Monday, December 06, 2010

Holiday Season Phishing Scams and Malware Campaigns

Holiday Season Phishing Scams and Malware Campaigns

Original release date: November 18, 2010 at 2:17 pm
Last revised: November 18, 2010 at 2:17 pm


In the past, US-CERT has received reports of an increased number of
phishing scams and malware campaigns that take advantage of the winter
holiday and holiday shopping season. US-CERT reminds users to remain
cautious when receiving unsolicited email messages that could be part
of a potential phishing scam or malware campaign.

These phishing scams and malware campaigns may include but are not
limited to the following:
* electronic greeting cards that may contain malware
* requests for charitable contributions that may be phishing scams
and may originate from illegitimate sources claiming to be
charities
* screensavers or other forms of media that may contain malware
* credit card applications that may be phishing scams or identity
theft attempts
* online shopping advertisements that may be phishing scams or
identity theft attempts from bogus retailers

US-CERT encourages users and administrators to use caution when
encountering these types of email messages and take the following
preventative measures to protect themselves from phishing scams and
malware campaigns:
* Do not follow unsolicited web links in email messages.
* Use caution when opening email attachments. Refer to the Using
Caution with Email Attachments Cyber Security Tip for more
information on safely handling email attachments.
* Maintain up-to-date antivirus software.
* Review the Federal Trade Commission's Charity Checklist.
* Verify charity authenticity through a trusted contact number.
Trusted contact information can be found on the Better Business
Bureau National Charity Report Index.
* Refer to the Recognizing and Avoiding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
Cyber Security Tip for more information on social engineering
attacks.
* Refer to the Shopping Safely Online Cyber Security Tip for more
information on online shopping safety.

Relevant Url(s):












====
This entry is available at
http://www.us-cert.gov/current/index.html#holiday_season_phising_scams_and

Understanding Voice over Internet Protocol (VoIP)

Cyber Security Tip ST05-018
Understanding Voice over Internet Protocol (VoIP)

With the introduction of VoIP, you can use the internet to make telephone
calls instead of relying on a separate telephone line. However, the
technology does present security risks.

What is voice over internet protocol (VoIP)?

Voice over internet protocol (VoIP), also known as IP telephony, allows you
to use your internet connection to make telephone calls. Instead of relying
on an analog line like traditional telephones, VoIP uses digital technology
and requires a high-speed broadband connection such as DSL or cable. There
are a variety of providers who offer VoIP, and they offer different
services. The most common application of VoIP for personal or home use is
internet-based phone services that rely on a telephone switch. With this
application, you will still have a phone number, will still dial phone
numbers, and will usually have an adapter that allows you to use a regular
telephone. The person you are calling will not likely notice a difference
from a traditional phone call. Some service providers also offer the ability
to use your VoIP adapter any place you have a high-speed internet
connection, allowing you to take it with you when you travel.

What are the security implications of VoIP?

Because VoIP relies on your internet connection, it may be vulnerable to
many of the same problems that face your computer and even some that are
specific to VoIP technology. Attackers may be able to perform activities
such as intercepting your communications, eavesdropping, taking control of
your phone, making fraudulent calls from your account, conducting effective
phishing attacks by manipulating your caller ID, and causing your service to
crash (see Avoiding Social Engineering and Phishing Attacks and
Understanding Denial-of-Service Attacks for more information). Activities
that consume a large amount of network resources, like large file downloads,
online gaming, and streaming multimedia, may affect your VoIP service.

There are also inherent problems to routing your telephone over your
broadband connection. Unlike traditional telephone lines, which operate
despite an electrical outage, if you lose power, your VoIP may be
unavailable. VoIP services may also introduce problems for
location-dependent systems such as home security systems or emergency
numbers such as 911.

How can you protect yourself?

* Keep software up to date - If the vendor releases updates for the
software operating your device, install them as soon as possible.
Installing them will prevent attackers from being able to take advantage
of known problems or vulnerabilities (see Understanding Patches for more
information).
* Use and maintain anti-virus software - Anti-virus software recognizes
and protects your computer against most known viruses. However,
attackers are continually writing new viruses, so it is important to
keep your anti-virus software current (see Understanding Anti-Virus
Software for more information).
* Take advantage of security options - Some service providers may offer
encryption as one of their services. If you are concerned about privacy
and confidentiality, you may want to consider this and other available
options.
* Install or enable a firewall - Firewalls may be able to prevent some
types of infection by blocking malicious traffic before it can enter
your computer (see Understanding Firewalls for more information). Some
operating systems actually include a firewall, but you need to make sure
it is enabled.
* Evaluate your security settings - Both your computer and your VoIP
equipment/software offer a variety of features that you can tailor to
meet your needs and requirements. However, enabling certain features may
leave you more vulnerable to being attacked, so disable any unnecessary
features. Examine your settings, particularly the security settings, and
select options that meet your needs without putting you at increased
risk.

