Our latest project has just been completed!

The Global Operations Support website exists to provide guidance and support to faculty and staff who will be either conducting work outside the United States or are coordinating international work domestically on behalf of the University. You will find information on travel, conducting research, business processes, international payment information and inter-institutional collaborative efforts.

The new Global Operations Support Manager is under the University Center for International Studies and works closely with associated departments and groups.

URL: www.globaloperations.pitt.edu

Global Operations Screenshot

One of the most common methods that cybercriminals use to gain sensitive information is known as ‘phishing’. Phishing occurs when you receive a message requesting personal information (social security number, email address, birthday, etc.) that appears to come from a reputable source (your bank, business, etc.). Phishing attacks come in different types (spear phishing, whaling, clone phishing, etc.), but the general premise remains the same.

While most phishers are primarily looking to steal your personal information, phishing is also a method used by hackers to install malware onto your computer.

Phishing attacks have become very sophisticated, but they are still vulnerable to a watchful eye and a little common sense. Since your personal data and security are at stake, it is extremely important to know how to identify phishing, and to know what steps to take if you think you are the target of a phishing attack.

How to Identify a Phishing Attack

Inconsistent Email Address

Here’s a typical example of what a phishing email might look like. Take a close look at the sender’s information and email address. In the above example, note that the sender is S-tandard Bank. Also, the email domain “alert-std.co.za” does not match the format at the bottom of the message, “standardbank.co.za.”

phishing1

False Sense of Urgency

Note that the email from “Amazon,” states “***DON’T WAIT! The Link Above Expires on 12/28!” Scammers try to create a false sense of urgency to get you to react quickly and emotionally. Always take a couple extra seconds to really examine what you are reading before clicking any links.

Note again how the email address does not end in “amazon.com.”

phishing2

Questionable Information Requests

Phishing attacks will frequently ask for information that they either don’t need or should already have. As a rule, reputable businesses will never ask for your account name, account number, password, Social Security number, etc. There was a recent phishing scam that appeared to come from the IRS, asking for account information from the victim’s financial institutions. If there’s anyone that doesn’t send emails like this, it’s the IRS.

If You Suspect Phishing

There are a number of steps that you can take if you suspect that a message you have received is a phishing attack.

  1. Verify the identity of the sender. For example, if you receive an email that looks like it’s from PNC Bank, call or email their customer support team to confirm. It’s important not to reply to the email itself, as any links in the message will not point back to a legitimate business entity. If it looks like a friend or coworker sent the message, follow up with them in a separate email (again, do not reply to the original message).
  2. Change any relevant passwords. Changing your password is almost never a bad idea, and having unique passwords for each site/service that you use is a best practice.
  3. Go back to the official source. Try to always directly type the web address of the site you want to access in your browser, instead of clicking on links from emails or social media networks. As mentioned, avoid links in the original message, as they will most likely redirect to a fraudulent site.
  4. Trust your instincts and err on the side of caution. If an email or website doesn’t look or “feel” right, there’s probably a reason.

If you think that your work email has been targeted by a phishing attack, please contact FIS via our Support Portal, or call us at 4-FIS1. If your personal email address has been targeted, please report it to any of the following agencies:

For More Information

For additional background and tips, check out the articles in the FIS Knowledge Base, or read any of the following:

The FBI and Apple are currently locked in a legal battle surrounding the iPhone left behind by one of the San Bernardino mass shooting suspects, Syed Farook. Stay informed with FIS on the timeline, details, and stakes in the world of cybersecurity in this pivotal case.


Browse the Article

Introduction
What Is a Backdoor?
What is the All Writs Act of 1789?
Who Else Has Weighed in on the Issue?
What Might This Mean for Smartphone Users?
Update: iPhone Unlocked without Assistance from Apple


Introduction

The case from which the below letters stem, the San Bernardino shooting in December of 2015, has led Apple and the FBI into an intense legal battle concerning the FBI’s demand that Apple build a “backdoor” into Syed Farook’s iPhone, which was upheld by a federal judge. The phone, according to the FBI, could contain information related to the San Bernardino attack and Farook’s wife, Tafsheen Malik’s pledge to ISIS on Facebook.

On February 16th, Apple CEO Tim Cook posted the following letter on the Apple website stating,

“The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand. This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake. … While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.”

