Computer Security Information
Heartbleed Security Bug
What is Heartbleed?
"Heartbleed" as it has been nicknamed, is a flaw within the encryption platform OpenSSL, which helps to ensure secure web communications on a significant number of websites on the Internet, some Prescott College sites included. For more information on Heartbleed, please visit www.heartbleed.com
What steps have been taken?
Soon after the bug was brought to light, the Prescott College IT Services department began working hard to ensure that our systems are up-to-date. Please stay attuned to E-mail announcements regarding necessary actions, if any, on your part. Please be sure that requests to change passwords should only be adhered to when they originate from official Prescott College sources.
What can I do?
Please remember that this bug has not only affected Prescott College, but a large number of secure web pages on the Internet (a majority of Web-based applications). As your providers inform you that their systems are updated, please take the time to reset your passwords, both professional as well as personal. The key is to only reset your passwords once those systems are verified as secure.
What is CryptoLocker (also known as "ransomware")?
CryptoLocker is malicious software that encrypts your data files (word, powerpoint, pictures, music, videos, etc.). The nefarious individuals then hold your data for ransom and try to extort money from you.
What computers are at risk?
All computers using Windows XP 2, Vista, 7, 8 and 8.1. This includes any Apple or Linux based computers running Windows in a virtual environment like Bootcamp, Parallels or VMWare.
What is encryption?
Encryption encodes your data so only you and authorized people or authorized websites can read the data. Example – When you use a banking website that has “https” in the address bar, the information you transmit to and from that website is encrypted/encoded.
Why is it dangerous?
The encryption designed to safeguard your data is used against you when CryptoLocker infects your computer. Your data files are encrypted with a unique key that only the malicious people/hackers have access to. Encryption can not be broken at this point in time without the key. When your data is encrypted and the key is lost, the data is essentially lost forever.
What steps can I take?
Frequently back-up your data
Be sure your data is backed up frequently to an external drive, network drive, and/or cloud solution. Prescott College e-mail users have free access to Google Drive, which can assist in backing up your important files.
Use caution when downloading e-mail attachments. Malicious e-mail can often appear as legitimate mail from official or familiar sources. This is called "spoofing" and is an attempt made by Malware perpetrators to “trick” you into downloading their malicious attachments. Even if you receive mail from official-seeming addresses such as "firstname.lastname@example.org", or "email@example.com", etc., tricks can be used to “fake” the sender address, making it appear official. Use caution, and don’t download attachments that you would not expect, or that seem questionable.
Use smart online behavior
The single biggest factor in preventing a malware infection on your computer is you. You don't need expert knowledge or special training. You just need vigilance to avoid downloading and installing anything you do not understand or trust, no matter how tempting, from the following sources:
- From a website: If you are unsure, leave the site and research the software you are being asked to install. If it checks out, you can always come back to site and install it. If it is not okay, you will avoided a malware headache.
- From e-mail: Do not trust anything associated with a spam e-mail. Approach e-mail from people you know with caution when the message contains links or attachments. If you are suspicious of what you are being asked to view or install, don't do it.
- From physical media: Your friends, family, and associates may unknowingly give you a disc or flash drive with an infected file on it. Don't blindly accept these files; scan them with security software. If you are still unsure, do not accept the files.
- From a pop-up window: Some pop-up windows or boxes will attempt to corner you into downloading software or accepting a free "system scan" of some type. Often these pop-ups will employ scare tactics to make you believe you need what they are offering in order to be safe. Close the pop-up without clicking anything inside it (including the X in the corner). Close the window via Windows Task Manager (press Ctrl-Alt-Delete to bring up Task Manager).
- From another piece of software: Some programs attempt to install malware as a part of their own installation process. When installing software, pay close attention to the message boxes before clicking Next, OK, or I Agree buttons. Scan the user agreement for anything that suggests malware may be a part of the installation. If you are unsure, cancel the installation, check up on the program, and run the installation again if you determine it is safe.
If compromised, act immediately
If you believe your computer has been compromised, act immediately, by doing the following:
1. Disconnect from the network and attached external drives.
2. Do a full virus scan on your system.
3. For college-owned computers, contact our helpdesk (http://helpdesk.prescott.edu). For personal computers, contact a trusted professional.