Free Stuff!!

Information Security part:

It is not uncommon for malicious parties to send out e-mail or other communications with the text “Free Stuff!!” as part of the subject line or emblazoned in bold letters across the top of the ad.  Often this lure of the possibility of getting something free is irresistible to we human beings.

This means we, as consumers of technology, need to be cautious whenever we see offers that seem too good to be true.  In one of my favorite childhood science fiction books, The Moon is a Harsh Mistress by Robert Heinlein, I learned to look carefully at free offers through the lens of the acronym TANSTAAFL.

“There Ain’t No Such Thing As A Free Lunch” means simply that there is often a hidden cost behind “free” offers, and that an intelligent person will be certain to look for that cost before jumping onto any “free” bandwagon.

Non-Information Security part (sort-of):

I’ve mentioned before that I would periodically include in this blog things outside the realm of information security if I found it interesting and worth sharing.  This is one of those times.

Microsoft yesterday announced that they are increasing in July the amount of storage space allocated to users of their OneDrive cloud file storage.  OneDrive allows users to access saved files through the internet from anywhere, using any computer or device (such as a smart phone or pad).

The amount of storage space available in the “free” (advertiser supported) version of OneDrive is increasing from 7 GB (gigabytes) to 15 GB.

Microsoft also offers paid OneDrive subscriptions, the first as a stand alone product for which they are charging $1.99 for 100 GB [previously $7.49] or $3.99 for 200 GB [previously $11.49] per month.

The second subscription version is associated with the various (and variously priced) versions of their online Office 365 product.  They have not changed the price of the monthly or annual Office 365 subscriptions, but are changing the amount of OneDrive space available to subscribers to 1 TB (terabytes; equivalent to about 1,000 GB).  This is a HUGE amount of personal storage space!

This offer, including it’s “free” version, may well be worth checking out if you are interested in personal cloud storage of your files.

Privacy Disclaimer

It is important to always keep in mind that in storing your personal files “in the cloud” –whether it is OneDrive or other free or paid offerings, like BOXDropBoxGoogle Drive, Amazon Cloud,  Apple’s iCloud, or any other company–those files are resting on servers controlled by whichever company is providing the service.

This means they are subject to disclosure either to certain company technical employees or through legal requests, to courts or law-enforcement officials.  Just as with files stored on college systems, they are not totally protected from disclosure in certain situations.

However, if you make an informed decision, weighing the benefit of using such personal file storage services against their hidden costs (such as lack of perfect privacy), they can be pretty useful, especially if you access files from multiple locations on multiple devices.

Security Intelligence Report

Warning:  for serious information security buffs only!

Microsoft has recently published it most recent security intelligence report (152 pages!) on the current state of information security and exploitation trends in the world.  While it is not really intended for the casual computer user, it is fascinating reading if you are interested in diving a little deeper into the bigger information security picture.

There is a 21 page summary version and a 94 page worldwide threat assessment also posted on their Security Intelligence Report website, along with lots of links to other related information if you are bored and have an afternoon to kill…

Just think!  Some of us get to read this stuff every day!

ENJOY the beginning of summer this weekend.

Sharing login information

Recent increases on campus of individual Bellevue College computer and/or network users sharing their account information with others, including their login name and/or password, has motivated this reminder to the campus regarding the seriousness with which such “sharing” is viewed. 

To make certain we are absolutely clear on its definition, in this context “sharing” includes not only giving someone your user name and password, it also includes logging into a computer and allowing another person to use that computer.  It does not matter whether the person might otherwise or eventually be authorized to use that computer, it is still prohibited.  

Login names and passwords

Account names and passwords are used on campus computers for two basic reasons:

  • First, they help secure the technology resources and provide computer and network access only to those who have been legally authorized. 
  • Second, they provide individual accountability for how those resources are used.

Two Bellevue College policies, Policy 5150: “Acceptable Use of  Networks and Systems” and Policy 5000: “Acceptable Use of Bellevue College Computers”, state that college computer and network users are specifically prohibited from allowing ANYONE to use a network account name or password assigned to them. 

In some circumstances, unauthorized access to or use of college computers may constitute a breach of security which triggers policy-based or legal requirements for the college to notify students and others (including the community as a whole) of a potential breach of their FERPA privacy rights or of their confidential and or sensitive protected information.

Potential for embarrassment

Not only is sharing account information against policy, it is simply one of the most risky behaviors a computer user can do.  Anyone with your account name and password can do anything they want on the computer or network/Internet and it will appear to have been done by you.  Imagine the embarrassment created by sharing your account information if the individual you shared it with uses it inappropriately: 

  • If they want to harass someone on line?  No problem, the authorities will come looking for you. 
  • Perhaps they want to download inappropriate materials?  The investigation will point back to you. 
  • Maybe they want to send an embarrassing e-mail to the college President or a Trustee.  Or anyone. No sweat; everyone will come looking for you.

These are just a few of the possibilities.  Certainly, in the majority of cases those individuals who are sharing your account information may do nothing inappropriate.  But all it takes is one irresponsible or malicious person and you become the focus of much unwanted attention.

Personal and confidential

Your login name and password are personalized credentials, just like your driver’s license—they represent you on-line at Bellevue College and to the wider Internet.  They are also a security tool, similar to car or house keys.  While most of us would never think it appropriate to hand someone else our driver’s license and car keys to use simply because they didn’t have their own, we often don’t give a second thought to sharing account information.

The sanctions for an individual sharing their account name and password, or by using someone else’s shared account information, are very serious.  They may include loss of computer privileges, denial of future access to college technology resources, or other disciplinary actions, up to and including dismissal from the college.

Please help Information Resources continue to keep the college networks and computers working as a viable business and educational tool by protecting your login account name and password and ensuring that you are the only one using those credentials. 

Individuals who are authorized college technology users can create their own login and password through the Net-ID website using their Systems ID number (SID), Personal ID number (PIN) and date of birth (DOB).  If you need assistance getting someone authorized to use Bellevue College technology resources, please feel free to contact the Help Desk by e-mail,  through Request Center, by phone (x4357), or to contact me.

Federal Trade Commission Scam Alerts site

Happy June!

Today’s information is short and sweet, and is about an important resource each computer user should have at their fingertips.

The Federal Trade Commission has a website intended to inform consumers about current scams, including computer spam scams (say that three times, real fast).  Of course, most things that may be identified as applying to consumers can be valuable in the workplace, as well.

So check out the information posted there, then bookmark the site both at home and here at work, and refer to it whenever you have questions or are just curious.  You can even sign up to get automatic alerts, if you wish.