Additional information

* Understanding Voice over Internet Protocol (VoIP) PDF
_________________________________________________________________

Author: Mindi McDowell
_________________________________________________________________

Produced 2005 by US-CERT, a government organization.

Note: This tip was previously published and is being
re-distributed to increase awareness.

Terms of use

http://www.us-cert.gov/legal.html

This document can also be found at

http://www.us-cert.gov/cas/tips/ST05-018.html

Thursday, November 11, 2010

Ebsco access unavailable

Auto Repair Ref Center, Ebscohost, Novelist and Novelist K-8 are currently unavailable. The vendor is working on the issue.

Friday, October 29, 2010

Limited Functionality During Migration Period

Beginning October 29, 2010 through November 11, 2010
Patrons will be unable to place their own holds in the Lansing catalog.
Patrons will be unable to renew online, please call the library at 708-474-2447 to renew items during this transitional period.
Thank you for your patience.

Friday, September 10, 2010

Malicious Email Campaign Circulating

US-CERT Current Activity

Malicious Email Campaign Circulating

Original release date: September 9, 2010 at 8:46 pm
Last revised: September 9, 2010 at 8:46 pm


US-CERT is aware of public reports of malware spreading via email.
These reports indicate that the malicious email messages contain the
subject line "Here you have" or "Just For You" and contain a link to a
seemingly legitimate PDF file. If users click on this link, they will
be redirected to a malicious website that will prompt them to download
and install a screensaver (.scr) file. If they agree to install this
file, they will become infected with an email worm that will continue
to propagate through their email contacts.

US-CERT encourages users and administrators to take the following
preventive measures to help mitigate the security risks:
* Install anti-virus software, and keep its virus signature files
up-to-date.
* Do not follow unsolicited web links received in email messages.
* Refer to the Recognizing and Avoiding Email Scams (PDF) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
document for more information on avoiding social engineering and
phishing attacks.

Relevant Url(s):
http://www.us-cert.gov/cas/tips/ST04-014.htmlhttp://www.avertlabs.com/research/blog/index.php/2010/09/09/widespread-reporting-of-here-you-have-virus/

http://www.us-cert.gov/reading_room/emailscams_0905.pdf

====
This entry is available at
http://www.us-cert.gov/current/index.html#here_you_have_email_malware

Thursday, August 26, 2010

Don't Forget Your Headphones!

Patrons will have to bring their own headpones or earbuds in order to enable sound on the library computers, effective September 7, 2010. Earbuds will be for sale at the Circulation Desk for $1.50

Monday, August 02, 2010

Message from NoveList

We are pleased to announce that the implementation of the highly anticipated release of the new version of NoveList, communicated in mid-July, is scheduled to begin on August 4th. To accommodate the complex implementation, NoveList will be temporarily unavailable during the transition period.

During that time, you will still have access to the NoveList Beta site. Clicking on the NoveList link from your library’s website will take you to a “NoveList is Temporarily Unavailable” page where you’ll see a link to the NoveList Plus Beta site. While certain features are not available in the beta version, (e.g., personal folders and catalog linking) you will still have access to the complete NoveList Plus database. Because there is no Beta version for the K-8 products, all NoveList users will be directed to the same NoveList Plus Beta.


Best regards,

The NoveList Team

Thursday, July 15, 2010

Gale Offers Free Access to Information on Gulf of Mexico Oil Spill

**** accessible from our "search for articles" page on the public PCs, or from the library website if you choose "display research options shown on library computers" ****

Gale Offers Free Access to Information on Gulf of Mexico Oil Spill

Gale is providing free access to content from GREENR (Global Reference on the Environment, Energy, and Natural Resources), making reliable, expert information regarding the Gulf of Mexico oil spill readily available. GREENR is a one-stop site providing news, analysis, background information, video, primary source documents and statistics – all vital resources for understanding the ever-changing conditions in the Gulf of Mexico.

