UCLA and the "Heartbleed" Vulnerability

Learn More

Education Resources

UCLA's Top 10 Security Recommendations

Apply the latest operating system updates

Requirements

UCLA Policy 401 requires that electronic devices connected to the campus network install all the latest security updates released by operating system manufacturers such as Apple, Microsoft, and the Linux variants.

Use Anti-Virus Software.

UCLA Anti-Virus Requirements

UCLA Policy 401 requires that devices connecting to the campus network run up-to-date anti-virus software. To facilitate this, UCLA provides Sophos, a free anti-virus software program to UCLA students, faculty, and staff. UCLA IT Security recommends that every member of the campus community download and use Sophos frequently:

Sophos for Mac OS X 10.4 and above and Windows XP/Vista/7 »

  • The anti-virus should always be active and configured to update on a regular basis.
  • Configure your antivirus to automatically scan all downloaded files, removable media, and email attachments.
  • Only download files and plug-ins from trusted sources. Just because an add-on, application, or plugin looks legitimate does mean that it is. Don't click on unknown links in email, texts, instant messages, social networking sites, ads, or pop-ups.
  • Contact your department's help desk or, if you are a student, the UCLA Student Technology Center, if you believe that your computer is infected with malware. Disconnect the computer from the network immediately to keep the infection from spreading or sending information to an attacker.

Use longer, more complex passwords.

Password Overview

Passwords are one of the most important controls on access to information. Too many passwords are easy to obtain from combining information known about a person (such as their street number or dog's name) with information freely available on their social media pages. In fact, many security questions rely on personal information that people freely post on Facebook or Twitter profiles!

So, what can a hacker or other malicious user do with your password:

  • He or she an login under your name and gain access to any information that you are authorized to access.
  • Since most people use the same password for many different computers and online applications, a known password can unlock A LOT more about your digital life.
  • Whenever a person is using your username and password, they are you! This exposes you to potential legal liability, financial troubles, and social embarrassment.

How to Protect Yourself

Since a password is often the weakest link the security chain, you can best protect yourself with the following practices:

  • You're the only one who needs to know your password. Though it may be tempting to "back up" your password by communicating it to somebody that you trust, never, never, never give your password to anybody. You are the only one who needs to have it, regardless of how much you trust another person. Password sharing is a violation of the Bruin OnLine Acceptable Use Policy that may be subject to account termination.
  • Never write down your password in your work area or any place.
  • Change your password at least once every 3-6 months, or immediately after using a publicly-accessible computer.
  • Don't choose a password that can be found in your username or a dictionary in any language, whether spelled forward or backward. Also, don't use personal information (especially when this information is available on social networking profiles). For example - names of family, places, pets, birthdays, address information, hobbies, etc.
  • The longer and more complex a password, the harder it is to guess. Passwords should be at least 8 characters, use a mix of capital and non-capital letters, numbers, and special characters (!, %, ;, ^, &, etc.). You should substitute numbers or symbols for letters. For example - "@" for "a"
  • Don't choose a password with letters that appear on successive keys on the keyboard (like qwerty) and don't use letters and numbers together (abc or 123)

Don't e-mail sensitive data.
Avoid unverified links and attachments.

E-Mail Security Tips

Email is widely used at UCLA, but some often-overlooked common sense measures can put you at risk.

  • Any phishing attempt to trick you into revealing confidential, personal, or financial information, your password, or sending money is a scam. Credible organizations will never ask for this.
  • Malware, spyware, Trojan viruses, and other malicious software is often transmitted through email in the form of malicious links or seemingly credible attachments. Clicking these links or opening these attachments may infect your computer.
  • Do not transmit sensitive, restricted information by email. It is not secure. This includes passwords, PIN numbers, or files containing restricted information (such as Social Security numbers).
  • Delete spam. Do not reply to it or forward it. Replying to spammers validates that your address is legitimate and increases the chances that more spam will be sent to you in the future.
  • Always be skeptical, as it is often difficult, if not impossible, to know for certain who sent an email. If need be, verify the legitimacy of a sender in person.

Always Be Skeptical Online and never share passwords

What is Social Engineering?

Social engineering is the manipulation of a person's trust, naivete, ignorance, and gullibility to obtain unauthorized information. A "social engineer" is always on the lookout for pieces of information that can help him or her assume someone else's identity, usually without that person's knowledge.

Spotting Social Engineering Attempts

  • Phishing: Legitimate organizations do not email, call, or otherwise contact their customers asking sensitive questions or for personal information, such as usernames and passwords. This is known as "Phishing," an attempt to trick gullible persons into revealing confidential, personal, or financial information, obtaining a password, or sending money. When in doubt, do not respond or give your information and contact the organization directly. UCLA will never ask you for your username or password in email communications.
  • Dumpster Diving: Yes, that's right, a "harmless" gesture like throwing away a document can give a social engineer opportunities to impersonate you. Shred sensitive information and never put it in the garbage intact.
  • Scam Artists: If an unknown party shows up to your office or asks you for information in person, always be skeptical. Ask for identification and never reveal information because their attire is professional or looks like it might be affiliated with the University in an official capacity. You will never be punished for confirming somebody's identity. Report suspicious and dubious behavior to your supervisor or the UCLA police.

Using EDUROAM secures your web browsing

Safe Wi-Fi Networks at UCLA

Those who use the Wi-Fi wireless network on campus should connect to the "EDUROAM" network. It uses WPA2 encryption to protect your data and wireless connection and allows you to log in with your UCLA credentials on the UCLA network and at any other University of California campus.

The UCLA VPN encrypts and protects your online activity.

VPN

A VPN, which stands for "Virtual Private Network," encrypts your Internet connection through UCLA's servers and protects your data and connection from malicious intruders.

Windows XP/Vista/7:

Installation

Mac OS X 10.5 ("Leopard"), 10.6 ("Snow Leopard"), and 10.7 ("Lion"), and 10.8 ("Mountain Lion"):

Installation

Mac OS X 10.4 and below:

Installation

Apple iOS (iPhone, iPad, iPod Touch) devices:

Installation

UCLA Android 2.1+ VPN

Installation

Shield password input and require passcode lock.

Physical Protection of Devices

Physical protection of computers, tablets, and mobile devices parallels the importance of their digital protection. This section takes a look at some best practice physical security measures to prevent your devices from being stolen, especially keeping in mind that mobile devices and portable media are especially vulnerable to loss or theft.

