We used to fish for fish. Now the phish phish for us.

They just keep coming. Innovative phishing scams, appearing to come from a legitimate email address, sometimes from our own domain, asking for us to update our account or login to fix or confirm something right away...or your account will be terminated.

This is social engineering at its best. It's like the snake oil salesmen of old. Wiley miscreants who charm us to act...buy something or, in this era, give something up. Your username and password! This is how they steal your identity. Once they get a little about you, they can find ways to get more.

Never ever ever respond to emails that ask you to give up information about your accounts, usernames, passwords or other personal information. If a legitimate organization wants your attention, they would never ask in an email. If in doubt, ask. DON'T ACT.

There is a sucker born every minute. All these scams need is one in a million to make it worth their while. Don't let it be you.

Campaigns and Email

As the November election approaches, each party will be reaching out to voters via email. If history repeats itself, we will see a crescendo of email coming to the PSU mail servers in the weeks leading up to Election Day. In 2004, the Kerry campaign flooded the PSU email server. We had little choice but to block them to avoid overloading the server.

Unfortunately, mass emails tend to reflect characteristics of spam. The email server is neither Democrat or Republican. It treats all spam equally and blocks the mass mailings.

Many of us want to get these emails. Here again is a good reminder that we should all have a personal email separate from our PSU email account. We need to keep the PSU email flowing for its primary function...PSU communications and classes.

Gmail.com, hotmail.com and yahoo.com all provide free email services. If you have internet service at home, you probably have an email account from the provider. If you have questions, just ask.

Students paying big bucks in penalties for sharing music files

The Recording Industry Association of America (RIAA) is serving 'pre-warning' litigation letters to thousands of students on college and university campuses. These letters are served to campus IT departments, which in turn are obligated to deliver them to students. They indicate that the computer at a specified internet address has been serving up copyrighted materials illegally. If that internet address is assigned to you, you're on the hook. The letters warn that a civil law suit will follow. Students, however, have an option to settle in advance at a discounted rate, often for several thousand dollars. (Read more)

Regardless of what you think of the tactic or the music industry, they mean business. If you are using a music file sharing software and you're sharing those files with others, you are vulnerable. PSU does not condone or support file sharing. It is wrong and illegal.

Please stop! In addition to the RIAA, Congress is starting to get involved, too. If the practice continues, higher ed institutions may be required to exert controls around specific types of traffic on our network. That will have consequences for legitimate file sharing and traffic as well.

You have alternatives! Use your iTunes for music streaming. Go to Ruckus.com or another free music service. Share your CDs. But stop grabbing and sharing music for free with file sharing programs!

If you don't, you may pay dearly.

Key Under the Flower Pot

 

One of the most prominent threats to our networks and the sensitive data transmitted comes from legitimate users …us! Strong passwords are the most important cog in our security plan. We have access to many systems and sensitive information to do our jobs. However, many of us have never changed our passwords. For those who have, many use the names of pets, sons and daughters, or other words associated with our lives. Some use the word ‘password’ within their password. And others keep their passwords taped under their keyboard or on a piece of paper in their drawer. That’s like putting a key under the flower pot outside the front door of Fort Knox.

 

While these are all very logical, personal coping mechanisms, these are often the cause of security breaches. Any miscreant intent upon hacking into, say, the student information system, would look up a number of employee names, find their birth dates, scoop some information on immediate family members and pets, and then get down to business. It probably wouldn’t take long to find a match with some of the password cracking tools available. At that point, they might have access to sensitive data, grades, or worse, maybe pilfer private identity information.

 

Responsibility for security rests with all of us. To help alleviate the need for multiple PSU passwords, ITS has developed a single sign-on feature to myPlymouth. With one username and password, you can sign in to Banner, WebCT and many other internal sources of information. In the future, we’ll build more into that single sign on, making your life easier, but requiring us to be ever more vigilant in our methods of password management.

 

The most important thing you can do to heighten our security is to change your password routinely. Every three months is good practice, or at least once a year. Use passwords that include letters and numbers. Avoid names or common words that someone could guess. If you must write them down, avoid writing them next to the associated usernames. Protect them like you would your money and credit cards. Better still, confine them to memory.

And if you do have any keys under the flower pot, lose 'em.

Back to Campus, Fall 2007

As we prepare for fall 2007, here’s what you need to know about computing and technology.

