Categories: LIS Staff Interest, Middlebury Community Interest, Post for MiddNotes, Post for MiddPoints
Yesterday, LinkedIn’s official blog confirmed that a portion of their password database has been hacked and account passwords have been stolen. LinkedIn will be disabling the affected accounts and will email account holders further instructions for resetting the password. Visit the link above for more information about this process.
LinkedIn also published a set of recommendations for protecting your account: Updating Your Password on LinkedIn and Other Account Security Best Practices.
This seems like a good time to remind the community about Middlebury College’s Password Policy, which also contains a set of password standards. One of these standards states: i) Users must NEVER use the same password for Middlebury College accounts as for non-Middlebury College access.
Please remember that you can get up-to-date security tips and news from the LIS Information Security page.
Categories: LIS Staff Interest, Middlebury Community Interest
We advise our community to use Middfiles for all file storage needs. In fact, sensitive information should always be stored on Middfiles.
Dropbox, one of the most popular cloud storage providers, has had several security flaws and breaches over the past year:
- In June, for four hours, anyone could access anyone else’s Dropbox files.
- Three other separate security flaws (or holes) were found this summer.
- Furthermore, FTC found that Dropbox was misrepresenting their security measures and protocols.
- In addition, Dropbox had changed then clarified its Terms of Service within a matter of days.
That’s why we promote Middfiles for “cloud” storage needs. Do not hesitate to contact me if you have any questions around Dropbox, cloud storage or security. If you have questions specific to Middfiles, please visit our documentation page.
The Payment Card Industry Data Security Standard (PCI DSS v2.0) is a standard that has been accepted by all major credit card companies and most credit providers. It is a standard that we must abide by if we are to accept credit cards as a form of payment. PCI DSS is broken into 12 requirements; each focusing on a different domain of security.
While PCI DSS is not an actual law, it is a standard enforced by the credit card industry, and the banks have stated and upheld the policy that they will no longer accept business from non-PCI compliant merchants. The government has used the PCI DSS as a yardstick by which they have measured such regulations as Gram-Leach-Bliley, Sarbanes-Oxley, and most recently the drafting of the Data Accountability and Trust Act.
We employ a device called a Barracuda here at Middlebury which helps us prevent SPAM from flooding our email system. Just shy of a year ago this system was updated to enable it to filter on cardholder information. By default this feature was turned on. We have left this enabled and have begun reporting on these blocked messages and alerting the senders of outbound messages. The Barracuda is intended to serve both as a SPAM filter and a compliance tool.