September 24, 2012
More on the Internet Explorer Vulnerability

On September 18th, we sent out information on a vulnerability in Internet Explorer. On Friday, September 21, Microsoft issued a patch for that vulnerability. You should have seen it in an update to your computer either Friday or this weekend.

If you're not sure if you've received an update, you can go to the Start menu...Windows Update...and view your update history (you should see a recent Cumulative patch for IE). Or, to ensure your computer is up to date, select Windows Update...and Check for Updates.

If you have questions about the update, you can contact the Computer Support Hotline at 515.294.1725 or via email at eithotline@iastate.edu

Posted by dcoates at 04:09 PM
September 21, 2012
And Yet More Phishing

Most of you are aware of phishing attempts by now. We've been seeing a few new ones the last week or so and this one in particular, I know went out to quite a few of you:

Your Iowa State Email account has been reported for numerous spams Activities from a foreign ip recently. As a result you may not be able to receive or send new mail.
However, you might not be the one promoting this Spam, as your e-mail account might have been compromised. To protect your account from sending spam mails, You are to confirm your true ownership of this account, Kindly CLICK HERE fill the form and login again.

Failure to do this will violate the ITS Policy.This will render your account inactive.
NOTE!!: You will be sent a password reset message in next seven (7) working days after undergoing this process for Security reasons.
The office of Information Security will keep this updated if information should change, but we encourage all users to run their updates after the expected release of this patch.
Authorised by: Jim Davis,
Vice Provost for Information Technology and Chief Information Officer.

A few things to notice here:

  1. They've gone to the trouble to gather an ISU logo, made it appear that the email is from the Solutions Center, and used Jim Davis's name (CIO for ISU)
  2. However, it's also badly formatted and sends you to a link that isn't at Iowa State (the link for most of you has been removed)
  3. Also, password resets do not work this way on the ISU network
  4. No one should ever store your password except you and the system itself

If you ever have questions about emails like this, don't hesitate to ask the hotline (515.294.1725 or eithotline@iastate.edu).

Posted by dcoates at 11:16 AM
September 18, 2012
Internet Explorer Vulnerability

Many of you have probably seen the warnings in newspapers and news reports about a new vulnerability in Microsoft's Internet Explorer. There have been some identified attacks targeting this vulnerability, but at the present time these attacks do not appear to be widespread. An attacker who is able to exploit this vulnerability would have the same user rights as the current user. Because Extension computers should be operating with power user rights not administrator rights, an attack, if it happens, will have less impact on the computer.

Microsoft is working on a patch for the vulnerability and will be issuing an update shortly.

Things you can do:

  1. Be sure your computer has the latest updates for Windows, Office, and EndPoint Protection (your anti-virus program).
  2. Don't click on unknown links or visit untrusted websites.
  3. Operate your computer as a power user (when you're logged in with your Net-ID) not as an administrator
  4. Be aware of where you are on the web, what links you click on, suspicious emails, etc.

Some people are recommending switching to a different browser for the moment. We do not think the threat warrants that approach at this time, but will update you as the situation develops.

If you have additional questions, please contact the Computer Support Hotline at 515-294-1725 or via email at eithotline@iastate.edu

Posted by dcoates at 11:38 AM