There has recently been some interest in Sendori, a web service that offers content filtering and Domain Name System (DNS) services. This can be a useful service for home computers or personal devices, but it is inappropriate for use on our business network.
In no particular order, the top reasons to think twice before using Sendori:
- Sendori is redundant. Davenport already employs content filtering to protect users on our network. We also contribute information to several global projects that protect internet users worldwide.
- Sendori degrades performance for some sites. Davenport utilizes a private local network, with many resources not exposed to the internet. We run our own DNS services locally that provide name resolution for both local resources and internet resources. Sendori handles requests for internet resources only and cannot handle requests for local resources, introducing at best a delay and at worst a loss of service for local resource lookups. As an example when visiting www.davenport.edu, Sendori would return our public address (18.104.22.168) while our local DNS service returns the local address (192.168.x.x); the local address is faster and more reliable when accessing www.davenport.edu on campus.
Fortunately, Sendori is easy to remove, simply uninstall Sendori through Add or Remove Programs in the control panel.
There have been lots of news stories lately about Java vulnerabilities. And even after Oracle fixes one, another popped up quickly. Further muddying the waters, we have official recommendations to avoid Java altogether.
So why is Java attracting so much interest? It is not because it has suddenly become less secure, but simply because it is currently being targeted by malicious individuals.
The latest exploits were using two different components to exploit Java, an initial method to allow access to other classes and then a secondary vulnerability in a different class to facilitate the malicious access (analysis). The fix released by Oracle with Java 7 update 11 basically fixed one of those components while leaving the other unpatched. This resulted in the rapid emergence of another vulnerability that malicious individuals can quickly implement.
What if you need Java for some applications so uninstalling it completely is not an option? What can you do to protect your computer, your accounts, and your information both now and in the future?
There are two basic options: a two-browser system or Java blocking.
A two browser system involves utilizing two web browsers – one with Java blocked or disabled, and the other with Java enabled. For regular browsing you would use the web browser with Java blocked or disabled. When you wish to access a trusted site that requires Java you would use the second browser with Java enabled. This approach would typically use two completely different web browsers, for example: Firefox with Java blocked/disabled for normal browsing, and Internet Explorer with Java enabled for Java-only websites.
Java blocking involves disabling or blocking Java in some way so it cannot be activated automatically by visiting a website. This would typically be accomplished by utilizing a Java blocker such as NoScript for Firefox or NotScripts for Chrome. The default is to block all Java content, and exceptions can be granted for certain trusted sites that require Java.
Now we even have a fake Java patch in the wild that is actually malicious software (malware). This patch preys on the fear stirred up by the frenzy of Java news articles and the lack of standard methods for all computer software updates. As mentioned previously, remember to only apply updates from a trusted source. In this case Java updates should only come from Oracle. Use the built-in Java update mechanism to easily update your version of Java.
Weak passwords continue to be in the news, with the latest from Deloitte stating that “more than 90% of user-generated passwords can be made vulnerable to hacking in a matter of seconds”
Full article here.
Davenport’s recommendation for choosing good passwords remains the same: pick long passwords that are easy to remember, and do not re-use passwords from one website or service to another.
There have been reports of individuals receiving emails or faxes purportedly from the IRS requesting personal information.
Please keep in mind that the IRS does not initiate contact with taxpayers to request personal or financial information.
For additional guidance please see: http://www.irs.gov/uac/Report-Phishing
If you receive a suspicious IRS-related fax or email please send to
email@example.com (Subject: FAX).
If you have completed the fake form please file a complaint by visiting
the IRS Phishing page and selecting “Complaint Assistant” or visiting
We recently saw a large number of invitations from the social networking site skillpages. These messages indicate they were sent by a friend or co-worker, and encourage the recipient to join the skillpages service.
Following the link in the email and entering your name and password will result in the creation of an account. Skillpages then prompts you to “activate your networks” by adding a social networking or email account, as seen below:
Once this step has been completed, skillpages prompts you to email any contacts who do not already have a skillpages account to encourage them to join. This step defaults to selecting all contacts not already in skillpages, requiring manual action to deselect any accounts. It is also worth noting the large, prominent “Invite Your Contacts” button and the much smaller, gray “Skip” option:
The vast majority of individuals I have spoken to indicate they did not realize an email would be sent to nearly everyone in their contact list and did not want that to occur. Preventative measures have been taken due to the large number of email messages received from this site, as well as the number of help desk calls generated from individuals who question the legitimacy of the invitations or who inadvertently sent invitations to their contacts. For further details on these measures please contact the CSC.
If you created an account and decide you no longer wish to maintain that account, it is relatively simple to delete.
First, access the settings tab
Second, scroll down to the bottom and select “Click here to delete your account”