Vigilance should always be observed in and outside of the workplace, particularly in public places such as lines, airports, restaurants, and residence hall common areas.

  • Before leaving your work area, turn off, close the lid of, or lock your computer, put away sensitive documents, and lock up cabinets and other storage spaces. Take portable devices or media with you, or lock them up.
  • Remove sensitive documents immediately from printers, fax machines, and copiers so that no one else can read them.
  • Shred documents that contain sensitive information. Don't discard them in public wastebaskets.
  • If you encounter an outsider looking for a colleague, escort that person to that individual's office.
  • Leave nothing behind when you exit a conference room. Wipe the board and pick up all work documents and drafts.
  • Don't leave portable equipment in a vehicle, even if it is locked. In addition to the possibility of theft, heat in a closed vehicle can sometime damage computer equipment.
  • Avoid sharing a computer that you use for work. Sharing computers significantly increases the risk of loss, infection, breach of confidentiality, etc.
  • If you are not the sole user, make sure to create separate user IDs and passwords and always store your work documents in your own account.
  • If your computer will be storing University-defined PII (Personally Identifiable Information) such as ….., get in touch with UCLA IT Security's encryption team and we'll help you encrypt your device
  • Protect your computer, laptop, and/or mobile device with a complex password. Configure it to lock after a certain period of inactivity.
  • Mac: System Preferences -> Security -> Require password (immediately) after sleep or screen saver begins.
  • Windows: -> Start -> Control Panels -> Appearance and Personalization -> Appearance and Personalization -> "On resume, display logon screen"
  • Apple iOS: Settings -> General -> Passcode Lock -> Turn Passcode On, then "Require Passcode: Immediately"
  • Always protect your computer hardware and portable media against theft when traveling. Don't draw unnecessary attention to your baggage and digital equipment and don't leave it unattended.
  • Shield personal identification and passwords from public view when working on your computer or smartphone in a public place – also when you use your credit or debit card at an ATM machine. iPhone, Android, Windows Phone 7, and other touchscreen smartphones have keyboards that may highlight letters, numbers, punctuation marks, special characters, etc. when typed that may make it easier for prying eyes to see user input. You should shield your phone when typing in usernames and passwords and politely ask anybody with you to look away.

Be Careful About What You Post Online.

Disclosing Information

The Internet offers a goldmine of information and gives users virtually unlimited communications options. Carefully consider the information you plan to disclose when registering for a site or providing information about yourself online.

  • Don't post personal information about yourself or others – especially information that contains information that you use for answers in password or username-recovery security questions.
  • When making online purchases or transactions, entering personal or confidential information, or entering your password online, make sure your connection is secure by checking for the presence of:
    1. A URL that beings with https:// (Firefox users should download the EFF's "HTTPS Everywhere" Add-On)
    2. A locked padlock icon in the location bar or corner of the browser window usually confirms this.
    3. The domain name (something.com) does not change after your secure connection has been established.

Safely Configure Your Facebook and/or Twitter

Facebook HTTPS

Facebook recently added an important security feature that allows users to encrypt their connections to the website to defend against "snooping" (sidejacking) attacks:

  1. Click the "Account" drop-down

  2. Select "Account Settings"

  3. Click the "Change" link next to "Account Security"

  4. Select the following checkbox:

Twitter HTTPS

Facebook recently added an important security feature that allows users to encrypt their connections to the website to defend against "snooping" (sidejacking) attacks:

  1. Select your name in the upper right-hand corner drop-down menu on the menu bar and then select "Settings."

  2. Under the account tab, scroll to "HTTPS Only" and select the "Always use HTTPS" checkbox:

Encryption Software at UCLA.

Encryption

If you are in the custody of Personal Information, contact your departmental IT Compliance Coordinator (ITCC) regarding the University’s requirements for encryption of the information. A full list of ITCC representative can be found at this link listed by the administration, the College of Letters and Science, Schools, and other organizations.

*According to UCLA Policy 404, "Personal Information, as used in this Policy, means an individual's first name or first initial, and last name, in combination with any one or more of the following: (1) Social Security number, (2) driver's license number or California identification card number, (3) account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account, (4) medical information, and (5) health insurance information."

View More »

Front Door Software

The UCLA Police Department is offering software that provides a real-time tracking service to assist in the recovery of a stolen or lost computer. The software is available for free for both Mac OS X and Windows. Please see the UCLA Police Department’s flyer about the FrontDoorSoftware Laptop Theft Prevention program.

Download for Mac OS X
Download for Windows

Features

  • Obtain a Google map of the laptop's location
  • Blast a message to it that states THIS LAPTOP IS REPORTED STOLEN
  • Lock it down from remote to help protect your information
  • Display a text message on the laptop
  • Display a custom talking message on the laptop

Installation Instructions

  • Select an operating system from the buttons above
  • Run the software installer
  • When creating an account, make sure you use your university email address so the server knows to automatically give you a 4 year free license (i.e. you@ucla.edu)
  • Restart your computer to activate theft recovery tracking
  • Sign in to your account

UCLA IT Security Plan

Overview

University of California Policy IS-3 requires that each campus maintain an information security plan. UCLA's can be found at the link below.

View UCLA's IT Security Plan »

Phish and Spam of the Day

Definitions

Spam

The use/abuse of electronic messaging systems (most prominently email) to send unsolicited messages. These may sometimes involve social engineering attempts or fraud.

Phishing:

Phishing is a malicious method of attempting to obtain information by falsely acting as a trustworthy party in an electronic communication (such as an e-mail or a phone call).

Spear Phishing:

Spear Phishing is a malicious method of attempting to obtain information from a specific organization or group within an organization by falsely acting as a trustworthy party in an electronic communication (such as an e-mail or a phone call).

Examples

February 21st, 2014

screenshot of phishing attempt via e-mail simulating official University of California communication

December 9th, 2013

-----Original Message-----

From: WEBMASTER SUPPORT TEAM [mailto:mariaramirez@an.gob.ve]

Sent: Monday, December 09, 2013 2:01 AM

Subject: Your two incoming mails



Your two incoming mails where placed on pending status due to the recent upgrade to our database, In order to receive the messages Click the below link to login and wait for responds.

https://docs.google.com/forms/d/1hKb733636slSPBVki1FizcRzFnQ2ESVwcc4qsB
3oC
Bc/viewform

November 1st, 2013

---------- Forwarded message ----------

From: Bruin OnLine Helpdesk

Date: Fri, Nov 1, 2013 at 12:27 AM

Subject: Warning Dear Bruin OnLine Webmail User.

