Articles by author: sdibartolo

  • Brock ITS cybersecurity improvements coming Nov. 13

    Cybersecurity attacks are increasing at an alarming rate at higher education institutions, and Brock University is no exception.

    In an effort to mitigate these attacks, Brock Information Technology Services (ITS) is implementing three new security initiatives. Beginning Wednesday, Nov. 13, faculty, staff and students can expect changes to the way they login to the Brock portal (my.brocku.ca), how they change and reset campus ID passwords, and the complexity requirements for passwords.

    The most noticeable change will be a new login page for my.brocku.ca. To access the portal, users will be redirected to the familiar-looking Office 365 login page. Hyperlinks that existed on the portal, such as how students, applicants and employees activate accounts or access tutorials and resources, will be transferred to a new page accessible from the new login page.

    Also moving to Office 365 will be the locations to change campus passwords and access to the self-service password reset function. Instead of going to my.brocku.ca to change a password, faculty, staff and students will login to Office 365 and then select their photo or initials at the top right of the page. They then select my accountsecurity and privacy and then password. People who have Brock accounts but are not faculty, staff or students — such as Board of Trustees members, vendors and visiting scholars and visiting students — will continue to change their passwords in my.brocku.ca

    The self-service password reset process will be moved from my.brocku.ca to passwordreset.microsoftonline.com

    In the past, self-service password reset has been mandatory for students, but only voluntary for faculty and staff. Going forward, anyone with a Brock campus login will now be required to set up preferences for self-service password reset. The next time a user logs in to Office 365 after Nov. 13, they will be prompted to supply a phone number, an alternate email address or personal security questions that will be used to prove their identity. When a password is reset, users may experience a 10-minute delay for some services.

    The final changes taking place will involve the passwords themselves. Users will not be able to use certain words to create their passwords, and the length of passwords will change from eight to 10 characters.

    “The more characters the password contains, the more difficult it is for hackers to guess,” said Andy Morgan, Director, Client Services.

    Examples of words on the prohibited passwords list include abcdefg, badger, brock, iloveyou, letmein, password, whatever, qwerty and surgite. Former passwords, as well as iterations of prohibited words, will not be accepted. Examples Br0ck!, What3v3r and p@$$w0rd.

    Users are not required to change their passwords on Nov.13; they can wait until their password expires.

    For more information about these changes and to consult job aids, visit brocku.ca/its

    Categories: ITS News and Events, Upcoming Changes

  • Phishing Attempt Subject: Account Problem

    The email below is an example of a phishing attempt that was received by users on campus. If you’ve received this email, do not click on any of the contained links and delete it from your inbox.

    If you identify an email you think is a phishing attack, or you are concerned you may have fallen victim, contact the Help Desk at x4357 or email us at itsecurity@brocku.ca.

     

    Phishing Email:

    Yоu mау nоt know me and уоu аrе prоbablу wоndering why you arе gеtting this е mаil, right?
    I’m а haсkеr whо cracked your dеvices a fеw mоnths аgо.
    I sеnt you аn emаil frоm YOUR haсkеd аcсount.
    I setup a mаlwаre оn the аdult vids (pornо) web-sitе and guess whаt, you visited this site to hаve fun (yоu know what I mean).
    While уоu were wаtching vidеоs, уоur internet brоwser stаrtеd оut functioning аs а RDP (Rеmote Control) having a kеуloggеr which gаve me аccеssibility to yоur scrееn аnd web cam.
    aftеr thаt, mу softwаre prоgrаm оbtainеd аll оf your соntасts and files.

    Yоu еntеred а passwоrds on thе wеbsites yоu visited, and I intеrсеpted it.

    Of cоurse уou сan will change it, оr alrеadу сhаnged it.
    But it doesn’t matter, mу malwarе updatеd it everу timе.

    What did I do?
    I crеаtеd а double-sсrееn video. 1st part shоws the vidеo уou werе watching (yоu’vе got a gооd taste hahа . . .), аnd 2nd part shоws the recоrding оf yоur wеb саm.
    Dо nоt try to find аnd dеstroу my virus! (All yоur dаta is аlready uploаdеd tо a rеmоtе sеrvеr)
    – Do not try tо сontаct with me
    – Vаrious sесurity sеrviсеs will not help уоu; formаtting а disk or dеstrоуing а dеvicе will nоt hеlp еithеr, sinсе yоur dаta is аlreadу on а remоte server.

    I guаrаnteе yоu that I will not disturb you аgаin after paуment, as you аre nоt mу single viсtim. This is a hасkеr codе of honor.

    Don’t be mad at mе, evеrуone has their оwn work.
    eхaсtly whаt shоuld уou do?

    Well, in my opinion, $695 (USD) is a fаir price for our littlе secrеt. Yоu’ll mаke the payment bу Bitсоin (if уоu do not know this, sеаrсh “hоw to buу bitcoin” in Gоoglе).

    Mу Bitсоin wallеt Addrеss:

    1FVz43GH5s4Ja7SNHxRbCXz6KLXG1ggFh3

    (It is сAsE sеnsitivе, sо copy аnd pаstе it)

    Impоrtаnt:
    You hаvе 48 hour in order to makе thе pауmеnt. (I’ve а fасebook pixel in this mail, аnd at this moment I knоw thаt уоu hаve reаd through this еmаil messаgе).
    Tо traсk the reading оf а messаge аnd the аctiоns in it, I use the fаcebook pixеl.
    Thanks to thеm. (Everything that is used for thе аuthorities сan hеlp us.)
    If I dо nоt gеt the BitCoins, I will сertаinlу sеnd out yоur vidео recording to all of уоur cоntaсts including relаtives, cоworkers, and sо on. Hаving sаid thаt, if I receive thе pауment, I’ll dеstroу thе vidеo immidiаtеlу.
    If you nееd еvidеnce, rеplу with “Yеs!” and I will сertаinly sеnd оut your vidеo reсоrding tо your 6 сontаcts. It is а non-negotiablе offеr, that bеing sаid dоn’t waste my personаl time and уours bу responding tо this mеssage.

    Tags:
    Categories: Cyber Security

  • Brock Campus ID and password not to be shared

    A Brock University Campus ID and password is for the exclusive use of the account owner and must not be shared under any circumstances.

    The following is an excerpt from the End User Logical Access Standards found at “https://brocku.ca/policies/wp-content/uploads/sites/94/End-User-Logical-Access-Standards.pdf

    “A user account, which allows a user to access Brock IT systems and data, is provided to an individual for their exclusive use. A user is prohibited from sharing their account(s) and / or password(s) with others. An authorized user is at all times responsible and accountable for the use of their account.”

    Tags:
    Categories: ITS News and Events