NYU Wordpress Theme

Kaspersky Lab Software Warning

Recent media stories, such as those noted below, have reported on suspected ties between Moscow-based cybersecurity company Kaspersky and Russian Intelligence, citing potential data security implications for users of Kaspersky’s products, including their popular anti-virus software.

In response to these suspicions, Rob Joyce, the nation’s cybersecurity coordinator, has issued a public warning regarding the use of software from Kaspersky Lab. In addition, both the House and Senate Armed Services Committees have approved legislation that, should it become law, would ban the U.S. military from owning or using any Kaspersky products.

While security risks claims involving Kaspersky are under assessment, we want to make sure that NYU community members who use their products are aware of the potential risks and take precautions if you are interested in doing so. NYU full- and part-time students, faculty, and staff at all NYU locations, including Shanghai and Abu Dhabi, can download antivirus software (Symantec Endpoint Protection) on Global Home’s Antivirus and Malware Protection card. For personal/private use, and other members of the NYU community, NYU’s Office of Information Security recommends Malwarebytes.

We will update this information as new developments become available, and will be in touch if any critical threats require your attention.

I am personally available for questions, comments or concerns at 212-998-1373, or cto@nyu.edu. For questions regarding any technical issues, you can also contact the NYU IT Service Desk 24/7.

Resources:

Rich Mikelinich MS, CISA, CISSP, CCSK
Chief Technology Officer
NYU – Information Technology
726 Broadway, Room 248
New York, NY 10003

Office: 212-998-1373
Mobile: 203-623-4732
Email: cto@nyu.edu
Skype: projectized

Safely Installing Flash Updates

Browser pop-ups alerting you that you need to update Adobe Flash have become common and are an unreliable way to update Flash. Updating via browser pop-ups is not recommended as you will likely install adware in the process. The tell-tale signs of adware installation are changes to your home or search page. If you receive a browser pop-up with an Adobe Flash update, it is recommended that you close the browser tab or the browser.

Installing Adobe Flash Updates on a Windows Machine

Please note that Adobe Flash updates on Windows machines, starting with Windows 8, are handled through the operating system as Windows updates.

Installing Adobe Flash Updates on a Mac OS

Go to:

Screenshot showing the "System Preferences" option on the Apple menu.

Click Adobe Flash Player (located at the bottom left of the “System Preferences” window):

Screenshot showing "Flash Player" displaying in the Apple, System Preferences menu as described.

Next, click the Updates tab.

Screenshot showing the "Updates" tab which is available upon clicking "Flash Player" on the Apple,System Preferences menu. Options on the Updates tab include "Allow Adobe to install updates" or "Notify me to Install Updates" or "Never check for updates". It is recommended that users select either of the the first two options. The dialog also displays plug-in options which are detailed in the following paragraph.

Please note that the NPAPI plug-in is for Safari and the PPAPI plug-in is for Chrome.  It’s okay not to have both installed, but check via the Check Now button for updates on what is installed.

If no updates are available, you will receive the following message:

If an update is available, click Yes, and follow the prompts to download and install, which involve double-clicking and following the prompts from your browser downloads.

For more information, please see:

  • https://forums.adobe.com/thread/2179308
  • https://www.macobserver.com/tips/quick-tip/macos-installing-flash-updates-safe-way/

Safe Social Networking

Have you considered who may be using the social media sites you frequent or looking more generally for information about you online?  The sites you visit and information posted may be frequented by:

  • Prospective Employers & Recruiters – use social media and search engines to investigate applicants. When posting, think about how what you’re posting may reflect on you. If you’d like to check your social footprint, try “Googling” yourself.
  • Identity Thieves – seek to harvest personal information, such as, phone numbers, dates of birth, addresses and other identifying information. Protect yourself and be mindful of the personal details you disclose about yourself and others.
  • Online Predators – these types of criminals may be looking for information respecting your schedule and whereabouts. Whether it’s a break-in or another type of planned offense, protect yourself by not making these details available online.
  • Spear Phishers – use social media to harvest information for targeted phishing attacks.  The target may be you, your employer or someone you know. These phishing messages may address you personally or appear to be from a friend, colleague or institution that you’re familiar with. The goal of these messages is to trick you into revealing confidential or sensitive information or to trick you into installing malware via a malicious attachment or link. For phishing reminders and best practices, please see the following Connect article, Phishing, Spear Phishing, and Whaling.

What you can do to protect yourself:

  • Post online with the awareness that information on the internet is public and available for all to see. Browser caching and server backups ensure that what you post online will remain available for a long time to come, – hence the maxim “what happens on the web stays on the web”.
  • Carefully review disclosure requirements for the sites you use – and don’t supply information that’s not required. Use & review privacy settings regularly. Most social networking sites allow you to restrict access to your profile. However, this setting will only protect you if only connect with people that you know. In addition, regularly review your privacy settings for all social networking sites you use as options change over time and you want to make sure that your selections are current.
  • Don’t post personal information about yourself or others online – information posted online is not private. Do not post birthdates, addresses or phone numbers.
  • Understand the role of hashtags (#) – hashtags are a popular way to provide commentary or tag pictures. Many opt to restrict access to their Instagram account so that only their friends can view the pictures they share. So, when you apply a hashtag to a private photo, no one outside of your allowed group will be able to search for it, or see it on lists of tags.

MacKeeper Warning

MacKeeper is an application marketed by a company called Zeobit, that purports to be a Mac maintenance program that will fix a lot of issues and speed up your Mac. It also claims to bundle bonus utilities, such as antivirus, anti theft . . .etc. You  may see MacKeeper advertised on various web sites or browser pop-ups. MacKeeper can apparently sometimes install without users realizing it. It can slow down your system, and has been described by some as invasive malware that can de-stabilize your operating system. Others describe it as poorly developed software, and there have been allegations of unethical marketing and false advertising claims.

For more information, including information on uninstalling MacKeeper, please see:

 

1)  https://discussions.apple.com/docs/DOC-3036

2) http://www.macworld.com/article/2861435/software-utilities/how-to-uninstall-mackeeper-from-your-mac.html

Please be reminded that If you’d like to install antivirus software on your Mac, you can find the link to download Symantec Endpoint Protection on Global Home’s Antivirus and Malware Protection card. For tips on speeding up your Mac, please see: https://www.cnet.com/how-to/five-tips-to-speed-up-your-mac/.

Questions?  Please contact the NYU IT Service Desk.