http://chronicle.com/free/v55/i17/17a00901.htm By JEFFREY R. YOUNG The Chronicle of Higher Education December 19, 2008 Issue Karen McDowell spent several days this fall dressed in a purple fish costume, holding a plastic spear. Ms. McDowell, a network-security analyst at the University of Virginia, wanted to raise awareness about "phishing," e-mail schemes in which con artists send messages to trick people into giving out passwords or other personal information. Ms. McDowell walked around high-traffic areas of the campus to get attention. "Sometimes I introduced myself as a fraudulent e-mail because many people don't know what a phish is," she said. The outfit hooked curious students, who asked her what she was up to, and most listened to her spiel. In the past, plainclothes administrators set up tables and handed out brochures about the importance of computer security. But Ms. McDowell felt that such efforts made little impact, since students mostly walked by without stopping. The fish costume was her idea — the university paid a local seamstress $60 to make it — because she felt that a bit of flashiness and humor would help the message sink in. User awareness is growing in importance when it comes to computer security. Not long ago, keeping college networks safe from cyberattackers mainly involved making sure computers around campus had the latest software patches. New computer worms or viruses would pop up, taking advantage of some digital hole in the Windows operating system or in popular Web software, and officials would work to plug the gaps. Those were the good old days — back when many big attacks were started by hobbyists who got a cheap thrill watching geek squads scramble. Today a growing number of network bad guys are professional criminals, and they're looking to steal real money. They don't just want to post an embarrassing note on your college's home page. They want to nab the identities of students and professors to go on shopping sprees with forged credit cards. With the global economy getting lousier, officials predict that even more hackers will get into the act in search of easy cash. Increasingly, the weakest part of a network is the users, who carelessly give out their passwords or leave important information for the taking. That's the conclusion I reached at a recent Dartmouth College conference on "Securing the eCampus: Building a Culture of Information Security in an Academic Institution," where I was asked to give my take on security threats. I compiled the following top-10 list of campus computer-security risks based on several recent computing surveys and interviews with more than a dozen college-technology leaders. The list, ordered from least to most serious, is by no means scientific, but it gives a sense of where today's battle lines are — and why "phish" costumes should become more common on campuses. [...] _______________________________________________ Help InfoSecNews.org with a donation! http://www.infosecnews.org/donate.htmlReceived on Mon Dec 15 2008 - 23:32:12 PST
This archive was generated by hypermail 2.2.0 : Mon Dec 15 2008 - 23:41:51 PST