Apple released information about a vulnerability in iOS this past week wherein an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. This vulnerability is described in detail at the National Vulnerability Database and has received significant media coverage. The Information Security Office recommends that you update software on affected devices as soon as possible.
- Back up your device prior to updating.
- If you have an iPhone 4 and later, iPod touch (5th generation), iPad 2 or later, please upgrade to iOS 7.0.6. Apple does not support updating a device that is eligible for iOS 7 to iOS 6.1.6.
- If you have an iPhone 3GS or iPod touch (4th generation), please update to iOS 6.1.6.
- Update by opening your Settings app, navigating to the General tab, and selecting Software Update.
By performing this update you will help protect your personal privacy and security as you conduct business on-line, and you will also help protect the University's data.
Stanford's Vice President of Business Affairs recently announced a mandate for new minimum security requirements that include encryption of all computers and migration away from Windows XP. If you have a computer that cannot comply with the new requirements, you can request a compliance variance.
If you've just come from watching our security awareness video, you can find follow-up information on the welcome page.
Hackers scan computers accessible to the Internet approximately one million times/day in order to break into them. As an open research and education organization connected to the Internet, Stanford's network is accessible to almost anyone, including hackers.
If your computer is not properly secured or has weak passwords, hackers can:
- Delete, change, and/or steal your data
- Install spyware to monitor your keypresses, emails, IMs, or anything else (sometimes even microphone and camera)
- Use your computer as part of a 'botnet' to recruit other hacked computers and perform mischief like sending spam or attacking other computers (making you look like the attacker)
- Steal enough information to impersonate you for fun or profit (i.e., identity theft)
The front line defenses include:
- Strong passwords
- Proper security configuration(s) on your computer
- All security updates for your computer
The steps below will help you have a safe and happy computing experience at Stanford.
The Three A's of Computer Security
- Keep your computer up to date: BigFix
- Securing your desktop
- Securing your smart phone and tablet
- International Travel: ISO Recommendations
- Essential Stanford Software (antivirus, patch management, and so on)
- Third Party Security Requirements
- Secure email
- Requirements for Email servers and clients at Stanford
- Computer equipment transfer and disposal guidelines