Security and Privacy

You are currently browsing the archive for the Security and Privacy category.

The UVM Information Security policy (see procedure specifies that all university-owned laptops must use approved encryption software to protect the University (or other confidential data) that may be stored on them. CHWB stands by this policy (of course) and encrypts every laptop with BitLocker.

The products below may also be used to encrypt flash drives and other media that are used to store or transport such data.

Computers that run Windows 7 or Windows 8 should be encrypted using Microsoft BitLocker.

Macintosh computers running OS X 10.8 Mountain Lion or OS X 10.9 Mavericks should use FileVault 2 and Casper to encrypt and manage recovery keys.

Computers with older versions of OS X are strongly encouraged to upgrade (free through Apple Store).

We’ve all encountered these things—official-looking email messages that say "Click here to reactivate your account,” or “Click here to confirm your identity,” etc. These messages can be tempting because they often seem like the real deal. They might talk authoritatively about bank balances or email quotas, and they can look awfully official.

But hopefully there’s also a nagging suspicion that makes you wonder if messages like these are “real” or some kind of scam.

In truth, these things are almost always “Phishing” attempts.

A Quick definition from our friends at Wikipedia:

Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

But how do you tell the real emails from the scams?

Geoff Duke over at UVM Enterprise Technology Services has written about how he tells the difference, and it’s a good read. Check it out, and look for the reference to phish-headed Star Wars character, Admiral Akbar.

As many of you know, your UVM NetID+password allows you to log on to virtually any CHWB computer and "get ‘er done," as we say East of Waterbury. Do this and you’ll have access to the CHWB share and to all of your "MyDocs" stuff: spreadsheets, word documents, family pictures, whatever. It’s magic.

The thing is, You Must Use The Force Wisely.

Never ever ever ever ever "borrow" someone’s computer this way if you’re just going to wander off without logging off the computer. HEY, IT HAPPENS.

And if it happens to you, the next person who sits down at that computer can, you know, look at all those family pictures, study those child support spreadsheets, read that thinly-fictionalized workplace-revenge novel. Worse yet, they could read something they shouldn’t read about a student.



Addendum One: Truth be told, if you log onto someone else’s computer, all of your "MyDocs" stuff (see above) will be copied onto that computer. And there it will live, forever–inaccessible to the casual user, but fully accessible to someone with the know-how, the access rights, and the willingness to put make the effort. Moral of the story: try to maintain a relatively monogamous relationship with your one true computer.

Addendum Two: I guess I should also point out that checking your email in a public place like the Davis Center is a great thing, but do NOT leave your email open when you leave. LOG OFF.

Sharing computer passwords has never been a great idea.
It became less of a great idea at the end of 2004 when our computer passwords and email passwords became one in the same.
Now I’m just going to call it a bad idea.
Here’s why:
Effective April 1, 2006, you use this same username and password to access your Human Resources and Payroll information on the new Catalyst (Peoplesoft) system. If you’ve shared your password with me, I’ll be able to:

  • View your paycheck
  • Manage your direct deposits
  • Update your tax information
  • Mess around with your online timesheet

…I don’t think you want me to do that.
What can you do?

  1. If you’re a password-sharer, Change your password
  2. Stop sharing your password

Directions for changing your password are here:

Skip to toolbar