Posts Tagged ‘security’

Techie Tip of the Week: Watch the Security Video

Friday, January 25th, 2013

20130127-182535.jpgStanford’s Information Security Office has put together important videos for the Stanford community covering tips for staying safe online. Two videos were produced — one for students; the other for faculty and staff. For those with dual student and employee affiliations at the University, viewing both videos is required.

University employees who have not yet watched the video will be required to do so by March 12.

The 12-minute videos are available now in the Accounts Application (

A summary of key information will be sent to the person via email after the video is played. Afterward, the video will remain available for viewing within the Account Application (

If a person has not watched the video(s) within the allotted time frame, that person’s next login attempt to any authenticated Stanford web site via WebLogin will be redirected to the awareness video to complete this requirement before being permitted to proceed.

For more information, visit these sites:

Techie Tip of the Week: Use 2-Step Authentication for Extra Security

Friday, January 4th, 2013

Hackers, identity thieves, and other nefarious folk are constantly trying to gain access to your information. Although having a good password is a great idea and is important to protecting your information, using 2-step authentication really makes it quite difficult for others to obtain your data.

Two-step authentication (also known as 2-step verification or 2-factor authentication) uses two types of authentication to verify your identity: your password and an authentication code. In order for a thief to steal your data, they would need to know not only your password, but also have access to the the code (which can be set to change every 30-60 seconds).

Google has been allowing people to use two-step verification for a while now. And now, it’s available at Stanford.
Two-step authentication is required to access Stanford systems that have higher than normal levels of security, such as critical business or infrastructure systems. In addition, two-step authentication can help protect your Stanford account should someone other than you learn your password.

To learn more about two-step authentication, go to

To enable two-step authentication:

  1. Go to
  2. Click Manage.
  3. Click Two-Step Auth.
  4. Click Enable and follow the on-screen instructions.

Then, to use two-step authentication:

  1. Visit the protected site.
  2. At the SUNet ID login screen, enter your SUNet ID and password, as always.
  3. If you are using Google Authenticator, launch it and enter the Google Authenticator code.
    If you are using Text Messaging, enter the code that comes with the text message.
    If you are using the Printed List method, enter one of the codes (each code can be used once).

Techie Tip of the Week: Facebook’s New Privacy Policy

Friday, December 28th, 2012

Recently, Facebook updated its privacy policy (again). As reported in the blog, here are the top 3 new policy changes you should be aware of:

By default:

  1. Facebook now shares your data with advertisers and affiliates. These include all your Likes, comments, and data provided when registering for a Facebook account. Facebook notes in its Data Use Policy that this info may include sensitive subjects like “religion, health status, or political views.”
  2. Anyone on Facebook can now send you a message and anyone on a message thread can reply to it.
  3. Almost everything you post is visible. Anyone, not just friends, can tag you and link to your Facebook content. Even Randi Zuckerberg, Facebook CEO Mark Zuckerberg’s sister, who had a photo she thought was private broadcast to the world.

For more information, or to comment on the new privacy settings, visit Facebook’s Site Governance at

To view or update your personal Facebook privacy settings, go to



Techie Tip of the Week: Don’t Click that Link!

Friday, December 14th, 2012

Staying safe on the Internet is challenging. It is technologically easy for nefarious hackers to create emails, web pages, and other documents that look like they are from real, trustworthy entities (e.g., banks, e-commerce sites,  or universities).

Be wary of emails or web pages that ask for your username, password, social security number, home address, or other personal information.  Check to make sure these requests for information are from legitimate businesses or sources before responding.

Here are some tips for protecting yourself from phishing scams:

  1. Pay attention to the headers in the email (the to field, the from field, the subject field, etc.). Make sure the email is coming from legitimate locations.  Recently, a phishing scam attacked Stanford University – in the header,  here was the From: “Computing Services” <>. If this were a legitimate email, it would have likely come from “” or “” or from Matthew Ricks, head of Computing Services personally.
  2. Never click on a link from within an email.  Always open a web browser and manually type in (or copy and paste) the URL yourself.  It is easy for “phishers” to make links appear to go one place, but really go someplace else.  Just because a link says it’s going to PayPal or some other legitimate location  doesn’t necessarily mean it will actually take you there.For example, in the phishing attack that hit Stanford, the phishers used a link that contained part of the real URL (, but also contained a number of extra letters and numbers at the end ( Pay attention to the URLs in an email and never simply click the link.
  3. Realize that it is easy to create legitimate-looking websites. Victims of the phishing scam that hit Stanford were sent to a website that looked exactly like the real site that people would have gone to if it were legit. Simply because the site LOOKS real doesn’t mean that it is.Pay attention to the URL in the address bar. Does it contain extra letters or substitutions (e.g., 1 for l) that shouldn’t be there?

