Thursday, March 21, 2013 - 20:04

Today Apple has (very wisely) introduced two-factor authentication for Apple IDs and iCloud accounts. Considering the level of access that iCloud provides to connected devices and the storage of financial data in iTunes/the Apple Store, the IT Security OFfice strongly encourages enabling the second factor if you use either of these types of accounts with Apple.


Lots of details can be found here:




Friday, January 25, 2013 - 07:50

January 28th is known as Data Privacy Day.  This should be of interest because of the erosion of privacy online.  Every year, we see more data breaches affecting our personal data (e.g. SSNs, medical information, or passwords), and we see companies increase their efforts to take advantage of our online presence for advertising or building demographic data.  Earlier this month Facebook launched a new "feature" called Graph, which they termed a social search engine.  The concept is that Facebook will use data that you have associated in your Facebook account to build a database that can be searched.  Want to find bicyclers in your area?  No problem.  What about who liked a product?  Sure.  What about married people?  Getting a bit more creepy.  While Facebooks says they will honor privacy settings, at what point do they enable it for "private" data as well as the data you have made broadly available?


This is just one example in the ongoing debate over how much the Internet and social media have eroded our individual privacy...and if we really care that it has done so.  Does it really matter that anyone on the Internet knows what you bought on Amazon or where you live?  Or do you care that the picture of your late-night adventure is out there for potential employers to find?  As the line blurs between personal and public, these are questions that can only be answered on an individual basis, but it would certainly be good to have the tools necessary to protect our online identities.


As a part of Data Privacy Day, you can download a free version of lol...OMG.  The book is a great resource for parents (and students!) about online reputations, digital citizenship, and cyberbullying.  From the book description:


The ease with which digital content can be shared online, in addition to its many benefits, has created a host of problems for today’s high school students. All too often, students are uploading, updating, posting and publishing without giving a second thought to who might see their content or how it might be perceived. 


lol…OMG! provides a cautionary look at the many ways that today’s students are experiencing the unanticipated negative consequences of their digital decisions – from lost job opportunities and denied college and graduate school admissions to full-blown national scandals. It also examines how technology is allowing students to bully one another in new and disturbing ways, and why students are often crueler online than in person. By using real-life case studies and offering actionable strategies and best practices, this book empowers students to clean up and maintain a positive online presence, and to become responsible digital citizens.


If you are interested in another way to think about data privacy, check out Obscurity: A Better Way to Think About Your Data Than "Privacy" from the Atlantic.




Monday, January 14, 2013 - 15:13

Last week, security researchers announced that they had found a new security issue in Java that is currently being exploited by at least two crime groups, attempting to harvest identity and financial information.  The security issue, also known as a 0-day attack (because no patch existed for it), allows attackers to put code on websites that will execute on an unsuspecting user's computer should they visit that website.  Read on for details on patching Java and more importantly, removing Java from web-browsers.


Oracle has released a patch to update Java, and we strongly encourage our community to update their Java software as soon as possible.  However, there are concerns that the patch (as well as the continued issues with Java) does not completely protect end-users when browsing the web.  Therefore, we highly recommend disabling Java in your browser immediately.  Will this affect your web browing habits?  Chances are, probably not.  Less than .2% of all websites require java to be enabled in the browser.  And, disabling Java in your browser will not prevent you from running Java applications on your computer.  


Oracle has published instructions on how to disable Java, and here is a quick rundown from their instructions:


Internet Explorer
The only way to completely disable Java in Internet Explorer (IE) is to disable Java through the Java Control Panel
  1. Click on the Chrome menu, and then select Settings.
  2. At the bottom of Settings window, click Show advanced settings
  3. Scroll down to the Privacy section and click on Content Settings.
  4. In the Content Settings panel, scroll down to the Plug-ins section.
  5. Under the Plug-ins section, click Disable individual plug-ins.
  6. In the Plugins panel, scroll to the Java section. Click Disable to disable the Java Plug-in.
  7. Close and restart the browser to enable the changes.
  8. Note: Alternatively, you can access the Plug-ins settings by typing about:plugins in the browser address bar.
  1. Click on the Firefox tab and then select Add-ons
  2. In the Add-ons Manager window, select Plugins
  3. Click Java (TM) Platform plugin to select it
  4. Click Disable (if the button displays Enable then Java is already disabled)
  1. Choose Safari Preferences
  2. Choose the Security option
  3. Deselect Enable Java
  4. Close Safari Preferences window