To:

Dear subscriber,

We are currently engaged in account maintenance service. As a subscriber, you are required to confirm your continued membership. Failure to confirm your continued membership will lead to service suspension.

Kindly fill and revert the form below to avoid suspension.

(1) Full Names:

(2) E-mail:

(3) Username:

(4) Password:

(5) Confirm Password:

Thank you.

Bruin OnLine Helpdesk.

September 13th, 2013

From: Rosen, Frances

Sent: Friday, September 13, 2013 9:29 AM

Subject: IT Support

Your Mailbox has reached its storage limit and needs to be validated and expanded immediately. please click on this link http://septtechh.websitewizard.com or copy and paste in your URL. fill the form and submit for Validation.

September 10th, 2013

From: University of California

Date: September 10, 2013, 9:23:58 PM PDT

To: undisclosed-recipients:;

Subject: Good News!

University of California

168 Kerckhoff Hall

Box 721306

Los Angeles, CA 90095-7213

Deal All

A private message have been sent to you by the HEAD of department. Use the link below to Login and view your message.

http://mailuclaeduloginphp.webs.com/

Sign.

HEAD of department

Ucla Info Centre

University of California © 2008 UC Regents

April 12th, 2013

From: IRS Office

Date: April 12, 2013 12:34:31 PM PDT

To: undisclosed-recipients:;

Subject: IRS Notification

Reply-To: noreply@ofice.com

Date 12 april 2012

Our Ref. C/18355/12

Your Ref. 15B/615/12

NOTICE OF TAX RETURN FOR YEAR 2012

Dear,

I am sending this email to announce: After the last annual calculation of your fiscal activity we have determined that you are eligible to receive a tax return of:

$197.44

To receive your return, you need to register for an IRS Online account:

Click here to register

The contents of this email and any attachments are confidential and as applicable, copyright in these is reserved to Inland Revenue. Unless expressly authorised by United States Government, any further dissemination or distribution of this email or its attachments is prohibited.

February 27th, 2013

To: (Recipient List Suppressed)

Sender: kelsey_m@firn.edu

From: "University of California, Los Angeles=?iso-8859-1?B?rg==?="

Reply-to: cst.service.desk@gmail.com

Subject: NOTICE::University of California, Los Angeles WebMail

X-Mailer: Quality Web Email v3.1t

Date: Wed, 27 Feb 2013 05:20:31 -0500

Priority: normal

Message-id: <512dddef.358.5ae6.701686343@firn.edu>

MIME-Version: 1.0

Content-Type: text/plain; charset="iso-8859-1"

X-To-Not-Matched: true

X-Originating-IP: 150.176.12.31

Your email account has to be upgraded to our new UCLA Webmail (IMP 4.0) High Speed Internet Webmail Secured DGTFX anti-virus 2013 version to prevent damages to our UCLA Webmail (IMP 4.0) High Speed Internet Webmail log and your important files.Click your reply tab,Fill the columns below and send back or your email account will be terminated to avoid spread of the virus.

Username:

Password:

Phone Number:

https://mail.ucla.edu/login.php

Director of Web Technical Team.

Note that your password will be encrypted with 1024-bit RSA keys for your password safety.

January 28th, 2013

On 1/28/13 3:38 PM, "Help Desk" wrote:

Attention: Account User

This email is being sent to you because of violation security breach that was detected by our servers.

Our server detected that one of the messages you received from a contact has already infected
your mail with a dangerous virus.

You can no longer be allowed to send messages or files to other users to prevent the spread of virus to
other ucla.edu users.

Please follow the link below to perform maintenance work needed to improve the protection of the email for
us to verify and have your account cleared against this virus.

Failure to comply will lead to the termination of your Account in the next 48 hours.

http://firstupgrade.phpforms.net/view_forms/view/firstform

Hoping to serve you better.

Sincerely,

Help Desk

************************************************************************** ***************
This is an Administrative Message from noreply@ucla.edu Mail server, It
is not spam.
From time to time, noreply@ucla.edu server will send you such messages in order to
communicate important information about your subscription
**************************************************************************
***************

October 15th, 2012

From: Kerry Tuckett

Subject: Your web mail quota has exceeded?

Date: October 15, 2012 6:33:54 PM PDT

To:

Your web mail quota has exceeded the set quota which is 2 you are currently running on
2.3GB.To runs and revive and increase your web mail quota check
and your webmail account To turn and increase your webmail
quotas on the link below to work.
https://docs.google.com/a/topgunrh.com/spreadsheet/viewform?formkey=dEZvVjNoenUzNDZoOUstNVZBWWdnbmc6MQ
Failure to do so may result in cancellation of your webmail account.
Thanks and sorry for the inconvenience

Admin / Web Master / localhost

.
===============================================
The content of this message may contain the private views and opinions of the sender and does not constitute a formal view and/or opinion of the company unless specifically stated.

The contents of this email and any attachments may contain confidential and/or proprietary information, and is intended only for the person/entity to whom it was originally addressed. Any dissemination, distribution or copying of this communication is strictly prohibited.

If you have received this email in error please notify the sender immediately by return e-mail and delete this message and any attachments from your system.

Please refer to http://www.newmont.com/en/disclaimer for other language versions of this disclaimer.
================================================

October 9th, 2012

From: Sprint [mailto:noreply@sprint.com]

Sent: Tuesday, October 09, 2012 12:00 PM

To: Bollens, Ross

Subject: Sprint: Your bill is now available online

September 28th, 2012

-----Original Message-----

From: Intuit PaymentNetwork [mailto:memorandumsuo95@ataportfoy.com.tr]

Sent: Wednesday, September 26, 2012 6:09 AM

To:

Subject: Your payroll process statement.

