Welcome to
Information Security

The Information Security Office provides leadership to the RIT community in safeguarding the confidentiality, integrity and availability of RIT’s  information resources.

Learn more »

Are you the
Weakest Link

Get information on how to safely remove private information from your devices and stay protected. The chain of security is in your hands.

Learn more »

Guard your
Private Information

The Private Information Management Initiative (PIMI) seeks to identify and reduce the amount of private information found on RIT computers and storage devices.

Learn More »

Learn more
InfoSec About Us Lock + Cable
Sentinel - Standards and Policies
,
Learn about
Phishing

The ongoing evolution of digital communication also brings about the evolution of scammers and their methods. Phishing is one kind of such fraud, in which the attacker masquerades as a reputable individual or group, in order to trick users into revealing their private information. Check out our resources to learn how not be baited and reeled in!

Learn more »

 
 

RIT Information Security Advisory: Possible Password Exposure from Cloudflare Memory Leak

Cloudflare, a web services and security company, has announced a massive memory leak that may have exposed user data for thousands of sites. If you have an account on an affected web site, your password may have been exposed.

What should I do to protect myself?

  • If you are using your RIT password at any non-RIT site, change your RIT password immediately.
  • DO NOT use your RIT password for non-RIT sites

 

Additional recommendations

  • Change your password at other sites affected by the Cloudflare memory leak. High visibility affected sites by the Cloudflare memory leak include yelp.com, glassdoor.com,
  • ... ...

RIT Information Security Alert: Unusual Activity in your Webmail

RIT faculty and staff received an e-mail Friday afternoon claiming activity in your webmail. The email claimed that RIT had detected something unusual about your account and provides a Review button. A copy of the phish is provided below.

Sample Phishing Email

From: RIT webmail [mailto:lauram615@optimum.net]

Sent: Friday, February 24, 2017 3:33 OM

Subject: Unusual Activity in your Webmail

Dear User, 

We detected something unusual about your account. To help keep you safe, we require an extra security update.

As part of our Security Agreement we have place your email on "Limitation"

Review Here >

*to learn how... ...

RIT Information Security Alert: Payroll Services Email Addresses Updated Phish

RIT faculty and staff received an email Friday afternoon purportedly from RIT Payroll Services. The email claimed that recipient email addresses had been updated and asked recipients to click on a link and fill out a form if they had not updated them. A copy of the phish is provided below.

RIT Information Security contacted the company hosting the page with the form. The company removed the form within 15 minutes.

Sample Phishing Email

From: Payroll Services <payroll@rit.edu>
Date: Feb 17, 2017 3:34 PM
Subject: Email addresses updated
To:
Cc: 

This email is... ...

RIT Information Security Advisory: Published Accounts of Hacker Breaching RIT

A Russian-speaking hacker provided a list to an online publication claiming that he had breached 63 different agencies and institutions. RIT was one of the institutions on the list.

The term “breach” is a bit of a misnomer. The attacker found what’s known as a SQL injection vulnerability in one student website hosted on people.rit.edu. A SQL injection vulnerability typically occurs when someone is able to enter unexpected data (such as commands) into a login field, gaining access to portions of the database to which they shouldn’t have access.

What RIT is Doing

RIT is remediating and verifying... ...

RIT Information Security Advisory: Tax Season Scams, Fraud Activity

Each tax season we hear of tax scams. The IRS issues many alerts about various scams and we've provided links to several of them below. As they did last year, cybercriminals are targeting tax professionals (and even payroll departments) to obtain identity information, buying and selling blocks of W2 information on the Dark Web. You can’t prevent the cybercriminals from obtaining your information from 3rd parties. However, you can better protect your information and lessen the possibility of being a victim of tax fraud.

Brian Krebs, a noted security expert and researcher, recommends the following steps:

  • File before the
  • ... ...