Gale Publishers is making this available until August 31, 2010, the link will connect users to a portal page with content for all levels of interest.

Friday, July 09, 2010

Thursday, June 24, 2010

Avoiding Copyright Infringement

Cyber Security Tip ST05-004
Avoiding Copyright Infringement

Although copyright may seem to be a purely legal issue, using unauthorized
files could have security implications. To avoid prosecution and minimize
the risks to your computer, make sure you have permission to use any
copyrighted information, and only download authorized files.

How does copyright infringement apply to the internet?

Copyright infringement occurs when you use or distribute information without
permission from the person or organization that owns the legal rights to the
information. Including an image or cartoon on your website or in a document,
illegally downloading music, and pirating software are all common copyright
violations. While these activities may seem harmless, they could have
serious legal and security implications.

How do you know if you have permission to use something?

If you find something on a website that you would like to use (e.g., a
document, a chart, an application), search for information about permissions
to use, download, redistribute, or reproduce. Most websites have a "terms of
use" page that explains how you are allowed to use information from the site
(see US-CERT's terms of use for an example). You can often find a link to
this page in the site's contact information or privacy policy, or at the
bottom of the page that contains the information you are interested in
using.

There may be restrictions based on the purpose, method, and audience. You
may also have to adhere to specific conditions about how much information
you are allowed to use or how the information is presented and attributed.
If you can't locate the terms of use, or if it seems unclear, contact the
individual or organization that holds the copyright to ask permission.

What consequences could you face?

* Prosecution - When you illegally download, reproduce, or distribute
information, you risk legal action. Penalties may range from warnings
and mandatory removal of all references to costly fines. Depending on
the severity of the crime, jail time may also be a possibility. To
offset their own court costs and the money they feel they lose because
of pirated software, vendors may increase the prices of their products.
* Infection - Attackers could take advantage of sites or networks that
offer unauthorized downloads (music, movies, software, etc.) by
including code into the files that would infect your computer once it
was installed (see Understanding Hidden Threats: Corrupted Software
Files and Understanding Hidden Threats: Rootkits and Botnets for more
information). Because you wouldn't know the source or identity of the
infection (or maybe that it was even there), you might not be able to
easily identify or remove it. Pirated software with hidden Trojan horses
is often advertised as discounted software in spam email messages (see
Why is Cyber Security a Problem? and Reducing Spam for more
information).

References

* U.S. Copyright Office -
* Copyright on the Internet -
_________________________________________________________________

Author: Mindi McDowell
_________________________________________________________________

Produced 2005 by US-CERT, a government organization.

Note: This tip was previously published and is being
re-distributed to increase awareness.

Terms of use

http://www.us-cert.gov/legal.html

This document can also be found at

http://www.us-cert.gov/cas/tips/ST05-004.html

For instructions on subscribing to or unsubscribing from this
mailing list, visit http://www.us-cert.gov/cas/signup.html.

Tuesday, June 22, 2010

Reviewing End-User License Agreements

Cyber Security Tip ST05-005
Reviewing End-User License Agreements

Before accepting an end-user license agreement, make sure you understand and
are comfortable with the terms of the agreement.

What is an end-user license agreement?

An end-user license agreement (EULA) is a contract between you and the
software's vendor or developer. Some software packages state that by simply
removing the shrink-wrap on the package, you agree to the contract. However,
you may be more familiar with the type of EULA that is presented as a dialog
box that appears the first time you open the software. It usually requires
you to accept the conditions of the contract before you can proceed.
Software updates and patches may also include new or updated EULAs that have
different terms than the original. Some EULAs only apply to certain features
of the software, so you may only encounter them when you attempt to use
those features.

Unfortunately, many users don't read EULAs before accepting them. The terms
of each contract differ, and you may be agreeing to conditions that you
later consider unfair or that expose you to security risks you didn't
expect.

What terms may be included?

EULAs are legal contracts, and the vendor or developer may include almost
any conditions. These conditions are often designed to protect the developer
or vendor against liability, but they may also include additional terms that
give the vendor some control over your computer. The following topics are
often covered in EULAs:
* Distribution - There are often limitations placed on the number of times
you are allowed to install the software and restrictions about
reproducing the software for distribution (see Avoiding Copyright
Infringement for more information about copyright issues).
* Warranty - Developers or vendors often include disclaimers that they are
not liable for any problem that results from the software being used
incorrectly. They may also protect themselves from liability for
software flaws, software failure, or incompatibility with other programs
on your computer.