Click on the letter below to read more.

On February 21st, FBI Director James Comey posted the following letter on The Lawfare Blog, a blog dedicated to “…that nebulous zone in which actions taken or contemplated to protect the nation interact with the nation’s laws and legal institutions.” The Lawfare Blog is published by the Lawfare Instritue in cooperation with the Brookings Institute.

James Comey writes,

We simply want the chance, with a search warrant, to try to guess the terrorist’s passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That’s it. We don’t want to break anyone’s encryption or set a master key loose on the land.”

Click on the letter below to read more.

 


What Is a Backdoor?

Kim Zetter at Wired penned the article Hacker Lexicon: What Is a Backdoor? in December 2014. The quote that follows is a summary of the article that was posted within it:

TL;DR:

A backdoor in software or a computer system is generally an undocumented portal that allows an administrator to enter the system to troubleshoot or do upkeep. But it also refers to a secret portal that hackers and intelligence agencies use to gain illicit access.

In the case of the iPhone, the FBI is requesting that Apple build software that disables the feature that wipes all data from the iPhone after too many incorrect password attempts. In this case, the backdoor that the FBI is requesting falls under the latter half of Zetter’s definition: “A secret portal that hackers and intelligence agencies use to gain illicit access.”

Apple is arguing that in making such a backdoor would compromise the security of all of Apple’s devices, if not more. Tim Cook, Apple CEO states:

The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

Conversely, James Comey, Director of the FBI, states:

We simply want the chance, with a search warrant, to try to guess the terrorist’s passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That’s it. We don’t want to break anyone’s encryption or set a master key loose on the land.

Thus, one could summarize the FBI vs. Apple legal battle as such: Apple feels the FBI’s request compromises their commitment to encryption and could create a gap in security wide enough to be applicable across devices and accessible to hackers with malicious intent, compromising the personal data (such as photos, financial data, and passwords) of their customers. The FBI states that their intention is to enter one phone, Syed Farook’s, with the hopes of reaching a conclusion regarding the presence of information on the phone that could shed light on the attack and potentially lead to more terrorists, and specifically, members of the group ISIS.


What is the All Writs Act of 1789?

The All Writs Acts of 1789, which was invoked by the federal judge upholding the FBI’s request that Apple build a backdoor into the iPhone, is summarized according to Laura Sydell of NPR thusly:

That law, the All Writs Act, is all of two sentences in length. It gives judges the authority to issue any order necessary — within the law — to further litigation before the court. The relative clause says:

“The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”

A “writ” is defined by Merriam-Webster as “an order or mandatory process in writing issued in the name of the sovereign or of a court or judicial officer commanding the person to whom it is directed to perform or refrain from performing an act specified therein .” Its origin is Middle English, from Old English, with its first known use dating to before the 12th century.

The All Writs Act has been previously used in legal cases involving phones in 1977, in a case involving the FBI and the New York Telephone Company. In this case, the Supreme Court ruled in favor of the FBI, requiring the New York Telephone Company to install a “pen register,” a device that records calls to and from specific phone numbers, in this case, two numbers that were suspected in an illegal gambling case.


Who Else Has Weighed in on The Issue?

Bill Gates

In an interview with Financial Times, Bill Gates, founder of Microsoft, has stated,

“This is a specific case where the government is asking for access to information. They’re not asking for some general thing, they’re asking for a particular case…Apple has access to the information, they’re just refusing to provide the access, and the courts will tell them whether to provide the access or not.”

However, in a later interview with Bloomberg, Gates stated that he was “disappointed” with headline that stated he sided with the FBI in the case but that he does “…believe that with the right safeguards there are cases where the government, on our behalf — like stopping terrorism, which could get worse in the future — that that is valuable” and that “These issues will be decided in Congress.”

Microsoft

Microsoft as a company began their involvement in the FBI vs. Apple legal battle by offering only mild support to Apple, stating on February 18th:

Reform Government Surveillance companies believe it is extremely important to deter terrorists and criminals and to help law enforcement by processing legal orders for information in order to keep us all safe. But technology companies should not be required to build backdoors to the technologies that keep their users’ information secure. RGS companies remain committed to providing law enforcement with the help it needs while protecting the security of their customers and their customers’ information.”

