Monday, October 22, 2012 - 13:42


Many Duke employees and students connect to Duke systems from personal machines. How are they making sure their systems don’t transmit malware, share passwords, or allow Duke data to be stolen while they’re connected?


First, they’re following the steps in our previous blog post (link: National Cyber Security Awareness Month is here!) and in this document: Those steps will help protect the home machine against being infected with or transmitting malware.

Second, they use the university’s VPN ( to create a secure connection to Duke that cannot be eavesdropped on. 


And third, they’re aware of the Duke Data Classification standard and the IT Security Office technical standards, which help Duke users know how to classify data and identify the controls required to protect Sensitive and Restricted Duke data.  Join them in staying safe and keeping Duke safe. And enter to win an iPad 3 or Nexus tablet from the University IT Security Office by taking our quiz (, and updating and strengthening your NetID password and updating your challenge questions at Complete all three tasks and you’ll be entered to win!

Wednesday, October 17, 2012 - 14:59

Did you know that if you are an iPhone, iPad, or iPod Touch user and have upgraded to iOS 6, your device is tracking you?  With iOS 6, Apple introduced a new tracking technology called IFA, or Identifier for Advertisers.  According to CSO Online:

"Apple's iOS6 will track pretty much every detail of your online activities -- what websites you visit, where you go to eat, what apps you download, where you shop and what you look to buy, what movies or TV shows you stream, what kind of social and professional networking you do, where you're going when you ask for directions, and more."
What's more, is that the "feature" is enabled by default and must be disabled by the user in order to opt out of the tracking.  To do so, navigate to Settings -> General -> About ->Advertising (bottom of the list) and turn Limit Ad Tracking to ON.  However, even if you do turn it on, the phone may still be performing limited tracking of your online habits:
"Our guess based on what we have seen is that [IFA] are not completely off. It is possible that your search and browsing habits are still tracked, but that that IFA no longer tracks the purchase or download like it did before," he wrote. "We are sure that there are people out there working on ways to exploit IFA and get more than it was intended to offer ... after all the mobile market is now a major space for advertising."




Monday, October 15, 2012 - 09:34

Can you tell the difference between a scam site that is attempting to get your personal information versus the real site?  Head over to OpenDNS's Phishing Quiz and see how you do.  This is an excellent test to help you understand how to tell real websites from the scam sites:


The quiz can help you improve your immunity to phishing, and you should remember that phishing and malware scams could take the form of:


  • Electronic greeting cards
  • Requests for charitable contributions
  • Order confirmations for orders you haven’t placed
  • Credit card applications
  • Online shopping advertisements


All of which are emails you are likely to see as the holidays get underway. Please stop and think about the source before opening an attachment or clicking on a link, especially if the email is unexpected.


Successful scammers may use your credit card information to buy themselves something nice, but they are likely to use compromised Duke credentials to send spam from Duke mail systems, or steal Duke data.


Duke uses challenge questions to verify your identity via phone if your NetID account becomes compromised. To be entered to win an iPad 3or Nexus tablet, go set or update your challenge questions at: Everyone who completes our quiz, changes their NetID password, and sets or updates their challenge questions will be entered to win!