Acceptable Use Policy: All PSU computer users are responsible for knowing and operating within the guidelines of the Acceptable Use Policy. If you’ve never seen it, or not in a while, take a look. It was updated by TAG (Technical Advisory Group) this past year. See www.plymouth.edu/infotech/ for this and other computing policies. Also, Security is everyone's business!

File Sharing on the network: If you’re sharing files for legitimate reasons, carry on. That’s what our network is for. If you are sharing or downloading copyrighted music or movie files, cut it out! The network police are watching… more

Voice Directory: We now have a voice activated directory that will allow anyone to call 535-3333 anytime and speak the name of the person you wish to reach. Try it. The more we use the system, the better the response rate. This works for all employees and students.

There will also be changes to the Print Directory. Because of the timing of the directory publication, employee listings are less-than-accurate when it goes to print. Consequently, and because of the new Voice Directory, employee listings will not be in the PSU directory. Instead, users will be directed to the Web directory in myPlymouth and www.plymouth.edu/search/directory.html. For those that still feel the need for a print copy, one will be available for download in the Staff Resources tab of myPlymouth .

ITS Annual Report: Want to know the priorities of ITS in the upcoming year? Are you familiar with the ITS governance structure? Want to see some interesting facts and statistics on technology use and the challenges we face in the upcoming year? See the ITS Annual online at my.Plymouth.edu (see Computing Resources Channel).

Changes to Allemp: The allemp (all employee) email list has undergone some changes this summer. Individuals may continue to send allemp messages updating the campus on events and programs. However, it will be collected and disseminated in a daily digest at 10 a.m.. The guidelines of use will not change: no selling, no proselytizing and no politicking. Also, messages to allemp must be embedded in the message itself—no attachments, please. Allemp is a good way to share information with your colleagues, but remember, overuse will lessen the impact. More…

PSU-Announce: A new employee email list has been created for official and emergency notices. Emails to PSU-Announce may only be sent by senior administrative offices.

Web Redux: The PSU Web team is engaged in a project to renovate the look and design of our campus Web pages. The emphasis of the PSU web has shifted to be our primary means of communication to external viewers and, more specifically, prospective students. Grad Studies has also revamped their Web pages. Expect to hear more about this as the semester progresses. As part of this project, more and more Web pages for internal PSU business have been shifted to my.Plymouth.edu\Groups\. There you will find many areas for storage and dissemination of committee and meeting minutes. Check it out. Log on to myPlymouth and click on the Groups icon in the upper right.

Technical Advisory Group (TAG): This group of representatives from various campus constituents meets monthly during the academic year. The role of the group is advisory to the CIO as we grapple with the fast changing technology environment. The TAG also is responsible for allocation of the funding from the student technology fee. Each month we discuss critical issues facing the campus and form recommendations for either implementation by ITS or the President's Cabinet. To get a sense of where we've been and what has been discussed, please see the Technical Advisory Group in myPlymouth groups . Feedback is always welcome.

RIAA Means Business: Stop File Sharing

Every semester we provide a warning about sharing music and movie files over the PSU network. This activity is illegal and is being closely scrutinized by the Recording Industry of American (RIAA). They've filed legal action against students in the past and they plan to continue. That aside, file sharing of copyrighted material is wrong and we expect better from PSU students.

For many of you living on campus, the broadband connection for every student is quite a luxury. You have a world of information at your fingertips. But with that broadband comes responsibility.

PSU is an ISP (Internet service provider). You are a user on our network. We do not monitor your network use or where you go. However, if we see a network slowdown, and it points to your computer IP address, and it looks like a lot of file sharing activity, we’ll cut off that port until you stop. We do that because those network traffic jams tie up everyone around you.

You also make yourself vulnerable to the Recording Industry Association of America (RIAA). They look for their copyrighted material getting slung around the Internet. If they see it coming and going from your computer, they can file civil or criminal charges. First they would contact PSU and notify us that someone at a specific IP address is sharing their copyrighted material. We, in turn, must notify you to cease and desist the alleged behavior. If they want to bring charges, and they have, they will go right to you. At that point, you’re on your own.

PSU has an Acceptable Use Policy for computing on our network. It’s worth a read…you’re accountable to it. Please do not use our network to share files illegally or against copyright. Just because you can doesn’t mean you should.

For more information, see www.campusdownloading.com.