What have you done with technology in the last 24-48 hours? I going to assume that you did many, many things including: used your email, looked up sports scores or news, sent a text (or hundreds), purchased a book on Amazon, sent or viewed tweets, updated your wall, and reviewed your calendar to plan a trip to view the foliage. And I can also assume that you did some work with your devices and networked technology as well.

Read the rest of this entry »

Sometimes “gotcha’s” are annoying or embarrassing, like Uncle Frank’s practical jokes on April 1st. Other times, however, they can be disruptive or worse, such as accepting an offer of a free iPad because you were lucky enough to be randomly selected from all Gmail users … Read the rest of this entry »

Patrick Laverty is a longtime member of CIS’s WebServices Team and the “Go-To Guy” for web application security. He is founder of the Rhode Island chapter of OWASP (Open Web Application Security Project), coordinating monthly meetings, which feature guest speakers (such as PaulDotCom’s and former CIS employee Paul Asadoorian) and provide an opportunity for like-minded folk to network.

Read the rest of this entry »

Smartphones and tablets now let us put the power of a computer in a pocket, purse or small bag, meaning it is often at hand and on duty 24×7.  Add to the mix that these mobile devices tend to carry more personal information than your desk/laptop did, many are unprotected, and the instances of mobile malware have risen 185% in less than a year [ 1 ].  The result? You’re at an ever increasing risk when using your mobile device. So, how best to defend yourself?

Read the rest of this entry »

Starting in October, Brown Google (GAE) users will be able to add an extra layer of security to their account when accessing it via their mobile phones by using Google’s 2-Step Authentication feature.

Read the rest of this entry »

The increased use of the cloud for storage, sharing and synchronization has led to many questions to the Information Security group about the use of Dropbox as a secure solution. With this in mind, this June ISG published a position paper on the use of Dropbox here at Brown.

Readers should note that this position paper refers to the public Dropbox and not the Brown solution, dropbox.brown.edu/.

If you are new to Brown or missed ISG’s announcements earlier this year, CIS offers two security-related products you should investigate and see if either is right for you.

Identity Finder (IDF) software lets you scan your computer to see what personally identifiable information (PII) may be stored on it and take appropriate measures to either secure or remove it.

Read the rest of this entry »

We know that as a member of the Brown community you are generally very security-conscious, especially when it comes to protecting Brown and/or your own personal information. You are aware of how important passwords are to safeguarding that information. So you do your best to protect passwords, don’t share them, and change one if there is reason to believe it has been compromised.

Read the rest of this entry »

ISG is now posting tips, news and alerts on Twitter. Follow us at twitter.com/ISGatBrown. You can also follow David Sherry at twitter.com/CISOatBrownU.

You are encouraged to start following us during the month of October. New followers of ISGatBrown will be entered in the GO CyBear SMART drawing (October 31) for an iPad and other great prizes. Details at www.brown.edu/go/CyBearSMART.

“The sooner you identify you have been compromised and the faster you respond, the more you can minimize the harm.”

Chad Tilbury is the guest editor for this issue (OUCH! security awareness newsletter).  He has extensive experience investigating computer crimes and is a co-author of the FOR408 Windows Forensics and FOR508 Advanced Forensics and Incident Response classes at the SANS Institute.  You can find him on Twitter as @chadtilbury, or on his blog, forensicmethods.com.

Read the rest of this entry »