The following topics, while not standard, are examples of other conditions
that have been included in EULAs. They present security implications that
you should consider before accepting the agreement.
* Monitoring - Agreeing to the EULA may give the vendor permission to
monitor your computer activity and communicate the information back to
the vendor or to another third party. Depending on what information is
being collected, this type of monitoring could have both security and
privacy implications.
* Software installation - Some agreements allow the vendor to install
additional software on your computer. This may include updated versions
of the software program you installed (the determination of which
version you are running may be a result of the monitoring described
above). Vendors may also incorporate statements that allow them or other
third parties to install additional software programs on your computer.
This software may be unnecessary, may affect the functionality of other
programs on your computer, and may introduce security risks.
_________________________________________________________________

Author: Mindi McDowell
_________________________________________________________________

Produced 2005 by US-CERT, a government organization.

Note: This tip was previously published and is being re-distributed to increase awareness.

Terms of use

http://www.us-cert.gov/legal.html

This document can also be found at

http://www.us-cert.gov/cas/tips/ST05-005.html

For instructions on subscribing to or unsubscribing from this mailing list, visit

http://www.us-cert.gov/cas/signup.html.

Monday, June 21, 2010

How Anonymous Are You?

Cyber Security Tip ST05-008
How Anonymous Are You?

You may think that you are anonymous as you browse websites, but pieces of
information about you are always left behind. You can reduce the amount of
information revealed about you by visiting legitimate sites, checking
privacy policies, and minimizing the amount of personal information you
provide.

What information is collected?

When you visit a website, a certain amount of information is automatically
sent to the site. This information may include the following:
* IP address - Each computer on the internet is assigned a specific,
unique IP (internet protocol) address. Your computer may have a static
IP address or a dynamic IP address. If you have a static IP address, it
never changes. However, some ISPs own a block of addresses and assign an
open one each time you connect to the internet—this is a dynamic IP
address. You can determine your computer's IP address at any given time
by visiting www.showmyip.com.
* domain name - The internet is divided into domains, and every user's
account is associated with one of those domains. You can identify the
domain by looking at the end of URL; for example, .edu indicates an
educational institution, .gov indicates a US government agency, .org
refers to organization, and .com is for commercial use. Many countries
also have specific domain names. The list of active domain names is
available from the Internet Assigned Numbers Authority (IANA).
* software details - It may be possible for an organization to determine
which browser, including the version, that you used to access its site.
The organization may also be able to determine what operating system
your computer is running.
* page visits - Information about which pages you visited, how long you
stayed on a given page, and whether you came to the site from a search
engine is often available to the organization operating the website.

If a website uses cookies, the organization may be able to collect even more
information, such as your browsing patterns, which include other sites
you've visited. If the site you're visiting is malicious, files on your
computer, as well as passwords stored in the temporary memory, may be at
risk.

How is this information used?

Generally, organizations use the information that is gathered automatically
for legitimate purposes, such as generating statistics about their sites. By
analyzing the statistics, the organizations can better understand the
popularity of the site and which areas of content are being accessed the
most. They may be able to use this information to modify the site to better
support the behavior of the people visiting it.

Another way to apply information gathered about users is marketing. If the
site uses cookies to determine other sites or pages you have visited, it may
use this information to advertise certain products. The products may be on
the same site or may be offered by partner sites.

However, some sites may collect your information for malicious purposes. If
attackers are able to access files, passwords, or personal information on
your computer, they may be able to use this data to their advantage. The
attackers may be able to steal your identity, using and abusing your
personal information for financial gain. A common practice is for attackers
to use this type of information once or twice, then sell or trade it to
other people. The attackers profit from the sale or trade, and increasing
the number of transactions makes it more difficult to trace any activity
back to them. The attackers may also alter the security settings on your
computer so that they can access and use your computer for other malicious
activity.

Are you exposing any other personal information?

While using cookies may be one method for gathering information, the easiest
way for attackers to get access to personal information is to ask for it. By
representing a malicious site as a legitimate one, attackers may be able to
convince you to give them your address, credit card information, social
security number, or other personal data (see Avoiding Social Engineering and
Phishing Attacks for more information).

How can you limit the amount of information collected about you?

