Monthly Archive for January, 2013

Sendori and DNS

There has recently been some interest in Sendori, a web service that offers content filtering and Domain Name System (DNS) services. This can be a useful service for home computers or personal devices, but it is inappropriate for use on our business network.

In no particular order, the top reasons to think twice before using Sendori:

  • Sendori is redundant. Davenport already employs content filtering to protect users on our network. We also contribute information to several global projects that protect internet users worldwide.
  • Sendori degrades performance for some sites. Davenport utilizes a private local network, with many resources not exposed to the internet. We run our own DNS services locally that provide name resolution for both local resources and internet resources. Sendori handles requests for internet resources only and cannot handle requests for local resources, introducing at best a delay and at worst a loss of service for local resource lookups. As an example when visiting www.davenport.edu, Sendori would return our public address (66.202.201.121) while our local DNS service returns the local address (192.168.x.x); the local address is faster and more reliable when accessing www.davenport.edu on campus.
  • Sendori decreases your privacy. The DNS service you choose to use can learn a great deal of information about your browsing habits and interests. The first time you visit any website there will be a DNS lookup to resolve the website name into a numerical service address. A DNS service provider could record the incoming requests and learn a good deal about your browsing habits. At Davenport, we utilize central DNS servers that handle all requests to avoid passing more information than necessary to DNS service providers. That means the when using our central DNS servers it is very difficult for any external company to tie DNS lookups to a specific individual and gather data on them. Utilizing the Sendori service allows a record of every domain visited to be gathered for a certain individual. Sendori’s privacy policy allows them to store data for 18 months and utilize cookies and pixel tags for data collection.

Fortunately, Sendori is easy to remove, simply uninstall Sendori through Add or Remove Programs in the control panel.

 

Java Security

There have been lots of news stories lately about Java vulnerabilities. And even after Oracle fixes one, another popped up quickly. Further muddying the waters, we have official recommendations to avoid Java altogether.

So why is Java attracting so much interest? It is not because it has suddenly become less secure, but simply because it is currently being targeted by malicious individuals.

The latest exploits were using two different components to exploit Java, an initial method to allow access to other classes and then a secondary vulnerability in a different class to facilitate the malicious access (analysis). The fix released by Oracle with Java 7 update 11 basically fixed one of those components while leaving the other unpatched. This resulted in the rapid emergence of another vulnerability that malicious individuals can quickly implement.

What if you need Java for some applications so uninstalling it completely is not an option? What can you do to protect your computer, your accounts, and your information both now and in the future?

There are two basic options: a two-browser system or Java blocking.

A two browser system involves utilizing two web browsers – one with Java blocked or disabled, and the other with Java enabled. For regular browsing you would use the web browser with Java blocked or disabled. When you wish to access a trusted site that requires Java you would use the second browser with Java enabled. This approach would typically use two completely different web browsers, for example: Firefox with Java blocked/disabled for normal browsing, and Internet Explorer with Java enabled for Java-only websites.

Java blocking involves disabling or blocking Java in some way so it cannot be activated automatically by visiting a website. This would typically be accomplished by utilizing a Java blocker such as NoScript for Firefox or NotScripts for Chrome. The default is to block all Java content, and exceptions can be granted for certain trusted sites that require Java.

Now we even have a fake Java patch in the wild that is actually malicious software (malware). This patch preys on the fear stirred up by the frenzy of Java news articles and the lack of standard methods for all computer software updates. As mentioned previously, remember to only apply updates from a trusted source. In this case Java updates should only come from Oracle. Use the built-in Java update mechanism to easily update your version of Java.

Passwords, Revisited.

Weak passwords continue to be in the news, with the latest from Deloitte stating that “more than 90% of user-generated passwords can be made vulnerable to hacking in a matter of seconds”

Full article here.

Davenport’s recommendation for choosing good passwords remains the same: pick long passwords that are easy to remember, and do not re-use passwords from one website or service to another.

IRS Phishing Scam

There have been reports of individuals receiving emails or faxes purportedly from the IRS requesting personal information.

Please keep in mind that the IRS does not initiate contact with taxpayers to request personal or financial information.

For additional guidance please see: http://www.irs.gov/uac/Report-Phishing

If you receive a suspicious IRS-related fax or email please send to
phishing@irs.gov (Subject: FAX).

If you have completed the fake form please file a complaint by visiting
the IRS Phishing page and selecting “Complaint Assistant” or visiting
http://www.ftccomplaintassistant.gov.