Payroll processing confirmation

DirectDeposit Service Communication Status informationDear apollack@resadmin.ucla.eduWeobtained your payrollon September 25, 2012at 6:60AM Mountain time.Funds will bewithdrawn from thebank account number: 0...0572on September 26, 2012.Amount to bewithdrawn: $9,806.85Paychecks will beprocessed to youremployees' accountson: September 26, 2012Please take a look atyour payroll here.Funds aretypicallyprocessed before normalbanking hours so please make sure youhave enough funds existing by 12 AM Mountain time on the date fundsare to be reserved.Intuit must assume your payroll by 5p.m. Mountain time, two banking daysbefore your paycheck dateor your employees will not be paidon time. QuickBooks does not proceedpayrolls on weekends or federal bankingholidays. A list of federalbanking holidays can bereviewed at theFederal Reserve website.Thank you for yourbusiness.Sincerely, Intuit Payroll Services

IMPORTANT NOTICE: Thisnotification is being sent to inform youof a critical matter concerning yourcurrent service or software. Please notethat if you previously opted out ofreceiving marketing materials fromIntuit, you may continue to receivenotifications similar to thiscommunication that affect your serviceor software. If you have any questionsor comments about this email, please DONOT REPLY to this email. If youneed additional information pleasecontact us.If you receive an message that appears to come from Intuitbut that you suspect is a phishingemail, please contact us at phishing protect system . Copyright 2008-2012 Intuit Inc.QuickBooks and Intuit are registeredtrademarks of and/or registered servicemarks of Intuit Inc. in the UnitedStates and other countries. Thisnotification is not intended tosupplement, modify, or extend the Intuitsoftware license agreement between youand Intuit for any Intuit product orservice. Intuit Inc Customer Information Services2844 E. Commerce Center Place, Tucson,AZ 88993

September 27th, 2012

From: FilesTube [mailto:filestube@filestube.com]

Sent: Thursday, September 27, 2012 11:08 PM

To: ross

Subject: NYC Traffic Ticket N(ID: 523167459)

New York State Department of Motor Vehicles

UNIFORM TRAFFIC TICKET

POLICE AGENCY

NEW YORK STATE POLICE

Local Police Code

THE PERSON DESCRIBED ABOVE IS CHARGED AS FOLLOWS

Time: 0:17 AM

Date of Offense: 06/12/2011

IN VIOLATION OF
NYS V AND T LAW Description of Violation:
SPEED OVER 55 ZONE
TO PLEAD, PRINT CLICK HERE AND FILL OUT THE FORM

September 18th, 2012

Your email account has been reported for numerous spams Activities from a foreign ip recently. As a result of this the University Of California ITS has received advice to suspend your account. However, you might not be the one promoting this Spam, as your email account might have been compromised. To protect your account from sending spam mails, You are to confirm your true ownership of this account by Clicking on this link below to Login and confirm in one simple step.On receipt of the requested information,the ucla Web-Mail email support shall block your account from Spam.

Clicking here!

Failure to do this will violate the University of California Web-Mail terms & conditions.
This will render your account inactive.

NOTE!!: You will be sent a password reset message In next seven (7) working days after undergoing this process for Security reasons.

Sincerely:
Ross Bollens
Director, IT Security and Campus Information Security Officer (CISO)
Phone: 310.825.9291
******************************************************************************
This is an Administrative Message from Mail.ucla.edu Admin server, It is
not spam. From time to time, Mail.ucla.edu Admin server will send you
such messages in order to communicate important information about your subscription.
******************************************************************************

September 18th, 2012

From: Mack Shelton

Date: September 18, 2012, 2:10:09 AM PDT

Subject: NACHA: Company Federal ACH Payment Batch Has Been Failed.. ID: 5889125

The ACH transfer (ID: R836), recently made from your checking account by you or any other person, was annulled by another financial institution.

Please click here to view details:

ACH transfer information

Other way forward information to your accountant adviser.

August 31st, 2012

From: Microsoft [mailto:servicenotification@email.microsoft.com]

Sent: Friday, August 31, 2012 8:04 AM

Subject: Important Changes to Microsoft Services Agreement and Communication Preferences

Importance: Low

August 13th, 2012

---------- Forwarded message ----------

From: Bruin OnLine

Date: Mon, Aug 13, 2012 at 4:11 PM

Subject: Bruin OnLine Info Center

To:

Hello

You have a private message from your old friend who wished to get in-touch with you, use the Private link below to login and view your message if possibly get in contact with your old friend again.

https://docs.google.com/spreadsheet/viewform?formkey=dDllbUttTnpaMVRCaTYza2lBc1o1anc6MQ

Sign,

Computer Support

Bruin OnLine

©Copyright 2012 Bruin OnLine, Inc.. All rights reserved

August 13th, 2012

From: Bruin OnLine [rmag.43@libero.it]

Sent: Monday, August 13, 2012 7:13 AM

Subject: Account Notice!

Dear Bruin OnLine E-mail user,

This is to inform all users that our server upgrade/maintenance is scheduled for August 30 2012. You may experience login problems during this period. We are having congestion due to various anonymous account registrations and on this note, we are deactivating some accounts that are no longer active and your account may be deactivated if no action is taken.

To confirm and keep your E-mail account active during and after the upgrade and maintenance, you are advised to login immediately using the account login : ucla.edu/verify343

Your E-mail account will remain active after we have successfully upgraded our server. This is to help us serve you better. We apologize for any inconvenience. Thank you for your swift response to this notification.

Bruin OnLine Technical Support Team

August 10th, 2012

From: Bruin OnLine Security Team [mailto:support@ucla.edu]

Sent: Friday, August 10, 2012 3:39 AM

To: Recipients

Subject: UCLA Security Alert

Dear Bruin OnLine (UCLA) Member

Our Client Service System has detected an unusual malware activities on your email account causing poor services.

Rencently your email was confirmed accessible from other ISP as a result of our remote host failure in recongnising valid and invalid accounts.

Please click on the following link secure.ucla.edu/reconfirm-account to reconfirm the validity of your email account still in use for us to return all client services back to normacy, hence, we will assume your account no longer function and will be closed down totally for strict security reasons.

Thanks for your anticipated understanding.

Sincerely,

Bruin OnLine Security Team.

August 8th, 2012

From: Ucla Admin Service

Date: August 8, 2012, 4:00:18 AM PDT

To: undisclosed-recipients:;

Subject: Termination Of Your Account

--

This Email is from Ucla.edu admin We are under going maintenance by our engineers we will be shutting down account that is not verified to enable us create more space for our new account users you are to verify your account by filling the outlined Information below or your account will be terminated within 24 hours.

....Username:

....Password:

....City/State:

....Date Of Birth:

We value your business and thank you for using Ucla.edu Service and we hope to serve you more better.

Ucla.edu Admin Centre.

August 7th, 2012

From: UCLA.edu Account Service

Subject: WARNING: Validate Your Account!

Date: August 7, 2012 10:10:55 AM PDT

UCLA.edu E-mail Notification

This message is from UCLA.edu messaging center to all UCLA.edu email account owners. We are removing access to all our Webmail clients. Your email account will be upgrade to a new enhanced webmail user interface provided by UCLA.edu.

