12 October, 2011

CWRU Branded version of Qualys Browser Check

A customized version of the Qualys Browser Check is available to CWRU users.  The free utility from Qualys examines the user's browser updates, settings, and in particular browser plug-ins.

University users can access the URL for the utility (login required) at this internal site.  It is recommended that all browsers running on the user's computer be checked.

The results are aggregated for all University users (no individual tracking is involved) to help us assess the state of browser security at CWRU.

03 October, 2011

Cyber Security Awareness Month Schedule of Events

This October, CWRU is hosting a number of security training and education events and lectures intended to stimulate and enlighten the campus community on matters of information security.  The schedule actually begins in September, and approximately one event per week is scheduled.

September 27, 2011
Information session on the NetWars program by the SANS Institute.  The NetWars program is the college and graduate level program of the United States Cyber Challenge (pdf), with the intent of developing talent in information security nationwide.  The intended audience is for students and graduate students, but faculty and staff are also welcome.

When:  2:00-3:00 PM
Where:  Sears 221 (knock to enter!)

This presentation is also available via webcast (SANS account needed), but attendees can also meet us in Sears 221 for a group presentation.

Week of October 3, 2011
The Information Security Office announces the availability of new online security awareness training: SANS Securing The Human.  See the enrollment form for Faculty.

October 6, 2011
UCITE Presentation to Faculty.

When: 12:00-1:00 PM
Where: Herrick Room, Allen Memorial Library
Note: RSVP required via UCITE website

October 11, 2011
FBI Counter-intelligence briefing for researchers, faculty, and anybody who needs to protect intellectual property.  Two agents from the Cleveland FBI division will give a presentation of the threat landscape to technology research, both from a human and network/cyber perspective.

When: 2:00-3:00 PM
Where: Nord 310

October 12, 2011
ITSPAC Meeting Presentation on Information Security
  • Top 10 Creepy Security Issues That Should Keep You Up At Night
When: 09:00-10:30 AM
Where: Adelbert Toepfer Room

October 13, 2011
FISCIT Meeting presentation
Invitation to Faculty to participate in security awareness training.

October 19-21, 2011
EDUCAUSE 2011 Conference- Online 
A full schedule of the EDUCAUSE conference in Philadelphia will be presented by the Information Security Office, and is open and free to all who may wish to attend.  Security presentations will be given priority in the schedule, but many other interesting topics in IT in higher education are available.  

When: 08:00 AM to 5:00 PM (October 19 & 20)
08:00 to 12:00 PM (October 21)
Where: Sears 221

See the full schedule here: EDUCAUSE 2011 Online

October 25, 2011
"Social Networks: 5 Threats and 5 Ways to Use them Safely"  A presentation by SecureState, LLC, a Cleveland-based security consulting firm, targeted to university users of social networking systems.

When: 2:00-3:00 PM
Where: Nord 310

20 April, 2011

SSA Creates Zombies, Publishes Names and SSNs of "Living Dead"

Rumors of my death have been greatly exaggerated" - attributed to Mark Twain

The Office of the Inspector General for the Social Security Administration (SSA) reported that the SSA published personally identifiable data for living persons erroneously in the Death Master file, which is sold to the public.  The Death Master file contains information about recently deceased individuals, and is sold to data merchants, credit reporting agencies, banks and other lenders, who use the data for various purposes, including preventing identity theft and fraudulent account creation in the name of deceased persons to verify status of customers.  

Over the timeframe of 2006 to 2010, the IG report noted 36,657 persons were erroneously added to the Death Master file.  Personally identifiable data in the file includes:
  • Social Security numbers
  • first, middle and last names
  • dates of birth
  • state and ZIP codes of last known residences available
The impact to a living person, whose demise has been exaggerated by the SSA, can be significant, but not in an identity theft scenario.  Since credit bureaus will have entered the data as a deceased person, applications for new accounts with the personal data will set off "red flags" as potential fraud.   In terms of the Social Security Number use, these folks are Zombies, or the "Living Dead," which may create another problem with social security accounting for benefits.  Persons being identified as recently deceased, but still clinging to fully breathing taxpayer status, have definitely had one of their fundamental rights removed (life, liberty, and the pursuit of property, happiness, and safety, per the 1776 Virginia Declaration of Rights), if only administratively.  The SSA has much work ahead to ensure the data in the Master Death file is accurate.

Zombie Status should result in the opportunity for  the ultimate credit freeze, preventing any malefactor from using the data to create fraudulent accounts with the published data.  If Zombies continue paying taxes, it is likely the Infernal Revenue Service will not take note of the SSA's errors.