As of February 25th, however, according to Chris Welch at The Verge:

Microsoft president and chief legal officer Brad Smith has announced, “We at Microsoft support Apple and will be filing an amicus brief next week.” An amicus brief is a “friend of the court” filing that allows parties not directly involved in the case to weigh in.

Mark Zuckerberg and Facebook

Facebook CEO Mark Zuckerberg issued this formal statement regarding the FBI and Apple’s current case:

“We condemn terrorism and have total solidarity with victims of terror. Those who seek to praise, promote, or plan terrorist acts have no place on our services. We also appreciate the difficult and essential work of law enforcement to keep people safe. When we receive lawful requests from these authorities we comply. However, we will continue to fight aggressively against requirements for companies to weaken the security of their systems. These demands would create a chilling precedent and obstruct companies’ efforts to secure their products.”

Edward Snowden

Former NSA contractor and current director at Freedom of the Press tweeted:

Google CEO Sundar Pichai and Twitter CEO Jack Dorsey


What Might This Mean for Smartphone Users?

Some parties, such as Edward Snowden, given his statement above and others on Twitter, suggest that the real goal of the FBI is to expand surveillance on phones and online correspondence, using the rhetoric of stopping terrorism and terrorists to achieve this goal.

Additionally, the use of the All Writs Acts is under scrutiny for its age, with opponents questioning whether a law in created in 1789 can apply to the iPhone and cybersecurity. Pundits also suggest that if the FBI succeeds in requiring Apple to construct the backdoor at the federal or Supreme Court level, then other world powers’ governments could do the same, at the advantage or expense of citizens.

Finally, while it can be argued that common people do not have much control in the actual legal proceedings between the FBI and Apple, it can be argued that Apple stands to lose thousands of customers if the FBI succeeds in their case against Apple. In a democratic system such as the United States, the people do have some level of social power in the form of free speech and the rights to assemble and support or protest either Apple or the FBI. It is important to consider government dialogue as well as multinational business goals when considering whether or not to support a specific side of the argument: Apple and their supporters or the FBI and their supporters. At the same, it’s important to stay mindful of your rights and responsibilities as a consumer and citizen of the American political and technological worlds.


Update: iPhone Unlocked without Assistance from Apple

In a statement from the Justice Department on Monday, March 28th, the FBI has dropped their case against Apple seeking to unlock the final remaining iPhone in the San Bernardino mass-shooting. The decision to drop the case seems to be linked with U.S. law enforcement’s claim that the iPhone has been unlocked without assistance from Apple, but with help from an undisclosed company outside of the FBI.

If the iPhone has been unlocked, some are now worried about the overall security of the iPhone and are interested in learning the process used to unlock the iPhone in question. Apple’s lawyers have expressed public interest in this information with the intent of strengthening the overall security of the iPhone. However, the government could choose to classify the information, barring Apple and others from accessing it.

No information regarding the contents of the iPhone has been released. Meanwhile, the possibility of not finding relevant information is still a potential.

Both Apple and the FBI have stated that they will continue working towards their goals, Apple regarding securing users’ data from interpersonal and governmental attacks, and the FBI regarding their ability to “obtain crucial digital information to protect national security and public safety” with or without “cooperation from relevant parties.”

Source: U.S. Says It Has Unlocked iPhone Without Apple

Welcome to the TIL (Today I Learned) blog series about social and tech industry trends that affect your everyday life. Today, we delve into a few of the many social media platforms!


Currently, most websites have a social aspect to them. Yelp reviewers are connected to each other through shared locations and the comments section of a website that posts articles about news or culture connects users by facilitating conversation. Overall, it is important to remember that while each social media platform has a function it excels at, there are diverse ways to use a social media account on any platform to achieve social or business goals. Additionally, it is important to remember to be considerate of not only your privacy and security concerns, but also those of people your interact with and post about on social media. For example, consistently posting about your and others’ locations through restaurants you visit or places you frequent could create a portrait of your whereabouts that others could exploit. Do not be afraid to talk to your friends about how they feel about being tagged in posts, photos, and locations, as social media should and can enrich social life both online and offline.