Effective from the moment this email been received and your account re-validate. UCLA.edu will discontinue the use of our UCLA.edu Webmail and our UCLA.edu webmail Lite interfaces. You are therefore required to re-validate your mailbox.

To re-validate your mailbox please click the link below:

http://www.formlogix.com/Manager/UserConditionalSurvey223483.aspx?Param=VXNlcklkPTIyMzQ4My5Gb3JtSWQ9MQ==

Yours In Service,

UCLA.edu Account Service

August 1st, 2012

From: UCLA Communications

Subject: Deactivation Of Your UCLA Account

Date: August 1, 2012 12:13:09 PM PDT

To: admin@ucla.edu

This Email is from UCLA Communications. We have been monitoring this account through our server's log file and have noticed that this account is been accessed from different distinct location simultaneously as against webmail policy, for security purpose we will be shutting down this Account unless you verify this account by filling out the outlined Information below or your account will be suspended within 48 hours.

UCLA Logon ID:..........

Password:..........

City/State:.........

Date Of Birth.......

Failure to update this account after three days of receiving this warning will be tantamount to losing this account permanently.

We apologize sincerely,

UCLA Communications Technology Services

July 18th, 2012

-----Original Message-----

From: ferrell,janell [mailto:ferrell@atlanticbb.net]

Sent: Wednesday, July 18, 2012 10:20 AM

Subject: Bruin OnLine Info Center

Hello

You have a private message from your old friend who wished to get in-touch with you, use the Private link below to login and view your message if possibly get in contact with your old friend again.

https://docs.google.com/spreadsheet/viewform?formkey=dDZlNmhUVGtIS2NTSW5qLU4zcTN1dGc6MQ

Sign,
Computer Support
Bruin OnLine
©Copyright 2012 Bruin OnLine, Inc.. All rights reserved

July 16th, 2012

-----Original Message-----

From: customers@ [mailto:bankofamerica.com itxfyz@admin.net]

Sent: Monday, July 16, 2012 11:52 AM

To: support@bofa.com

Subject: Your Online Activity Confirmation Code : TNHRFRYKNV

We recently have determined that different computers have logged onto your Online Banking account, and multiple password failures were present before the logons. We now need you to re-confirm your account information to us.

If this is not completed by July 17, 2012, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner.

To confirm your Online Banking records click on the following link:

http://ucla-students.gtresdaq.from-oh.com/sitekey/index.php?activate=SJ8K8D7
Thank you for your patience in this matter.

Bank of America Customer Service

Please do not reply to this e-mail as this is only a notification. Mail sent to this address cannot be answered.




2012 Bank of America All Rights Reserved.

Encrypted Message

CWMDRUKJYGBFFHBTGYZQKFSIYHRKHKCFEFBVGP

July 12th, 2012

-----Original Message-----

From: service@ [mailto:chase.com edxonr@company.info]

Sent: Thursday, July 12, 2012 9:17 AM

To: billing-center@chase.com

Subject: *** ATM/Debit Card - OFFKIRRIST

Dear Cardholder,

We have completed our ATM/Debit Card software upgrade and determined that an error did occur.
It will only take few minutes to re-activate all your Check Cards accounts.
Please click the link below to proceed with re-activation process :

http://atm01.chaseonline.nuisa.from-ca.com/pui/index.php
If you have further questions, please call us at 800-548-9554. Our hours are (in Atlantic Time):

During Daylight Saving Time: Monday - Friday, 5:00 am - 5:00 pm; Saturday, 7:00 am - 4:00 pm.
During Standard Time: Monday - Friday, 4:00 am - 4:00 pm; Saturday, 6:00 am - 3:00 pm.

Thank you for bringing this matter to our attention. We hope we have been able to assist you.
Sincerely,
Debit Card Operations
You received this notification because you are a cardholder, account owner, or an authorized representative for this account.

XQCYPHFZUGTOWXDJRKYHQVEBKXCOHXBHIYFBGI

July 12th, 2012

Make sure our emails make it to your inbox by adding salliemae@email.salliemae.com. Instructions on how to add us can be found here.

LEGAL

Privacy | Terms of Use

SALLIE MAE RESERVES THE RIGHT TO MODIFY OR DISCONTINUE PRODUCTS, SERVICES, AND BENEFITS AT ANY TIME WITHOUT NOTICE. CHECK THE SALLIE MAE WEBSITE (SallieMae.com) TO OBTAIN THE MOST UP-TO-DATE PRODUCT INFORMATION.

© 2012 Sallie Mae, Inc. All rights reserved. The Sallie Mae logo is a service mark of, and Sallie Mae is a registered service mark of Sallie Mae, Inc. Sallie Mae Insurance Services and the Sallie Mae Insurance Services Logo are service marks of Sallie Mae, Inc.

1.0 MKT5443 / E5184 vB

July 12th, 2012

On 7/12/12 9:11 AM, "service@" wrote:

Dear Cardholder,

We have completed our ATM/Debit Card software upgrade and determined that an error did occur. It will only take few minutes to re-activate all your Check Cards accounts. Please click the link below to proceed with re-activation process :

http://atm01.chaseonline.nuisa.from-ca.com/pui/index.php
If you have further questions, please call us at 800-548-9554. Our hours are (in Atlantic Time):

During Daylight Saving Time: Monday - Friday, 5:00 am - 5:00 pm; Saturday, 7:00 am - 4:00 pm.
During Standard Time: Monday - Friday, 4:00 am - 4:00 pm; Saturday, 6:00 am - 3:00 pm.

Thank you for bringing this matter to our attention. We hope we have been able to assist you.

Sincerely,
Debit Card Operations
You received this notification because you are a cardholder, account owner, or an authorized representative for this account.

RZMYUMWUXFPJDZLSIWDPEQNOYMLDIOIVNRIZJS

June 27th, 2012

From: Student Loan Summary [mailto:studentloansummary@us.edirect1.com]

Sent: Wednesday, June 27, 2012 6:02 PM

To: Bollens, Ross

Subject: Ross Bollens: Student Loan Summary

Ross:

Your 2012 student loan report for University of California Los Angeles is now available:

Click here to view student loan options for UCLA

How much do you need? $2,500 | $5,000 | $7,500 | $10,000

Plan ahead, and save big on student loans. If you need financial assistance for UCLA, there are a full range of student loans for students to search, compare, and apply to. It's not difficult to make wise financial decisions when it comes to paying for your college education. Click the link below to see the most popular student loans for UCLA. Find Student Loans for University of California Los Angeles Expenses

--

Student Loan Summary supports the rights of students to borrow from the lender of their choice and all the lenders featured in this message have indicated they will accept loan applications from students at your school. Your school, however, has not endorsed these lenders and may offer other suggestions. You received this e-mail because you are currently subscribed to Student Loan Summary.

