The protection of information resources at McNeese State University is a high priority. The Information Security website is designed to educate the university community about technology policies and information security best practices, and equip students, faculty and staff with the tools needed to protect the information resources of the University, it's members and connected networks. McNeese State University is committed to implementing policies and encouraging best practices that do not impose on the University's established culture of openness, trust, and integrity.
Please read the Policies, Guidelines, and Laws Relating to Information Security.
McNeese will NEVER ask for account information via email. Messages about quotas, upgrades or maintenance are likely Phishing attempts.
Toner Phoner Scams
Telephone Scam About Printer Cartridges
Please be advised that a telephone scam is making its way around the campus offices. The caller identifies themselves as calling from purchasing and asks what type of printer and/or fax machine the office is using. Toner cartridges and an invoice are then sent to the McNeese Post Office. Departments are then responsible for returning the cartridges and receive notifications about unpaid invoices.
Please notify all staff and student workers that answer telephones about this scam. The McNeese Purchasing Department is not taking an inventory of printer/fax machine ink cartridges. Do not provide information and ask for a name and call back phone number.
Update: POODLE Vulnerability in SSLv3
CIS ADVISORY NUMBER: 2014-089 - Update
Vulnerability in SSLv3 Could Allow Information Disclosure
A vulnerability exists within the SSL version 3.0 protocol allowing an attacker to hijack and decrypt session cookies that are utilized between a user's web browser and the web site. Secure Sockets Layer (SSL) is a cryptographic protocol that is designed to provide secure network communication using X.509 certificates. This could lead to attackers temporarily impersonating web site visitor account logins and/or online payment systems.
There are currently no reports of these vulnerabilities being exploited in the wild.
- Any client or Web Server supporting SSLv3 protocol
- Large and medium government
ALERT: Microsoft Security Bulletins - October 2014
Microsoft Security Bulletin Summary for October 2014
Microsoft has released updates to address vulnerabilities in Windows, Office, Office Services and Web Apps, Developer Tools, .NET Framework, and Internet Explorer as part of the Microsoft Security Bulletin Summary for October 2014. These vulnerabilities could allow remote code execution, elevation of privilege, or security feature bypass.
US-CERT encourages users and administrators to review the bulletins and apply the necessary updates.
Primary Attack Vector: Specially crafted webpage
Publicly Disclosed: No
Assumptions: Some of these vulnerabilities would have to be used in conjunction with another vulnerability that allow remote code execution
Recommendations: Patch immediately after appropriate testing
Advisory Candidate: Yes