Four years ago, Douglas Wray of The Franklin Institute posted this photo on Instagram using donuts to explain social media:

On February 3rd, 2016, he posted:

It’s been four years since this Instagram changed my life. It’s funny to think both how much as changed in the social media landscape and also how much of this is still true today. #SocialMedia #SocialMediaExplained #Donuts #FourYears #Facebook

In the past four years, social media has become an integral part of daily life. Platforms such as Snapchat, Tumblr, Vine, and WhatsApp have dramatically changed the social media landscape and become household names. In this post, we will profile the major social media platforms and their uses, with examples from The University of Pittsburgh’s own social media presence. A comprehensive list can be found at Social Media at Pitt.


Facebook

Perhaps the most ubiquitous social media platform, Facebook most immediately connects its users to their real-life social network. Users can also join “groups,” such as private groups for coworkers, public groups for sports fans, and secret groups for friends. Event details can also be posted on Facebook, allowing hosts to keep track of potential attendance and contact those invited. Facebook additionally has options for businesses and professional and public personalities. “Sharing” and “liking” photos, links, and quick personal thoughts and questions are the foremost methods of communication on the site. Be conscious of how your friends feel about being tagged in posts, photos, and locations and never share any personal information that could lead to the discovery of your passwords or personally sensitive data.


Twitter

While Twitter is still primarily a site for sharing thoughts in the form of 140 character “tweets” and creating discussion through the use of “hashtags,” Twitter has also become a popular site to share photos, videos, and links. Direct communication between users is facilitated tagging in a tweet, such as at “@PittTweet The weather in Oakland is beautiful today!,” or in a direct, private message between users (known as the “direct message”). Twitter “lists” can be used to keep up with your favorite writers, activists, or actors by grouping their profiles into one feed. In regards to privacy, users can have their tweets available for public or private viewing, sharing only with the users they personally select.


Instagram

Instagram allows users to utilize their smartphone’s camera feature to post photos with filters to enhance their appearance. Instagram easily facilitates cross platform posting; if enabled, Instagram posts can be shared to your Twitter, Facebook, Tumblr, and Flickr, and Swarm accounts. Instagram is perfect for managing your personal brand, sharing your creative work, and more recently, has become a site to market services and promote both online and brick and mortar shops.

Mini Cherry Cheesecakes – small enough you can have more than 1! #valentinesday #pittsweets A photo posted by Oakland Bakery and Market (@oaklandbakery) on


YouTube

While not commonly thought of as a “social media” site, YouTube is a video sharing site where content can be uploaded by users. Users can subscribe to a video creator’s channel to receive notifications when a new video is uploaded, comment on videos, give a thumbs up or thumbs down to a video, and share and embed video links. There is a vast amount of social communities on YouTube, such as makeup artists, amateur mechanics, and film and music reviewers. Be considerate of your identity when posting to YouTube via videos or comments, as your likeness and Google account will be affiliated with your contributions.


LinkedIn

LinkedIn bills itself as the “world’s largest professional network.” Users create profiles to list their skills, job experience, and qualifications. LinkedIn users can create their network through adding colleagues and connections who are also users of the site to build a more robust portrait of their professional network and gain endorsements of their skills. Most of LinkedIn’s revenue is made from selling user’s information to recruiters and sales professionals, so avoid LinkedIn if this is an issue for you.

Pitt Career Network Group


Pinterest

Pinterest is a photo sharing social media platform which allows users to create “boards,” not unlike mood boards, spanning a diverse range of topics, such as cooking, style, and gardening. Users can view public boards created by other users and create secret boards that are private from user’s views. Any image from the Internet can be posted to Pinterest, as long as it exists on a webpage. Thus, Oakland bakery could “pin” photos of their confections to a board featuring baked goods, and potentially be noticed by other users interested in baking and baked goods. As always, be considerate of those in your photos and be aware that Pinterest assumes ownership of your photos after you post them to the site.


For smartphone users, storage limits can be quickly and easily reached, especially the longer you own a specific device. To control this, consider making some of these tips, as profiled by Mashable, part of your smartphone routine.

Determine Your Storage Capacity

A helpful first step in reclaiming your smartphone’s storage space is assessing your phone’s storage and what kind of files and data are occupying the most space on your device:

iOS through iPhone:

To view where you’re using most of your storage, go to the Settings app, then choose General > Storage & iCloud Usage > Manage Storage. You’ll see how much you’ve used, how much space is available and what apps is taking up the most space. Remember, your operating system and updates will take up space as well.

