Skip to Navigation | Skip to Content

ITS News

search the news

Your source for the latest news about computing and networking at NYU. See the About ITS section for more about this blog.

Categories

Archives

Recent Posts

Subscribe to this blog's feed »

May 22, 2015

New NYU Box service now available!

NYU Box is a new, secure content sharing and collaboration service that is approved for all data, and especially for storing sensitive and restricted data. This service is now automatically available to all NYU faculty and full-time staff at all NYU locations. Visit www.nyu.edu/its/box/ for more information.

May 13, 2015

Spear Phishing Advisory

In recent days, a high number of spear phishing attacks have been targeted at NYU accounts. Spear phishing is different from generic phishing where an attacker seeks credentials within a specific domain or organization, typically to gain access to organizational resources such as LexisNexis and other paid subscription services, or confidential data.

Spear phishing, as with all phishing, is often easily recognized by consistent use of poor grammar, spelling, and punctuation, in addition to formatting errors usually resulting from the automatic nature of generating these emails. Naturally, this will not always be the case, so it is imperative to be on guard, and as always, follow TSS's recommended safe browsing recommendations. Additionally, phishing often employs unusually strong language that is designed to override a sense of caution and get you to act without thinking too carefully. Note some of these traits in the emails included below.

Avoid clicking on links or downloading files in email, particularly when the source is suspect, as certain vulnerabilities may allow your credentials to be compromised simply by visiting certain links. When properly formatted and viewed in HTML format, it is easy to conceal a fake link beneath what appears to be a legitimate one.

Further, do not automatically assume that an email that appears to be from a trusted person is necessarily from them, including other NYU users. Red flags that may clue you in to a possible phishing include unexpected attachments or web links, or unusual language from the sender. Though we may like to believe otherwise, it is unlikely your director will tell you that they love you.

The emails included with this alert have been sanitized to prevent users from visiting the fraudulent sites in question, but are otherwise unedited. If you believe that you submitted your credentials to a phishing site, change your passwords to all NYU credentials, and send an email to security@nyu.edu immediately.

Sample #1:

Dear User,

The following alert has been posted to your username@nyu.edu, Regarding an unauthorized access to your account:

*Confidential Alert*

We implore you to follow our secure <http://www.fakenyudomain.net/www.nyu.edu.html > to confirm your details to avoid account suspended from our system.

Thank you .

New York University Customer Service

Sample #2:

I'm sharing some documents with you through Google Docs. Keep me informed

on your thought and advice on our specification.

[image: Microsoft Excel (.xlsx)]

Download Document < http://fakenyudomain.com/doc/ >

View Document < http://fakenyudomain.com/doc/ >

Thank you,

NYU User

April 30, 2015

Nepal Earthquake Disaster Email Scams (Alert)

In the aftermath of the devastating earthquake in Nepal, just like major disasters before it, human nature is often at its best, but for some, it is at its worst. Following major disasters, scammers usually send out floods of email in an attempt to either solicit donations for fake charities, or else to lure users into clicking links containing malware or responding to phishing attempts.

NYU encourages users to take the following measures to protect themselves:

If you believe you have already fallen victim to one of these scams, take appropriate action to mitigate risk to yourself. If you responded to a phishing email, change the passwords for accounts associated with your responses and monitor for any suspicious activity from your accounts. If you gave money to what you believe to be a fraudulent charity, contact your banking institution for advice on how to prevent or reverse any unapproved transactions. Finally, scan your computer for any possible infections using an antivirus program such as Symantec Endpoint Protection, available to most NYU community members on the AskITS page of NYUHome.

If you have additional questions, please contact NYU IT Technology Security Services.

April 16, 2015

Microsoft Security Vulnerabilities

On Tuesday, Microsoft identified two major vulnerabilities in the Windows operating system, in addition to other Microsoft products and non-critical updates. One vulnerability in particular exploits common system components for every major release of Windows since 95 and through Windows 10 (still in development) which can be used to retrieve Windows login credentials (username and password). These credentials can then be cracked in less than a day using moderate resources by an attacker. As of right now, there has been no patch for this vulnerability, identified as "Redirect to SMB." To mitigate the risk posed by this vulnerability, TSS recommends following safe browsing and computing procedures. Do not click on links in unsolicited emails, and note the path of any link you click on while browsing the Internet. The vulnerability will exploit links that begin with "file://".

For more on this vulnerability, you can read here: www.computing.co.uk/ctg/news/2403924/windows-redirect-to-smb-exploit-could-affect-millions-say-security-researchers

As a reminder, Microsoft no longer supports versions of Windows older than Vista (i.e., Windows 95, 98, 2000, ME, and XP). If you are still using a version of Windows that is unsupported by Microsoft, these vulnerabilities, as well as any newly discovered ones going forward will remain unpatched. NYU TSS strongly recommends that you upgrade your operating system immediately by purchasing a new version of Windows or a new computer.

March 18, 2015

New Articles on a New Connect

Connect: Information Technology at NYU has a new look, a new URL, and new articles. Connect is happy to be using NYU's new Web Publishing service, and as part of our relaunch, we have four new articles recently posted.

  • Student-Led Space Combines Tech and Design Thinking for Social Good
    Bolstered by funding from an Amplify grant sponsored by UK development agency the Department for International Development, Design Tinkering members are currently collaborating with the Nepal-based NGO, Women for Human Rights (WHR), to implement their winning OpenIDEO idea, the Community Concierge Program. “From the research phase, we learned that safety issues were often deeply intertwined with women’s empowerment,” says Gopi. “We also found that empowering women can come through information, connections, and a sense of community and financial independence. Working with WHR, it became clear that safety and empowerment particularly affected newcomers in a community.”
  • Social Engineering Attacks and How You Can Protect Yourself
    Within the context of information security, social engineering is a method of psychological manipulation used to trick people into divulging confidential information. It is often used to gather secure information, commit fraud, or obtain system and even physical facility access. Think of it as voice-to-voice (or even face-to-face) phishing or “human hacking.” Hackers target their victims through phishing emails; phone calls; mail and email; text messages; or by convincing someone to click a link, open an attachment, or navigate to a malicious website.
  • Bringing Arabic Books to the Digital World
    One of the most exciting digital developments in the world of scholarship and research is the ability to scan and archive texts and make them available online. The NYU Libraries currently host thousands upon thousands of e-books, millions of full-text articles, and access to thousands of e-journal publications. Recently, a group of researchers at NYU and other universities added their own efforts to the pool of knowledge by making some 10,000 titles available—all online, and all in Arabic.
  • Mobile Apps Foster a New Learning Experience at Stern
    For most students, orientation means sitting through hours of presentations and speeches. At NYU Stern’s MBA program, it’s a little bit different. Since 2013, new students participate in the Langone Lab, a two-day experiential program. Students participate in a design-thinking experience where they use cutting-edge mobile technology and applications to come up with actual product prototypes that they present to professors and peers.