SUNYNP Student Computer Help Desk News RSS

Safeguarding Your Personal Data Safeguarding Your Personal Data

Computers and the Internet have become an important part of our daily life, enabling a wide range of services to home users such as communicating with friends and family, shopping, paying bills, and storing personal photos and music. This convenience and inter-connectivity does not come without risk. Potential threats include viruses that could erase your entire system and hackers stealing your credit card information.

By understanding the risks and combining some common sense rules with a little bit of technology, home users can safeguard their data from these threats. The following tips will help protect your data.

Back Up Your Data

Your hard drive may crash or you may find that an infection has affected your computer and the operating system and applications need to be reinstalled. In cases like this it is best to have your important data backed up so you can restore your system. Below are some important steps you can follow:

  • Use your computer's backup tools. Most operating systems provide backup software designed to make the process easier. External hard drives and online backup services are two popular vehicles for backing up files.
  • Back up data at regular intervals. Weekly backups are recommended.
  • Verify the data has been backed up. Backup media needs to be reviewed periodically to determine if all of the data has been backed up accurately.
  • Verify the ability to restore. It is a best practice to periodically test that your backup data can be restored if loss occurs.

Use Strong Passwords

Passwords help protect your data. It is important to have a strong password for your computer, mobile device, and any other media used to store important and/or sensitive data. A strong password is at least eight characters and uses a mix of upper case, lower case, and numeric or special characters. Each device should have its own strong password so that if one is compromised your others will stay secure.

Be Safe Online

Below are a few helpful tips on how to keep safe on the Internet:

  • Keep your operating system updated/patched. Set it to "auto update."
  • Use anti-virus and anti-spyware software and keep them updated.
  • Do not visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Secure your transactions. Look for the "lock" icon on the browser's status bar and be sure "https" appears in the website's address bar before making an online purchase. The "s" stands for "secure" and indicates that the communication with the webpage is encrypted.
  • Keep your applications (programs) updated and patched, particularly if they work with your browser to run multi-media programs used for viewing videos. Set these programs to "auto update."
  • Block pop-up windows, some of which may be malicious and hide attacks. This may prevent malicious software from being downloaded to your computer.

Encryption

Encryption is a process whereby data is scrambled and can only be read by someone with the "encryption key" to unscramble the data. Users should consider encrypting sensitive information. Some new operating systems include tools to encrypt data while others require the installation of encryption software.

Dispose of Information Properly

It is important to properly handle data erasure and disposal of electronic media (e.g. PCs, CDs, thumb drives) in order to protect confidential and sensitive data from accidental disclosure. Become familiar with the proper methods of sanitizing, destroying, or disposing of media containing sensitive information.

Before discarding your computer or portable storage devices, you need to be sure that data has been erased or "wiped." Below are a few tips to assist you:

  • Read/writable media (including your hard drive) should be "wiped" using Department of Defense (DOD) compliant software. Software that meets DOD compliance standards can be downloaded from the Internet at no cost.
  • Shred CDs and DVDs. This type of media should be physically destroyed.
  • Media that does not have a need to be re-used or contains sensitive or private data that cannot be "wiped" should be physically destroyed.

Resources For More Information:


More information: http://www.dhses.ny.gov/ocs/awareness-training-events/news/2011-03.cfm
2011-04-23 17:05

Vulnerability in Adobe Reader and Adobe Acrobat Could Allow For Remote Code Execution Vulnerability in Adobe Reader and Adobe Acrobat Could Allow For Remote Code Execution

OVERVIEW:

A vulnerability has been discovered in the Adobe Acrobat and Adobe Reader applications which could allow attackers to execute arbitrary code on the affected systems. Adobe Reader allows users to view Portable Document Format (PDF) files while Adobe Acrobat offers users additional features such as the ability to create PDF files. This vulnerability may be exploited if a user visits or is redirected to a specially crafted web page or when a user opens a specially crafted PDF file. Successful exploitation could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploit attempts will likely cause denial-of-service conditions.

This update also fixes the vulnerability identified in OCS advisory 2011-017.

SYSTEMS AFFECTED:

  • Adobe Reader X (10.0.1) and earlier versions for Windows
  • Adobe Reader X (10.0.2) and earlier versions for Macintosh
  • Adobe Acrobat X (10.0.2) and earlier versions for Windows and Macintosh

RISK:
Government:

  • Large and medium government entities: High
  • Small government entities: High

Businesses:

  • Large and medium business entities: High
  • Small business entities: High

Home users: High

DESCRIPTION:
Adobe Reader and Adobe Acrobat are prone to a remote code execution vulnerability when handling specially crafted PDF files. This vulnerability exists due to an unspecified memory corruption issue in 'cooltype.dll' when handling PDF files. The vulnerability may be exploited if a user visits or is redirected to a specially crafted web page which contains a specially crafted PDF file or when a user opens a specially crafted PDF file sent as an e-mail attachment.

Successful exploitation could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploit attempts will likely cause denial-of-service conditions.

This update also fixes the vulnerability identified in OCS advisory 2011-017.

RECOMMENDATIONS:
We recommend the following actions be taken:

  • Install the patch/update from Adobe immediately after appropriate testing.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to visit untrusted websites or follow links provided by unknown or untrusted sources.
  • Do not open e-mail attachments from unknown or untrusted sources.

More information: http://www.dhses.ny.gov/ocs/advisories/2011/2011-031.cfm
2011-04-23 17:03

Student Access to Courses Student Access to Courses

Sometime late Monday, February 15th, students who have not accepted their charges and made payment or payment arrangements will be denied access to their Spring 2010 course sites on Blackboard.

If you are a student and you have outstanding issues with student accounts contact them:

2010-02-16 20:31

Show archived news.

There are 135 FAQs online