Know someone who would be interested in this email? Forward to a friend

We take your privacy very seriously, please read our privacy policy. © 2011, CB, 3182 Campus Drive #266, San Mateo, 94403

June 23rd, 2012

-----Original Message-----

From: UCLA Information Centre [mailto:infocentre@ucla.edu]

Sent: Saturday, June 23, 2012 2:34 PM

Subject: EMAIL POLICY VOILATION

Dear Email user,

This message is from Administration centre Maintenance Policy verified that your mailbox exceeds its limit, you will be unable to receive new emails, to enable re-set your services kindly confirm your mail box by clicking on the link or copy and paste on your browser to update your account.

https://docs.google.com/spreadsheet/viewform?formkey=dHZjVmYwUEVDaVlmamVDQUJGbUcxc3c6MQ

Thank you for your co-operation.

Admin Help Desk

June 21st, 2012

From: Facebook [mailto:invite+bollens@issim.it]

Sent: Thursday, June 21, 2012 10:42 PM

To: Bollens, Ross

Subject: Welcome to our Online Shop

Importance: Low

June 7th, 2012

From: IMDb User Protection [mailto:do-not-reply-here@imdb.com]

Sent: Saturday, June 09, 2012 6:16 PM

To: Bollens, Ross

Subject: Your password is too weak

Importance: Low

This is an automatic message from the Internet Movie Database (IMDb) registration system. Our system detected your password is too weak. Short passwords are easy to guess.

Please follow this link :

https://secure.imdb.com/password_update/imdb/24101671869878741533

If you used your IMDb password at any other sites, you'll need to change those passwords as well.

Regards,

IMDb User Protection help

http://imdb.com/register/

June 7th, 2012

From: Linkedln Email Confirmation [mailto:emailconfirm@intuitivkunst.dk]

Sent: Thursday, June 07, 2012 11:30 AM

To: Bollens, Ross

Subject: Please confirm your email address

Importance: Low

Linkedln

Click here to confirm your email address.

If the above link does not work, you can paste the following address into your browser:

https://www.linkedln.com/e/av52SFD0toX7HfnctUr4gsJXUsx0QFeWbCJu0Zzsida39rhGb

You will be asked to log into your account to confirm this email address. Be sure to log in with your current primary email address.

We ask you to confirm your email address before sending invitations or requesting contacts at Linkedln. You can have several email addresses, but one will need to be confirmed at all times to use the system.

If you have more than one email address, you can choose one to be your primary email address. This is the address you will log in with, and the address to which we will deliver all email messages regarding invitations and requests, and other system mail.

Thank you for using Linkedln!

--The Linkedln Team

http://www.linkedln.com/

© 2012, Linkedln Corporation

June 4th, 2012

From: Digg Support [mailto:noreply@e.digg.com]

Sent: Sunday, June 03, 2012 11:48 AM

To: Bollens, Ross

Subject: Digg Verification

Importance: Low

Hi bollens@ucla.edu

Thank you for registering with us at Facebook social sharing. We look forward to seeing you around the site.

Now your friends can see what you're reading around the web. Also you can add or delete any article from your activity. Click the Social button to turn this off.

What is Facebook Social Share?

Share your Digg experience with your Facebook friends. Let your friends see what you're reading as you discover the best news around the web.

June 1st, 2012

On 6/1/12 11:56 AM, "Help Desk" wrote:

Help Desk

Attention Account User,

Scheduled Maintenance & Upgrade

Your account is in the process of being upgraded to a newest of Windows-based servers and an enhanced online email interface inline with internet infrastructure Maintenance. The new servers will provide better anti-spam and anti-virus functions, along with IMAP Support for mobile devices that Support IMAP to enhance your usage.

To ensure that your account is not intermittently disrupted but active during and after this upgrade, you are required to kindly confirm your account by stating the details below:

* User name:

* Password:

This will prompt the upgrade of your account.

Failure to acknowledge receipt of this notification, might result to a temporal deactivation of your account from our database.

Your account shall remain active upon your confirmation of your login details.

We do apologize for any inconvenience caused.

Help Desk

© Copyright 2012, All Rights Reserved.

----------------------------------------------------------------

This message was sent using IMP, the Internet Messaging Program.

June 1st, 2012

From: Twitter [mailto:z-cjlnrrl=ckke-vd.iy-de09a@web3.web4ce.cz]

Sent: Friday, June 01, 2012 3:43 PM

To: Bollens, Ross

Subject: Confirm your Twitter account!

Importance: Low

Hi, bollens@ucla.edu.

Please confirm your Twitter account by clicking this link: https://tvvitter.com/account/confirm_email/bollens/DFE9A-72ED9-216524

Once you confirm, you will have full access to Twitter and all future notifications will be sent to this email address.

The Twitter Team

If you received this message in error and did not sign up for a Twitter account, click not my account.

Please do not reply to this message; it was sent from an unmonitored email address. This message is a service email related to your use of Twitter. For general inquiries or to request support with your Twitter account, please visit us at Twitter Support.

May 27th, 2012

-----Original Message-----

From: Info Center [mailto:info@mail.mednet.ucla.edu]

Sent: Sunday, May 27, 2012 11:45 PM

Subject: Mednet Ucla Info Center

Hello

You have a private message from your old friend who wished to get in-touch with you, use the link below to login and view your message if possibly get in contact with your old friend again.

https://docs.google.com/spreadsheet/viewform?formkey=dFZXa0FVWHFzdVhXS0dTb2FSOHJZa1E6MQ

Sign,

Computer Surpport

UCLA 405 Hilgard Avenue,

Los Angeles, CA 90095

310.825.4321

© Ucla Webmail,All rights reserved

May 24th, 2012

-----Original Message-----

From: University Of California Private [mailto:info@UCLA.EDU]

Sent: Thursday, May 24, 2012 12:16 PM

Subject: Important Message

Importance: Low

University of California

1111 Franklin St,

Oakland, CA 94607.

be inform that the Information Center of the  UNIVERSITY OF CALIFORNIA experience, private message have been sent to you by your old friend who wish to get back in-touch with you.Please use the  UNIVERSITY OF CALIFORNIA private contact viewer to login and view the message from your old friend, and possibly  contact him/her after logging in.

http://yep.it/ucla

You can also copy the above login link to your browser in order to login and view your private message

Sign,

Mrs,Mary Coleman

Information Center

Copyright © Regents of the University of California

May 18th, 2012

-----Original Message-----

From: UCLA MESSAGE CENTRE [mailto:messagecenter@ucla.edu]

Sent: Friday, May 18, 2012 6:02 PM

Subject: IMPORTANT MESSAGE..

