2018 Cyber Security Awareness
October is quickly approaching and we are actively planning for Cyber Security Awareness at Tufts.
- Enter the Annual Password Cracking Competition - The fall 2018 password cracking contest, a time-honored tradition in Ming Chow's Security class (COMP 116) is now up!
- Want some practice first? Try cracking the passwords from summer 2018. (e.g. freebee: the password for "portugal" is "Pentaldo" (cAsE sEnSiTiVe)
In the News/Info
- In the News 10/9: "US Department of Defense Just Beginning to Grapple with Scale of Weapon Systems Vulnerabilities"
- The skinny: https://www.gao.gov/mobile/products/GAO-19-128
- The full document (50 pages): https://www.gao.gov/assets/700/694913.pdf
- Discussion on Hacker News: https://news.ycombinator.com/item?id=18177617
- In the full document, there is this gem: The test reports indicated that test teams used nascent to moderate tools and techniques to disrupt or access and take control of weapon systems. For example, in some cases, simply scanning a system caused parts of the system to shut down. One test had to be stopped due to safety concerns after the test team scanned the system. This is a basic technique that most attackers would use and requires little knowledge or expertise. Poor password management was a common problem in the test reports we reviewed. One test report indicated that the test team was able to guess an administrator password in nine seconds. Multiple weapon systems used commercial or open source software, but did not change the default password when the software was installed, which allowed test teams to look up the password on the Internet administrator privileges for that software. Multiple test teams reported using free, publicly available information or software downloaded from the Internet to avoid or defeat weapon system security controls.
Stay tuned for more Cyber Security activities/info!
THEME: Our Shared Responsibility
Securing the Internet and information is our shared responsibility. Below are some tips for staying safe online.
Tips for being #CyberAware
Passwords are your lock and key! Don't share or reuse!
Your username and password are a target and valuable online. If they get stolen, you want to minimize the impact. Here are some tips for keeping passwords protected:
- Don’t reuse the same password at multiple places
- Don’t share your password with others or send it in an email
- Choose strong passwords or enable 2-step verification (Use a combination of letters, numbers, and symbols or passphrases)
- Forgetful? Use a password storage app that is encrypted. You can find a password manager at: https://it.tufts.edu/sec-pass
If you suspect your password has been stolen:
- Change passwords on all of your accounts
- If it's your Tufts account, contact the TTS 24/7 Service Desk at 617-627-3376 or firstname.lastname@example.org.
For more tips on passwords, go to:https://it.tufts.edu/sec-pass
Check out information on passwords in the SANS Newsletter.
Phishing and the Internet
Anyone can be a target for information theft through work, school, and personal accounts. Tufts (and all legitimate businesses) will NEVER ask for passwords and you should NOT reply to any email message asking for personal information.
Tips to avoid phishing and stay safe on the internet:
Protect your identity
- Be naturally suspicious of emails with links or attachments and think before you click or reply
- Enable email filters to reduce spam in your inbox
- Don’t click on links in emails; instead enter the URL
- Check the URL in the address bar to make sure it is legit and displays a padlock icon
- Be skeptical of any email that you aren't expecting
For more tips on safe email practices, go to:https://it.tufts.edu/sec-email
Stay away from dangerous downloads
- Avoid unknown or suspicious links
- Be wary of shared files on peer-to-peer networks
- Enable desktop firewalls and security tools
- Don’t share or download copyrighted files
It’s a dangerous Web out there
- Don’t reveal too much about yourself, including on Twitter or your Facebook page
- Be skeptical of offers on the Web or in email that sound too good to be true
Respect copyright laws related to music, movies, TV shows, and printed materials.
Important information about downloading and file sharing:
- Be careful of what you store in your shared folders. You could be breaking the law!
- File sharing can expose you to malware and unwittingly share your personal files.
- Do not download files unless you paid for them
- Even if you have paid for files, you are not authorized to share them with others
- If you do share files for which you do not own the copyright, you could be subject to legal sanctions from external entities as well as within Tufts based on the code of conduct, up to and including dismissal from the University
Know the facts!
- Read the Tufts policy
- Educate yourself about copyright infringement
For more info on copyright and file sharing, go to: it.tufts.edu/dmca
Antivirus software that is kept up-to-date is critical for a safe and secure network
Tips to protect your computer from malware:
- Keep your operating system and all software updated
- Install antivirus software and keep it updated
- Obtain software from reputable sources
For more info on antivirus applications, go to: https://it-8-dev.tufts.edu/antivirus-applications
2017 Cyber Security Awareness
Below is what was done for 2017!
For 2017, there are a number of contests and events going on at Tufts to help the community become more #CyberAware.
- Enter the Cyber Security Awareness Online Scavenger Hunt!
- Enter the Annual Password Cracking Competition
- Thursday, October 5th, 4:30 - 5:45 PM in Barnum / Dana Hall 104: Ashley Hedberg, Software Engineer at Google (Tufts Class of 2015). She will be giving a talk on her cyber security work(s) at Google.
- Friday, October 13th, 5 p.m. - Saturday, October 14th, 3 p.m. | Tufts Polyhack | 574 Boston Ave (CLIC). Register: https://roam1.typeform.com/to/Ke9bGC
- Tuesday, October 24th, 4:30 - 5:45 PM in Barnum / Dana Hall 104: Steve Christey Coley, Principal Information Security Engineer at MITRE. He will be giving a talk on CVE, CWE, vulnerabilities, and medical device security.
- Tuesday, October 31st, 4:30 - 5:45 PM in Barnum / Dana Hall 104: Lindsay Kaye, Lead Software Systems Engineer at MITRE. She will be giving a talk on reverse engineering.
- Thursday, November 2nd, 4:30 - 5:45 PM in Barnum / Dana Hall 104: Bill Langenberg, Technical Manager at Software Engineering at TripAdvisor (Tufts Class of 2001). He will be giving a talk on credential-probing attacks.
- Thursday, November 9th, 4:30 - 5:45 PM in Barnum / Dana Hall 104: Christine Cunningham and Doug Stetson (Tufts alumnus) from MIT Lincoln Laboratory will be giving a talk on static and dynamic analysis.
Themes for October 2017
There are four main themes for October 2017.
- Securing your devices
- Using Two Factor Authentication (2FA)
- Tips for Success in Staying Safe Online (INFOGRAPHIC: The basic steps to online safety and security)
- Don't Get Tricked - phishing and more