Category Archives: Security

Email Delivery Issue

On Friday, a Michigan Tech email user reported to the Department of Public Safety and Police Services (DPSPS) that they were receiving abusive email from a third party. As part of this investigation, DPSPS and Information Technology worked to redirect email from this third party to the officer’s email account for further investigation.

Unfortunately, due to an error in the redirect rule we created, any email between 9:00 PM Friday and 7:45 AM Saturday was delivered to the DPSPS officer’s account. That officer’s account was locked at 7:45 AM on Saturday, and the officer was not able to read the email. The mis-configured rule was also disabled at 7:45 AM Saturday.

Due to the volume of email that was sent and received, most messages from that time period are now reporting as delayed or undeliverable.

Information Technology is working to retrieve all email that was sent to and/or from @mtu.edu and deliver it to the intended recipient. In other words, any message sent either to a Michigan Tech account or from a Michigan Tech account during this time period was held up in this process. If you attempted to send an important message during this time period, please resend it. A copy of the message should be available in your “Sent” box.

We take privacy seriously and are working to restore the email from this event. We are developing additional controls around this process to prevent future occurrences.

Please contact Information Technology at it-help@mtu.edu or (906) 487-1111 with questions or concerns.


Efforts to cut down on spam and phishing email

Michigan Tech IT has seen an increase in spam and phishing email enabled by email spoofing—when a user or system sends an email with a forged header so that it appears to be from an @mtu.edu address. We have been working on solutions, and on March 7 a preventative measure will be enabled to help reduce spoofing. After the change is made, email sent from a forged @mtu.edu address will have a much greater chance of being marked as spam.

We recognize there are legitimate tools that include spoofing as a feature (e.g., survey software) and have pre-approved many of the services used on campus that include spoofing as a part of their normal operation. The following will not be impacted by this new tool:

  • Alumni – iModules
  • Qualtrics Surveys
  • Survey Monkey
  • Collegiate Link/Campus Labs
  • EMAS Recruiting software
  • Systems on campus that relay mail through IT-run services

If you use a tool that isn’t listed above, and the email that it sends appears to be from an @mtu.edu address, please contact us so that we can make sure your service isn’t affected. If you have any questions or experience any issues sending legitimate “spoofed” email after March 7, please contact us at it-help@mtu.edu or 7-1111.


VPN Update

Last week we updated on-campus, on-domain PCs to use the new VPN server. Notably, the new VPN server supports Windows 10 and OSX Yosemite.

On  September 22 at 6 AM, we are going to switch everyone over to using the new VPN. From that point forward, you will be using the new hardware when you go to vpn.mtu.edu.

Documentation on installation and usage of the new VPN client is available at www.it.mtu.edu/vpn.

If you have any issues, please contact IT at it-help@mtu.edu or 906-487-1111.


OUCH! September

Check out the September issue of OUCH! This month’s issue focuses on two-step verification. Specifically, what two-step verification is, why it’s so important and the steps to enable it. We ask you share OUCH! with your family, friends and coworkers.

English Version (PDF)
http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201509_en.pdf

Translations & Archives
http://www.securingthehuman.org/ouch/archives


MichiganTech Wireless Changes – Certificate Warning

Michigan Tech is implementing a new controller for the MichiganTech wireless network.  This change is needed to implement AirPrint and GooglePrint features this fall.  This change will only affect the MichiganTech SSID.

After Wednesday August 19 at 7 AM you may see a certificate popup on your mobile device or laptop (similar to the image below).  When you see this message, click Accept and you will continue to be connected to the wireless network.

As always, if you have any issues or questions, please contact IT Help at 906-487-1111 or it-help@mtu.edu

CP_cert


Protecting your identity – BCBSM breach

By now, many of you have heard of the data breach at Anthem, which may have also leaked data of Blue Cross Blue Shield of Michigan (BCBSM) members.  While BCBSM is still investigating what member data has been breached, we do know that Anthem stored data on BCBSM members who received health care in a number of states outside of Michigan.  The data accessed includes names, date of birth, member ID/social security numbers, addresses, phone numbers, emails addresses, and employment information.

Though the investigation as to the extent of the exposure of BCBSM data is still underway, there are a number of steps that all users should take:

  • Monitor you current accounts for any unusual activity.  Data from the breach may be used to try to answer security questions and access your accounts.
  • Sign up for fraud alerts with each of the three major credit bureaus.  This will notify potential credit grantors to verify your identity before extending credit.  This will stay on your account for 90 days and will allow time for BCBSM to complete their investigation.
  • Obtain a current copy of your credit report. You can receive a free copy of your credit report once every 12 months at: https://www.annualcreditreport.com.
  • Be aware of unexpected changes to your credit report or credit score.  Many sites will monitor your credit but may charge a fee.  CreditKarma is a well-respected free site for monitoring your credit score and can be found at: https://www.creditkarma.com.
  • Be suspicious of any email related to the breach that asks you to give personal information.  Anthem will be directly notifying all impacted members via postal mail and will advise you on the next steps to take.  Many cyber criminals are using the incident to target potential members with phishing attempts. If you receive an email that appears to be from Anthem and contains a “click here” link for credit monitoring, it is a scam!
    DO NOT click on any links in an email appearing to be from Anthem.

    • DO NOT reply to the email or reach out to the senders in any way
    • DO NOT supply any information on the website that may open if you do click on a link.
    • DO NOT open any attachments that arrive with email.
  • If you have received heath care services in California, Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, Missouri, Nevada, New Hampshire, New York, Ohio, Virginia or Wisconsin, you should contact Anthem at 1-877-263-7995 or visit their website: http://www.anthemfacts.com/.

Online security while traveling – read the latest issue of OUCH!

The SANS Institute has released its February issue of OUCH!, a monthly security newsletter. This month’s issue covers how to securely stay online and get work done while traveling.  With more and more people connecting while on the road, this is the perfect time to cover how to do it securely.  We encourage you to download and share OUCH! with others.

English Version (PDF)
http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201502_en.pdf

Translations & Archives
http://www.securingthehuman.org/ouch



Regarding recent stories about Google credentials posted on Russian web site

There are a number of news services running a story about a Russian web site posting the gmail and mail.ru credentials of approximately 5 million users.

The 5 million passwords that were posted on the Russian website include a significant number of passwords for Google accounts. These passwords appear to have been acquired over several years worth of phishing campaigns by various hacking groups. Google has reviewed the list and believes that the majority of the accounts on the list have already been suspended or had their password change since the credentials were acquired.

Currently there appears to be no reason to worry about this incident. IT will continue to monitor the situation and work on verifying that no @mtu.edu accounts were on the list.


Important information on the Heartbleed vulnerability

Michigan Tech IT has set up a web page describing the Heartbleed vulnerability and what you should do about it. The page can be found at: https://sites.google.com/a/mtu.edu/heartbleed—what-you-need-to-know/.

Here are some important points:

  • Don’t panic! If you haven’t used a site since Monday April 7th, your information at that site probably isn’t at risk.
  • If you have used a vulnerable site since April 7th, you should change your credentials on that site, but only after they have patched their system. The IT site listed above has the steps that you should take prior to changing your password so that you don’t put your account at further risk.
  • There are many phishing/spam messages being sent to users trying to leverage the media attention regarding Heartbleed to convince you to visit their site and enter your credentials. They will often appear to be your bank or other major online sites telling you that you need to update your account.

Questions? Please contact IT at it-help@mtu.edu or call (906) 487-1111.