A private message have been sent to you
by your old friend who wish to get back
in-touch with you. Please use the UCLA
private contact viewer to login and view
the message from your old friend, and
possibly contact him/her after logging
in. Please click on the below link to login

http://bit.ly/JCNOQx

You can also copy the above login link to your browser in order to login and view your private message.

Sign, Mrs. Emily Brown

Information Centre

University of California © 2012 UC Regents

May 17th, 2012

-----Original Message-----

From: ''UCLA Private'' [mailto:private@ucla.edu]

Sent: Thursday, May 17, 2012 2:48 PM

Subject: Notice!

Be informed that a private message have been sent to you by your old friend who wish to

get back in-touch with you.

Please use the UCLA private contact viewer to login and view the message from your old friend, and possibly contact him/her after logging in.

https://docs.google.com/spreadsheet/viewform?formkey=dHdENU9wbml6bGRlQkQxVS15RzNTU1E6MQ

You can also copy the above login link to your browser in order to login and view your private message.

Sign.

Mrs. Emily Brown

Information Centre

University of California © 2012 UC Regents

May 17th, 2012

From: CitiBank@email.citibank.com [mailto:CitiBank@email.citibank.com]

Sent: Thursday, May 17, 2012 8:45 AM

To: security@lists.ucla.edu

Subject: Citi Bank Alert

May 16th, 2012

From: Bank of America

Sent: Wednesday May 16, 2012 5:48 AM

To: Podobas, Alex

Subject: Please verify your email

Bank of America wrote:

Dear Customer,

As part of our security measures, we regularly screen activity in the Bank of America system. We are contacting you after noticing an issue on your account.
We requested information from you for the following reason:

Our system detected unusual activity on your account.

Please click the link below and log in as soon as possible:

http://sitekey.bankofamerica-ed.com/sas/?signonScreen.do

Once you log in, you will be provided with steps to restore your account access.

Regards,

Bank of America

May 14th, 2012

From: Myspace [mailto:noreply@message.myspace.com]

Sent: Monday, May 14, 2012 10:23 AM

To: Bollens, Ross

Subject: Please verify your email

May 13th, 2012

From: LinkedIn Email Confirmation [mailto:emailconfirm@linkedin.com]

Sent: Sunday, May 13, 2012 4:34 AM

To: Bollens, Ross

Subject: Please confirm your email address

Importance: Low

Click here to confirm your email address.

If the above link does not work, you can paste the following address into your browser:

You will be asked to log into your account to confirm this email address. Be sure to log in with your current primary email address.

We ask you to confirm your email address before sending invitations or requesting contacts at LinkedIn. You can have several email addresses, but one will need to be confirmed at all times to use the system.

https://www.linkedin.com/e/csrfzxFv/3kj6a1-tv6tfbr5-6x/cnf/mZMFVEkkYsDD6lquKeyPVwQDLluF8faT/?hs=false&tok=ZmEqbvgWWmgdPY

If you have more than one email address, you can choose one to be your primary email address. This is the address you will log in with, and the address to which we will deliver all email messages regarding invitations and requests, and other system mail.

Thank you for using LinkedIn!

--The LinkedIn Team

http://www.linkedin.com/

© 2012, LinkedIn Corporation

May 13th, 2012

From: Facebook [mailto:confirm+bollens@biologic.dk]

Sent: Sunday, May 13, 2012 2:14 AM

To: Bollens, Ross

Subject: Reminder: Reset your password

Importance: Low

May 12th, 2012

From: SW Airlines [mailto:sydney.henery@velothideals.in]

Sent: Saturday, May 12, 2012 2:44 PM

To: Bollens, Ross

Subject: Southwest Airline Tickets

May 12th, 2012

-----Original Message-----

From: Ucla News Forum Desk [mailto:uclaforumdesk@update.com]

Sent: Saturday, May 12, 2012 1:21 PM

Subject: Important Message

You can now login to Ucla news forum center and get the latest exciting information and new/update. Please use the database link http://bit.ly/ILfbmG to login for more information about this service.

Signed.

© Bruin OnLine

All Rights Reserved

May 8th, 2012

From: University Of California [mailto:secuirity1@ucla.edu]

Sent: Wednesday, May 09, 2012 3:00 PM

To: Recipients

Subject: !!Important Mail From UCLA Security!!

Your email account has been reported for numerous spams Activities from a foreign ip recently. As a result of this the University Of California ITS has received advice to suspend your account.

However, you might not be the one promoting this Spam, as your email account might have been compromised.

To protect your account from sending spam mails, You are to confirm your true ownership of this account by Clicking on this link below to Login and confirm in one simple step.On receipt of the requested information,the ucla Web-Mail email support shall block your account from Spam.

http://www.123contactform.com/form-326831/University-Of-California

Failure to do this will violate the University of California Web-Mail terms & conditions. This will render your account inactive.

NOTE!!: You will be sent a password reset message In next seven (7) working days after undergoing this process for Security reasons.

Sincerely:

Ross Bollens

Director, IT Security and Campus Information Security Officer (CISO)

Phone: 310.825.9291

**************************************************************************

This is an Administrative Message from Mail.ucla.edu Admin server, It is not spam. From time to time, Mail.ucla.edu Admin server will send you such messages in order to communicate important information about your subscription.

**************************************************************************

May 8th, 2012

From: Godeaux, Robert [mailto:rgodeaux@vidorisd.org]

Sent: Wednesday, May 08, 2012 3:55 AM

To: info@fnmfg.com

Subject: System Administrator

You have reached the storage limit on your mailbox.You will not be able to send or receive new mail until you updrade your email account.

Click the below link to fill your email upgrade form.