After you have identified the types files and data that are occupying the most space on your device, you can begin to clear space on your smartphone.

iphonesettings1 (2)

iOS through iTunes:

Open iTunes on your personal computer and connect your device. Select your device and hover your cursor over a content type, such as Audio or Photos, to view the amount of space it takes up in relation to how much space is on your device overall. After you have identified the types files and data that are occupying the most space on your device, you can begin to clear space on your smartphone.

iOS Storage

Android through your Mobile Phone:

Go to Settings > General > Storage to have your phone calculate the amount of space used by Apps, Downloads, and Audio in relation to overall space on your device.

After you have identified the types files and data that are occupying the most space on your device, you can begin to clear space on your smartphone.

Android Storage

Time to Clean Up

Delete Old or Unused Apps: Do you still have last year’s viral game or app downloaded on your phone? Has it gone untouched for months? If so, it’s time to clean out your applications. Similarly, if you have multiple apps that have the same function, such as photo editing apps, pare them down to one to two depending on your needs.

To delete an app on iPhone, long press on an app’s icon until all your apps start to shake. Then, tap the X in the corner of any app you want to delete. If there isn’t an X, that means it’s a native app and you can’t delete it. In this mode, you can also move your apps around. To exit this mode, press the home button and your apps will stop shaking.

To delete an app on Android, go to the app drawer and long press an app’s icon and drag it to the “uninstall” message that appears after the long press. (If this app has a shortcut on the home screen, dragging it to “remove” will only remove it from the home screen instead of uninstalling it from the device. Similarly to iPhone, if the “uninstall” option does not appear, the app is native to your device and cannot be uninstalled from your phone.

Delete duplicate photos, videos, screenshots, or downloads.

Move videos, photos, and screenshots to more permanent spaces such as your personal computer or a cloud service for those with files taking up the majority of space on their device.

  • Moving your files to a personal computer or cloud service has the added benefit of effectively backing up files formerly only found on your phone.
  • iCloud, Box, Flickr, Microsoft One Drive, Google, and Amazon are cloud options that could meet this need. Consider security, ease of use and price when choosing a cloud option on which to back up your files.

Change Your Usage Habits

Consider the types files and data that occupied the most space on your device:

If music was an issue, consider switching from downloading and storing music locally on your device to using a streaming service or joining a music subscription service. Some such services include Spotify, Apple Music, Pandora, and SoundCloud.

While these apps and services can alleviate storage issues, they may not offer offline streaming of tracks and if they do, it may impact your device’s storage.

If photos and video were an issue, ensure that 4K video recording, if possible on your device, is not a default setting. 4K video files are much larger than HD and full HD video files and are unviewable unless shown on a 4K TV or computer monitor.

If you are an Android user, consider using a mircoSD card to move files from internal storage to the microSD card.

Removable memory cards allow users to expand internal storage and offload files. If your Android phone does not include a file manager to move files form internal to microSD card storage (and vice versa), Mashable recommends the free file managers ES File Manager or File Manger.

iPhone, however, is not eligible for this storage tip as they do not have microSD card slots.

We are pleased to announce that Maya Bayer accepted a position as a Web Developer in FIS Technical Services effective January 25, 2016.
Maya Bayer

Maya holds a Bachelor’s Degree in Physics from the University of Algiers. She previously worked for MetaTechnical as the Chief Web Designer and Front-end Web Developer. Maya’s responsibilities include design and maintenance of all departmental web sites in the care of FIS as well as custom graphic designs for our custom applications. She is located in B-44 Cathedral of Learning and reports to Rich Welsh.

Please join us in welcoming Maya to FIS and the Technical Services team!

A list of the Worst Passwords of 2015 was published this month by SplashData, a company specializing in password management software.

Password List

If your passwords are among the those listed or similar, it might be time to consider creating and utilizing stronger passwords. FIS has multiple Knowledge Base articles to assist with the creation of secure passwords.

Creating a Strong Password

Avoid dictionary words but consider password phrases, repeated characters, and patterns found on a typical keyboard.

Save the spouse’s, child’s, pet’s names and other personal information for security questions for two-step authentication, but choose the ones that are most unique to you and least guessable. Consider what information regarding such answers can easily be found on your social media profiles.