    For example, these are fake:

    This is the real address:

For more tips on protecting yourself from phishing, visit the Federal Trade Commission’s Anti-Phishing tips site:

Techie Tip of the Week: Disable Siri Access on a Locked iOS 6 Device

Friday, October 26th, 2012

One of the new “features” of iOS 6 is that you can make phone calls, send emails, compose and send texts, search Google and send the results to a contact — all from a LOCKED iPhone. While this might be a great convenience and useful feature for people on the go, Siri can’t yet distinguish between voices. So if anyone gains physical access to your phone, holds down the Home button, and tells Siri to send a letter of resignation to your boss, your iPhone will happily comply.

To disable Siri access on a locked phone:

  1. Tap Settings.
  2. Tap General.
  3. Tap Passcode Lock and enter your current passcode.
  4. In Allow Access When Locked, in Siri, slide to Off to prevent Siri from being activated when the phone is locked.

iphone with siri onarrow pointing rightiphone with siri off

Techie Tip of the Week: It’s Cyber Awareness Month – Be Safe Online!

Friday, October 19th, 2012

In honor of national cyber security awareness month, this week we’d like to point out some of things you can do to make your online experience safer!

From the National Cyber Security Alliance, here are the top 31 security tips. One for each day of the month!

Techie Tip of the Week: Turn Off Tracking in iOS 6

Friday, October 12th, 2012

You may have heard the news earlier this week that Apple has quietly restarted allowing advertisers and other third parties to track your online behavior as you use apps and browse on your iPhone/iPad/other iOS device. Although it doesn’t identify you as a person, the new technology in iOS 6 does tell advertisers enough information to infer your online behavior.

Today’s tip shows how you can turn off this so-called IDFA (IDentifier For Advertising) technology:

  1. On your iOS 6 device, tap Settings.
  2. Tap General (not Security).
  3. Tap About.
  4. Tap Advertising.


  5. In Limit Ad Tracking, slide to ON.

Once set to ON, you’ll no longer be tracked by advertisers, developers and producers of apps and sites.

Techie Tip of the Week: Yahoo! Usernames and Passwords Exposed – What to do

Friday, July 13th, 2012

You may have heard that hackers recently exposed thousands of credentials for users of Yahoo! Voice.

What can you do to ensure you’re not one of them? Sucuri Malware Labs has set up a web site that checks to see if your account was one of those that were hacked:

  1.  Go to the Sucuri Malware Labs Yahoo Leak Password Checker website:
  2. In the Your email field, enter your email address (note that you can sign into Yahoo! Voice using other email addresses, so you may want to check all of your email addresses, not just your Yahoo! account).
  3. Click Check email.

Hopefully your account wasn’t one of the nearly half million accounts that were leaked. But if it is, what should you do? As Sucuri notes in their blog posting “What Should I Do If My Email is in the Yahoo Leak”:

  1. Immediately change your Yahoo password.
  2. Change the password of any account that was using the Yahoo password.
  3. If you use Yahoo! Voice, you should change your password even if your account isn’t on the list of compromised accounts. When security has been breached on a secured site like Yahoo!, you should assume that all of the data are compromised, not just those that have been shown to be exposed.
For an analysis of the leak, including an analysis of the passwords people had been using, visit Sucuri’s analysis:

Techie Tip of the Week: Beware of Viruses and Trojans like DNSChanger

Friday, July 6th, 2012

20120707-132219.jpgYou may have heard the news — the trojan DNSChanger is set to wreak havoc on the Internet this coming Monday.

I think this is a good time to remind everyone that they should have up-to-date anti-malware programs installed and activated on their machines — and, yes, this means Mac users, too!

Stanford people can go to the Essential Stanford Software website ( to download and install the Sophos anti-malware tool.

More information on the DNSChanger trojan can be found at:

Techie Tip of the Week: Update and Use Anti-Virus Software! (Even Mac Users!)

Friday, May 18th, 2012

Virus rezon

Most Windows-based users know that they need to keep their computers patched and protected from viruses. But many Mac users have the mistaken impression that viruses, trojans, and other malware is just for Windows.

Not true! Macintosh machines are vulnerable to attack as well — there are just fewer malware attacks against Macs since it’s more difficult to create and deploy them.

As published in a recent article in the NY Times, one of the largest, widespread attacks against the Mac OS X operating system has recently hit Mac users, and it’s infected a half-million machines. First discovered in September, “Flashback” allows a remote hacker to gain access to your computer or download further malicious code to your Mac.

The fix? Make sure you have installed anti-virus software, and are ensuring that the tool is kept up-to-date.

Stanford has site-licensed the Sophos Anti-Virus software and Stanford people can download it for no additional charge by visiting (both Macintosh and Windows versions are available for download).

Until next week, safe travels on the ‘Net!