Security :: Security News and Advisories

Printer-friendly version


We've had a number of reports recently of calls coming into HSU staff and faculty claiming to be from the "Windows Service Center". These calls generally tell you that something you have been doing on your computer recently is causing or will cause problems with your computer, and recommend that you download something to get rid of the problem. Of course, if you follow their recommendations, what you download from them will cause you all sorts of problems, because this is just a ruse to get access to your computer. The only appropriate response is to hang up, because there is no such thing as the Windows Service Center, and Microsoft would not be calling you about a security issue.

The moral of the story - never trust what you cannot verify by other means.


ABC 7 Action News, 12/12/12: It's the holiday season, which means gifts, good cheer, and new opportunities for scam artists to take advantage of us.

And a new report says in 2012, more than ever before, they are targeting us not on our computers, but on our smartphones.


When you cross the street, you look both ways to make sure it’s safe. Staying safe on the Internet is similar. It takes some common sense steps.

STOP: Before you use the Internet, take time to understand the risks, take the appropriate precautions, and learn how to spot potential problems.

THINK: Take a moment to be certain the path ahead is clear. Watch for warning signs and consider how your actions online could impact your safety, your family’s safety, or that of others.

CONNECT: Enjoy the Internet with greater confidence, knowing you’ve taken the right steps to safeguard yourself and your computer.

Protect yourself and help keep the web a safer place for everyone.

The Anti-Phishing Working Group (APWG) and National Cyber Security Alliance (NCSA) led the development of the STOP. THINK. CONNECT. campaign. The U.S. Department of Homeland Security provides the Federal Government's leadership for the STOP. THINK. CONNECT. campaign.

LulzSec Attacker Pleads Guilty To Sony Pictures Hack
Defendant agrees to pay restitution toward Sony's $600,000 data breach cleanup costs.

By Mathew J. Schwartz InformationWeek
October 15, 2012  Alleged LulzSec hacker Raynaldo Rivera, 20, has pleaded guilty to one charge against him relating to an attack against the website of Sony Pictures Entertainment. According to authorities, Rivera operated online using the monikers "neuron," "royal," and "wildicv," and was part of the hacktivist group known as Lulz Security, or LulzSec.

The FBI arrested Rivera in August 2012, after a federal grand jury handed down a two-count indictment against him the same month. The indictment charged Rivera with conspiracy and unauthorized impairment of a protected computer. Both charges carry a maximum penalty of 15 years in jail.

Malware Campaigns Impersonating U.S. Government Agencies

Tuesday, August 28, 2012 at 4:31 pm

US-CERT is aware of multiple malware campaigns impersonating multiple U.S. government agencies, including the United States Cyber Command (USCYBERCOM) and the Federal Bureau of Investigation (FBI). Once installed on a system, the malware displays a screen claiming that a Federal Government agency has identified the user's computer as being associated with one or more crimes. The user is told to pay a fine to regain the use of the computer, usually through prepaid money card services.


Raynaldo Rivera, Suspected LulzSec Hacker, Arrested In Sony Pictures Breach

LOS ANGELES (Reuters) - A second suspected member of the clandestine hacking group LulzSec was arrested on Tuesday on charges he took part in an extensive computer breach of Sony Pictures Entertainment, the FBI said.


People Forget, Computers Don't

In 2003, the British Government published a report on Iraq's security and intelligence organizations. Then a Cambridge University lecturer discovered that much of the document was copied from three different articles, one written by a graduate student. How did he know? The document contained a listing of the last 10 edits, even showing the names of the people who worked on the file.

Hidden data can often be found within Microsoft Office documents particularly Word. Whenever you exchange documents with clients, either convert them to PDF format (WYSIWYG) or else run them through Microsoft's Hidden Data Removal tool.

For more info, and to download Microsoft's Hidden Data Removal tool, see

Blizzard Hack: A Security Guide For Users (August 10, 2012)

(PCWorld) - If you play PC games from Blizzard Entertainment such as Diablo III and World of Warcraft you need to review your account security as soon as you can.

Blizzard has confirmed a security breach compromised a large amount of user account data for gamers. Blizzard is warning players on North American servers (including players from North America, Latin America, Australia, New Zealand, and Southeast Asia) that hackers have nabbed user e-mail addresses, answers to security questions, a database of “cryptographically scrambled” passwords, and as sensitive data related to dial-in and smartphone app-based two-factor authentication. [...]

How to Protect Your Cloud Data from Hacks (August 9, 2012)

(CNN) — The cloud sounds amazing. Set up your entire digital life to sync automatically with a server run by some big (ostensibly responsible) tech company, and you never have to worry about losing data again, right? [...]

Apple suspends 'over the phone' password changes after Wired reporter has digital life destroyed by hacker (August 8, 2012)

Apple has told its support staff to stop changing user passwords over the phone after a reporter lost his digital life, it was claimed today. [...]

How Apple and Amazon Security Flaws Led to My Epic Hacking (August 6, 2012)

In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook. [...]

Skype's Server Upgrade Triggers Wiretapping Worries (Tues, July 24, 2012)

Fears have surfaced that Skype may be eavesdropping on communications over its service. The concern is that supernodes Microsoft is introducing to Skype could make it easier to monitor calls [...]

A New Day for ID Management (Mon, July 23, 2012)

Let's examine the relationship between controlled digital identities in cyber risk management. Our panel will explore how the technical and legal support of ID management best practices have been advancing rapidly. And we'll see how individuals and organizations can better protect themselves through better understanding and managing of their online identities they route the voice data in addition to initiating communications between parties. [...]

University of Maine server hacked, data may have been stolen (July 19, 2012)

ORONO, Maine — A security breach on one of the University of Maine’s servers may have compromised information on people who made purchases through campus-based computer stores at the Orono campus and the University of Arkansas, UMaine announced in a press release Thursday [...]

Small data breach at BYU put student information at risk (Thur, July 19, 2012)

PROVO -- BYU is warning several hundred present and former students about a data breach that may have compromised students' personal information. The data breach originally occurred on June 10th when a server at BYU was accessed by an unauthorized source.[...]

Dropbox investigating possible security breach (Wed, July 18, 2012)

(CNN) -- Dropbox, the popular cloud-storage service, is investigating whether a security breach is to blame for a recent wave of spam e-mail sent to users.[...]

Our Terrible, Horrible, No Good, Very Bad Password System (Wed, July 18, 2012)

It has been a heck of a year for password/password hash disclosures. In the same week in June, millions of password hashes were disclosed from LinkedIn, eHarmony and And in the same week in July, more than 450,000 usernames and unencrypted passwords were reportedly stolen from Yahoo Voice, while 420,000 password hashes were leaked as a result of an attack on Formspring. […]

Yahoo fixes flaw behind 450,000 account hack (July 13, 2012)

Yahoo fixes flaw behind 450,000 account hack. Earlier this week, the hacker group D33ds Company claimed responsibility for attacking a Yahoo service and exposing 450,000 plain text login credentials. Yahoo then confirmed that the accounts were compromised, though it emphasized less than 5 percent of the credentials were valid. Yahoo today closed the saga by fixing the flaw in question. [...]

Credit card security breach hits California campus (Fri, June 29, 2012)

(CNN) -- By Greg Morrison. The University of Southern California is warning students and faculty about a credit card security breach following the hacking of a software system on the campus. In an e-mail statement Thursday, campus officials detailed the breach that occurred at dining facilities between May 21 and June 21. Credit card numbers were obtained illegally through a breach in a third-party software system used to process credit card transactions in some USC dining halls," the statement said.[...]