Be sure to include at least three of the following four character types in your passwords – even if the account in question does not require them and it is possible to include them:

  • Uppercase letters (A through Z)
  • Lowercase letters (a through z)
  • Numerals (0 through 9)
  • Non-alphabetic, special characters (!, $, #,%, and others)

Learn about Accounts & Passwords on the FIS Knowledge Base.

Frequently Asked Questions about Passwords

Browse the Password Security Articles or read through the Password FAQ if you have questions such as:

  • Why does my password expire and why do I have to change it?
  • Why does my password need to be so long?
  • Why shouldn’t I use common words for my password? They are easier for me to remember.
  • Why shouldn’t I use personal names or numbers for my password?

Password Expiration

FIS ensures that our customers change their passwords every 60 days, or approximately 2 months. This is to ensure that if a hacker obtains an encrypted password, there is a chance that it will be changed by the customer before the hacker enters the account.

Not all accounts that require a password require customers to change their passwords after a set amount of time. However, it could be a good habit to bring in the new year to change your passwords every two months or so!

Read more about University Accounts and Password Durations.

Changing Your FIS Password

Questions about changing your FIS Password? Consult the Changing Your FIS Password Article to familiarize yourself with the ways in which you can change you password:

  • The Windows Change Password Screen – a voluntary way to change your password
  • At the initial login message when your password has expired
  • Call FIS Customer Support to reset it

 

Full technical and functional assistance for all systems, hardware, and software supported by FIS will end at 5:00 PM on Wednesday, December 23, 2015 and resume at 8:00 AM on Monday, January 4, 2016.

As in prior years, only emergency technical and functional support will be available during the Winter Recess and will not include such things as development work, web updates, equipment moves and installations, loaner equipment requests, application configuration, software deployments, training, or new account creations.

To receive timely service, it is important to follow the instructions below to initiate a request for service. Please do not call, leave a voice-mail message, or e-mail a FIS staff member directly to initiate a request for service. All requests will be responded to during the hours listed below according to the levels outlined in the Service Level Agreement. When requesting service, it is important to provide a telephone number where you can be reached during the support hours.

Support Hours

Date Hours of Operation
Thursday, December 24 Closed
Friday, December 25 Closed
Monday, December 28 9:00 AM – 3:00 PM
Tuesday, December 29 9:00 AM – 3:00 PM
Wednesday, December 30 9:00 AM – 3:00 PM
Thursday, December 31 9:00 AM – 3:00 PM
Friday, January 1 Closed
Monday, January 4 Resume full operations at 8AM

 

To initiate an FIS request for service, use the following methods:

Online Phone*
During Operating Hours
Phone**
Outside Operating Hours
FIS Support Portal
Submit a ticket for all requests
FIS Emergency Support Hotline
Dial 412-624-FIS1 (3471)
FIS After Hours Critical Support Hotline
Dial (866) PITT-FIS

*Please call this hotline if the portal is unavailable or there is a critical issue that needs attention immediately.
**Please call this hotline outside of operating hours for issues that severely impact immediate productivity.

To initiate a PRISM request, use the following methods:

Online Phone
Submit a Help Ticket Dial 412-624-HELP (4357)

 

Happy Holidays from FIS!

 

Our latest project has just been completed! PR Website 2

The Policy Review Committee for Patents, Copyright and Conflict of Interest is charged with reviewing and rewriting the University’s policies on patents, copyright, and conflict of interest to be aligned and supportive of improving the ability of our faculty to work productively with external partners and effectively translate research and scholarship in ways that will support the University’s shared goal of enhancing the beneficial impact of our work on society. The committee is committed to actively engaging the Pitt community in the policy review process and encourages continual feedback and suggestions.

This website functions as a portal for faculty, staff, and students to learn information about these policies, to stay up-to-date with the activities and progress of the committee, and to provide input into these policy changes.

URL: www.policyreview.pitt.edu

 Brought to you by SecuringTheHuman.org, FIS’ Security Awareness Training partner.

Anti-Virus

A security program that can run on a computer or mobile device and protects you by identifying and stopping the spread of malware on your system. Anti-virus cannot detect all malware, so even if it is active, your system might still get infected. Anti-virus can also be used at the organizational level. For example, email servers may have anti-virus integrated with it to scan incoming or outgoing email. Sometimes anti-virus tools are called ‘anti-malware’, because these products are designed to defend against various types of malicious software.

Drive-by Download

These attacks exploit vulnerabilities in your browser or its plugins and helper applications when you simply surf to an attacker-controlled website. Some computer attackers set up their own evil websites that are designed to automatically attack and exploit anyone that visits the website. Other attackers compromise trusted websites such as ecommerce sites and deploy their exploit software there. Often these attacks occur without the victims realizing that they are under attack.

Exploit

Code that is designed to take advantage of a vulnerability. An exploit is designed to give an attacker the ability to execute additional malicious programs on the compromised system or to provide unauthorized access to affected data or applications.

Firewall

A security program that filters inbound and outbound network connections. In some ways you can think of firewalls as a virtual traffic cop, determining which traffic can go through the firewall. Almost all computers today come with firewall software installed. In addition, firewalls can be implemented as network devices to filter traffic that traverses through them.

Malware – Virus, Worm, Trojan, Spyware

Malware stands for ‘malicious software’. It is any type of code or program cyber attackers use to perform malicious actions. Traditionally there have been different types of malware based on their capabilities and means of propagation, as we have listed below. However these technical distinctions are no longer relevant as modern malware combines the characteristics from each of these in a single program.

  • Virus: A type of malware that spreads by infecting other files, rather than existing in a standalone manner. Viruses often, though not always, spread through human interaction, such as opening an infected file or application.
  • Worm: A type of malware that can propagate automatically, typically without requiring any human interaction for it to spread. Worms often spread across networks, though they can also infect systems through other means, such as USB keys. An example of a worm is Conficker, which infected millions of computer systems starting in 2008 and is still active today.
  • Trojan: A shortened form of “Trojan Horse”, this type of malware appears to have a legitimate or at least benign use, but masks a hidden sinister function. For example, you may download and install a free screensaver which actually works well as a screensaver. But that software could also be malicious, it will infect your computer once you install it.
  • Spyware: A type of malware that is designed to spy on the victim’s activities, capturing sensitive data such as the person’s passwords, online shopping, and screen contents. One popular type of spyware, a keylogger, is optimized for logging the victim’s keyboard activity and transmitting the captured information to the remote attacker.

Patch

A patch is an update to a vulnerable program or system. A common practice to keep your computer and mobile devices secure is installing the latest vendor’s patches in a timely fashion. Some vendors release patches on a monthly or quarterly basis. Therefore, having a computer that is unpatched for even a few weeks could leave it vulnerable.

Phishing

Phishing is a social engineering technique where cyber attackers attempt to fool you into taking an action in response to an email. Phishing was a term originally used to describe a specific attack scenario. Attackers would send out emails pretending to be a trusted bank or financial institution, their goal was to fool victims into clicking on a link in the email. Once clicked, victims were taken to a website that pretended to be the bank, but was really created and controlled by the attacker. If the victim attempted to login thinking they were at their bank, their login and password would then be stolen by the attacker. The term has evolved and often means not just attacks designed to steal your password, but emails designed to send you to websites that hack into your browser, or even emails with infected attachments.

Social Engineering

A psychological attack used by cyber attackers to deceive their victims into taking an action that will place the victim at risk. For example, cyber attackers may trick you into revealing your password or fool you into installing malicious software on your computer. They often do this by pretending to be someone you know or trust, such as a bank, company or even a friend.

Spam

Unwanted or unsolicited emails, typically sent to numerous recipients with the hope of enticing people to read the embedded advertisements, click on a link or open an attachment. Spam is often used to convince recipients to purchase illegal or questionable products and services, such as pharmaceuticals from fake companies. Spam is also often used to distribute malware to potential victims.

Spear Phishing

Spear phishing describes a type of phishing attack that target specific victims. But instead of sending out an email to millions of email addresses, cyber attackers send out a very small number of crafted emails to very specific individuals, usually all at the same organization. Because of the targeted nature of this attack, spear phishing attacks are often harder to detect and usually more effective at fooling the victims.

Vulnerability

This is any weakness that attackers or their malicious programs may be able to exploit. For example it can be a bug in a computer program or a misconfigured webserver. An attacker or malware may be able to take advantage of the vulnerability to gain unauthorized access to the affected system. However, vulnerabilities can also be a weakness in people or organizational processes.


1 2 3 4 5 6 7 8
Archives