* Be careful supplying personal information - Unless you trust a site,
don't give your address, password, or credit card information. Look for
indications that the site uses SSL to encrypt your information (see
Protecting Your Privacy for more information). Although some sites
require you to supply your social security number (e.g., sites
associated with financial transactions such as loans or credit cards),
be especially wary of providing this information online.
* Limit cookies - If an attacker can access your computer, he or she may
be able to find personal data stored in cookies. You may not realize the
extent of the information stored on your computer until it is too late.
However, you can limit the use of cookies (see Browsing Safely:
Understanding Active Content and Cookies for more information).
* Browse safely - Be careful which websites you visit; if it seems
suspicious, leave the site. Also make sure to take precautions by
increasing your security settings (see Evaluating Your Web Browser's
Security Settings for more information), keeping your virus definitions
up to date (see Understanding Anti-Virus Software for more information),
and scanning your computer for spyware (see Recognizing and Avoiding
Spyware for more information).

Additional information

* Securing Your Web Browser
_________________________________________________________________

Author: Mindi McDowell
_________________________________________________________________

Produced 2005 by US-CERT, a government organization.

Note: This tip was previously published and is being
re-distributed to increase awareness.

Terms of use

http://www.us-cert.gov/legal.html

This document can also be found at

http://www.us-cert.gov/cas/tips/ST05-008.html

For instructions on subscribing to or unsubscribing from this
mailing list, visit

http://www.us-cert.gov/cas/signup.html

Monday, March 29, 2010

New! Milestone Documents in World History

Milestone Documents in World History has been added to our Salem History online content. Access it in the library, or from home! http://www.lansing.lib.il.us/catalog.html#salem

US Tax Season Phishing Scams and Malware Campaigns

US-CERT Current Activity

US Tax Season Phishing Scams and Malware Campaigns

Original release date: March 26, 2010 at 10:21 am
Last revised: March 26, 2010 at 10:21 am


In the past, US-CERT has received reports of an increased number of
phishing scams and malware campaigns that take advantage of the United
States tax season. Due to the upcoming tax deadline, US-CERT reminds
users to remain cautious when receiving unsolicited email that could
be part of a potential phishing scam or malware campaign.

These phishing scams and malware campaigns may include the following:
information that refers to a tax refund, warnings about unreported or
under-reported income, offers to assist in filing for a refund, or
details about fake e-file websites. These messages, which appear to be
from the IRS, may ask users to submit personal information via email
or may instruct the user to follow a link to a website that requests
personal information or contains malicious code.

At this time, US-CERT is aware of public reports indicating that there
is active circulation of a tax season malware campaign. This malware
campaign may be using malicious code commonly known as Zeus or Zbot.

US-CERT encourages users and administrators to take the following
measures to protect themselves from these types of phishing scams and
malware campaigns:
* Do not follow unsolicited web links in email messages.
* Maintain up-to-date antivirus software.
* Refer to the IRS website related to phishing, email, and bogus
website scams for scam samples and reporting information.
* Refer to the Recognizing and Avoiding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
document for more information on social engineering attacks.

Relevant Url(s):






====
This entry is available at
http://www.us-cert.gov/current/index.html#us_tax_season_phishing_scams

Copyright Infringement Lawsuit Email Scam

US-CERT Current Activity

Copyright Infringement Lawsuit Email Scam

Original release date: March 26, 2010 at 3:20 pm
Last revised: March 26, 2010 at 3:20 pm


US-CERT is aware of public reports of an active email scam. These
emails, which appear to come from seemingly legitimate law firms,
indicate that someone has filed a copyright lawsuit against the
message recipient. The messages may contain malicious attachments or
web links. If a user opens the attachment or follows the link,
malicious code may be installed on the user's system.

US-CERT encourages users to take the following preventative measures
to help mitigate the security risks:
* Do not follow unsolicited web links and do not open unsolicited
email messages.
* Maintain up-to-date antivirus software.
* Use caution when visiting untrusted websites.
* Refer to the Recognizing and Avoiding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
document for more information on social engineering attacks.

Relevant Url(s):






====
This entry is available at
http://www.us-cert.gov/current/index.html#copyright_infringement_lawsuit_email_scam

Wednesday, March 10, 2010

EBSCOhost Available!

EBSCOhost is once again available to search for magazine articles, including the full-text of Consumer Reports articles for free! (Lansing Library card required for remote access)

Kids Search, Searchasaurus and Student Research Center have been discontinued. Please use the regular EBSCO link to access articles.

Thursday, March 04, 2010

EbscoHost Magazine Articles Online

Ebsco is currently unavailable.
We hope to have service restored soon.