties generally apply to large-scale commercial piracy.

We know that illegal downloading of music is a widespread practice. It has become an international phenomenon, one that is hardly confined to college campuses. Its allure is clear: why would you pay for something—a song to load on your MP3 player or a movie to load on your laptop—when you can get it for free with a little exploration and few keystrokes? And why would you not share something for free with friends?

In answering those questions, the University appeals to what Abraham Lincoln once called "the better angels" of your nature and to your commitment to the culture of scholarship.

As communities of scholars and learners, research universities—such as NYU—have two primary missions: to educate students and to create knowledge. This latter mission involves the production of original scholarship and research. Accordingly it is accompanied by an enormous respect for proper recognition being given to the creator of those ideas and knowledge. In higher education, it is considered a grave act to take another's work without permission or attribution. At NYU, which also has large and renowned programs in the arts, this respect extends to the creation of new art.

Few in this community would uphold shoplifting CDs from a record store. And few would be content to see their own work—a paper, for instance, or a journal article, or a term project in a course—taken by someone else and used without permission.

Yet, in reality, that is what you do when you download copyrighted files illegally. However you may feel about the music or film industry or about their responses to piracy, when you download copyrighted files without permission, you are stealing the work of a director or a producer or an artist. It is not only wrong; it puts you at legal risk.

The Internet has brought unimaginable access to information and extraordinary flexibility and opportunities for exploration and communication. NYU wants you to take advantage of all that. But, just as you abide by certain standards of behavior for scholarship and for University life, so, too, should you abide by high standards when it comes to the intellectual property of others on the Internet.

Originally posted: March 2007. Updated: February 2015.

Editor's Note: For more information about peer-to-peer file sharing, including NYU's policies and procedures regarding the practice, see www.nyu.edu/its/p2p/.

February 02, 2015

Web Publishing & NYU Classes support clinics & intro sessions

Web Publishing Intro Sessions

Web Publishing introductory sessions are now available on Thursdays from 11-noon to assist you in getting started with the NYU Web Publishing service, powered by WordPress. The sessions are offered at Bobst Library, room 509; no need to make an appointment!

Walk-in support clinics for NYU Classes & Web Publishing

Walk-in support clinics are now available to assist you in the use of NYU Web Publishing and NYU Classes. The clinics are offered every Monday from 2-4pm at Bobst Library, room 509. Drop by for in-person help from the Web Publishing & NYU Classes service teams; no need to make an appointment!

Additional Web Publishing & NYU Classes resources include: