Computer Support

Quick Links

SecurID Software Tokens | Safe Computing | Virus FAQs | Secure Global Desktop
Virtual Private Network | Computer Backup Policies | LLE Office 2010 Upgrade
Documentation | Web Support | Microsoft Office Tips

SecurID Software Tokens

A limited number of SecurID software tokens are available for LLE users with an iPhone or Android smartphone. A software token is functionally equivalent to a hardware token, but it resides in an application on your smartphone, which means you have one less device to carry. To obtain a software token, first download and install the RSA SecurID application from the Apple App Store or Google Play Store.

Scan the appropriate QR code below with your smartphone to go directly to the application's page

RSA SecurID App from Apple App Store QR code
Apple App Store
Apple App Store
RSA SecurID App from Google Play Store QR code
Google Play Store
Google Play Store

After the application is installed, contact any member of the Computer Support Group to obtain a software token.

Safe Computing

What is clickjacking and why should I worry?

Clickjacking is a recently discovered method of compromising your information that is now being exploited by software criminals. In a clickjack attack, you click on and enter information into what seems like a normal web page. You will not see anything different because the attack is camouflaged. The figure below illustrates how the attack works.

clickjacking

Visualization of a clickjacking attack.

Unlike a virus, trojan, or other malware that compromises your computer by exploiting a deficiency in an application or the operating system, the attacker simply takes advantage of a standard practice in web page design called UI Redressing. To make interactive and engaging web pages, it is possible to hide certain content and then display it when needed. One can place something like a fill in box on top of something else on the page. If you tell the browser to make that box transparent, all you will see is the box below it. When you enter text, it will actually go into the hidden area and then be sent to the attacker. There are many clever variations on how this can be done. A good explanation with more detail is available in this article on the SecTheory web site. If you search in Google you will find lots of information.

What's important is how to protect yourself. All browsers are vulnerable to this and it does not matter what operating system you run. While version 8 of Internet Explorer tries to protect against this partially, it has been shown that it is easily circumvented. The only known protection for now is to use the NoScript extension with Mozilla Firefox. It is a free extension that allows JavaScript, Java and Flash and other plugins to be executed only by trusted web sites that you choose. This does mean, of course, that you now have to explicitly tell the extension to allow each new web site you want to visit. This is inconvenient but less so than having your identity stolen and that is the reality of this attack.

The good news is that the NoScript extension is very easy to install and use (watch video). You can enable a site temporarily, permanently, or forbid it to run potentially dangerous content.

What do I need to do?

  • Install NoScript on your LLE office computers
  • Install NoScript on your home computers
  • Stop using other browsers such as Internet Explorer

Firefox is LLE's default browser and is installed automatically. Do not install Firefox yourself on your work PC. If you can't find it or are having trouble, please contact Computer Support.

VPN users are required to use Firefox with NoScript. All LLE staff are responsible for protecting LLE's intellectual property. If you don't have them, install them now. If you have trouble contact Computer Support for help.

Firefox and NoScript can be downloaded from the following links:

Virus FAQs

Frequently Asked Questions about Viruses

Virus incidents are on the rise here at LLE. If you think you have received a virus, please forward the message to Computer Support's virus@lle.rochester.edu. Do not delete the suspect message until Computer Support can look at your copy. In general, be extremely cautious when opening any e-mail attachment.

The following are frequently asked questions about receiving a virus via e-mail:

What is an "incident"?

The easy answer is "Anything you want." Anytime you have a question about an e-mail message you should feel free to forward the message to the "virus" address. Do not delete a message that you forward to us until we have contacted you. This may seem counterintuitive, but in order for us to track down the source of a virus transmitted via e-mail, we must be able to examine the entire message. Unfortunately, the act of forwarding a message does not (by default) pass on all of the message headers, and these headers help us determine the origin of a message.

But isn't a virus dangerous sitting in my inbox?

No—only if you open any attachment(s) to the message. Never open any of the attachments.

I already clicked on an attachment that I think might be a virus. What should I do?

If you have actually opened an attachment that you now suspect has infected your machine, you should unplug your machine from the network, if you know how. Immediately call anyone in the Computer Support Group or the on-call pager (9-1-877-504-6820).

I received a message that warned me of some danger and urged me to do something to my system (such as deleting a file, forwarding the warning on to others, etc.); what should I do?

Forward the message to virus@lle.rochester.edu and do nothing else.

When I attempt to forward the message to the virus address, Eudora says that it will have to download the attachments in order to forward it; is this ok?

Yes. This only happens to people who are set up to use the IMAP protocol (rather than the POP protocol) to read their mail.

Is there anything else I should include when I forward the suspected virus message?

The following additional information will be useful:

  • Your telephone extension
  • Name of the possibly infected computer
  • Whether or not your OfficeScan software flagged the message
    • If it did: what action OfficeScan took

In a strict sense, we are MOST interested in tracking down "uncaught incidents." An uncaught incident is when you receive an e-mail with an attachment that you feel is in any way suspicious but has NOT been reported by Trend OfficeScan.

If you have any virus-related question, contact Computer Support's virus e-mail at any time.

Additional Virus Information

We collect information from a variety of sources in order to protect the LLE user community from virus or other forms of computer attack.

Places to get virus information:

Sources of Information on Vulnerabilities:

  • Secunia- A leading vulnerability intelligence provider and distributor
  • CERT- Computer Emergency Response Team at Carnege Mellon
  • InfraGard- Guarding the Nation's infrastructure
  • SANS- System Administration, Networking, and Security Institute
  • FBI- Federal Bureau of Investigations
  • SARC- Symantec AntiVirus Research Center

We also rely on our users to let us know about unusual or somehow questionable content they receive via the Internet.

There is no foolproof protection as yet and there probably never will be so common sense is your best protection. If you don't recognize the name of the person that sent you the e-mail and it contains any kind of attachment, DON'T OPEN IT!

Be very stingy with the information you provide on the web and if you shop on the web, avoid unsecured pages at all costs (use the phone instead) and check your credit card statements carefully. Notify your bank if anything looks suspicious. They can investigate and let you know exactly who charged your account. Notifying them also protects you from liability!

For help with computer security concerns, contact Computer Support.