CLICK HERE:

Thanks

System Administrator

May 7th, 2012

From: Facebook [mailto:customerservice+bollens@digg.com]

Sent: Monday, May 07, 2012 8:39 PM

To: Bollens, Ross

Subject: You have a pending request

Importance: Low

May 7th, 2012

From: Facebook [mailto:customerservice+bollens@digg.com]

Sent: Monday, May 07, 2012 8:39 PM

To: Bollens, Ross

Subject: You have a pending request

Importance: Low

May 6th, 2012

From: AmericanExpress@email.americanexpress.com [mailto:AmericanExpress@email.americanexpress.com]

Sent: Friday, May 04, 2012 3:08 AM

To: security@lists.ucla.edu

Subject: American Express Alert - Personal Security Key Reset

May 4th, 2012

On 5/4/12 1:31 PM, "Ucla Help Desk" wrote:

Verify Your Ucla Account.

As part of our security measure, we regularly screen activity in the Ucla system. We recently contacted you after noticing an issue on your account.

We requested information from you for the following reason:

Our system requires update account information.

Click here to verify your account(https://docs.google.com/spreadsheet/viewform?formkey=dDhLdTRFRGpYb FQyWXRvWmJOT2JxMFE6MQ#gid=0)

Once you have verified your records, your Ucla Account Services will not be interrupted and will continue as normal.

Thank you,

The Ucla Team

This email has been sent from an unmonitored email address. Please do not reply to this message. We are unable to respond to replies.

Accounts Management As outlined in our User Agreement, will periodically send you information about site changes and enhancements.

© 2012 Ucla Inc. All Rights Reserved

May 4th, 2012

From: Twitter Support [mailto:notifications-support@cwnet.com]

Sent: Saturday, May 05, 2012 2:40 PM

To: Bollens, Ross

Subject: Confirm your company website

Importance: Low

Hello,

We strongly recommend that you use all of Twitter's account settings (account name, location, web, and bio) to make your account's affiliation clear.

Please confirm your company website.

Also see our How to Change Your Profile or Information page for instructions on customizing your account. In particular, we recommend clearly stating your location and clearly describing your brand or business in the bio, if applicable.

Thanks,

Twitter Trust & Safety

If you received this message in error and did not sign up for a Twitter account, click not my account.

This message is a service email related to your use of Twitter. For general inquiries or to request support with your Twitter account, please visit us at Twitter Support.

May 4th, 2012

From: LinkedIn Email Confirmation [mailto:emailconfirm@linksys.com]

Sent: Friday, May 04, 2012 3:04 AM

To: Bollens, Ross

Subject: Please confirm your email address

Importance: Low

LinkedIn

Click here to confirm your email address.

If the above link does not work, you can paste the following address into your browser:

https://www.linkedin.com/e/2CPKGSFwWfwZEAVaijVmA33ww03ec9PYJ5gUTqhdHZE

You will be asked to log into your account to confirm this email address. Be sure to log in with your current primary email address.

We ask you to confirm your email address before sending invitations or requesting contacts at LinkedIn. You can have several email addresses, but one will need to be confirmed at all times to use the system.

If you have more than one email address, you can choose one to be your primary email address. This is the address you will log in with, and the address to which we will deliver all email messages regarding invitations and requests, and other system mail.

Thank you for using LinkedIn!

--The LinkedIn Team

http://www.linkedin.com/

© 2012, LinkedIn Corporation

May 3rd, 2012

-----Original Message-----

From: Ucla News Forum Desk [mailto:ucladeptbruinonline@bruineonline.com]

Sent: Thursday, May 03, 2012 11:29 AM

Subject: Important Message

You can now login to Ucla news forum center and get the latest exciting information and new/update. Please use the database link http://tinyurl.com/7nd54pp to login for more information about this service.

Signed.

© Bruin OnLine

All Rights Reserved.

May 3rd, 2012

From: YouTube Service [mailto:service@youtube.com]

Sent: Thursday, May 03, 2012 3:57 PM

To: Bollens, Ross

Subject: YouTube Service sent you a message: Your video has been approved

help center | e-mail options | report spam

YouTube Service has sent you a message:

Your video has been approved

To:bollens@ucla.edu

May 2nd, 2012

Note: In the original e-mail, the alleged order number is a trick and is actually a link to a pharmacy website

From: order-update@amazon.com [mailto:order-update@amazon.com]

Sent: Wednesday, May 02, 2012 12:02 AM

To: Bollens, Ross

Subject: Amazon.com - Your Cancellation (179-871-384)

Dear Customer,

Your order has been successfully canceled. For your reference, here's a summary of your order:

You just canceled order 179-871-384 placed on May 2, 2012.

Status: CANCELED

_____________________________________________________________________

1 "Plastered"; 2009, Special Edition

By: Emma Sullivan

Sold by: Amazon.com LLC

_____________________________________________________________________

Thank you for visiting Amazon.com!

---------------------------------------------------------------------

Amazon.com

Earth's Biggest Selection

http://www.amazon.com

---------------------------------------------------------------------

May 1st, 2012

-----Original Message-----

From: University of California, Los Angeles [mailto:dianne@sunet.com.au]

Sent: Tuesday, April 17, 2012 1:32 PM

Subject: Alert.

CLICK REPLY BEFORE FILLING DETAILS

Attention:

An Attempt has been made to login from a new computer. For the security of your account, we are poised to open a query. Kindly verify your login details by responding to this email and providing your UserID {_______} Pass-Word {_______} Confirm Pass-Word {_______} in the spaces provided.

Do not ignore this message to avoid termination of your webmail account.

University of California, Los Angeles

May 1st, 2012

From: Bejar, Nadine [mailto:nbejar@alamo.edu]

Sent: Tuesday, May 01, 2012 6:15 AM

Subject: Your mailbox is almost full

Your mailbox is almost full

Your Mailbox Has Exceeded It Storage Limit As Set By Your Administrator, And You Will Not Be Able To Receive New Mails Until You Re-Validate It. To Re-Validate - >Click Here: System Administrator

April 29th, 2012

From: Myspace [mailto:noreply@message.myspace.com]

Sent: Sunday, April 29, 2012 11:21 AM

To: Bollens, Ross

Subject: Julian Jones has sent you a new private message

Importance: Low

April 28th, 2012

-----Original Message-----

From: carol@blueskynet.as [mailto:carol@blueskynet.as]

Sent: Saturday, April 28, 2012 4:14 PM

Subject: ADMIN

Importance: Low

Your mailbox has exceeded the storage limit which is 20 GB as set by your administrator,you are currently running on 20.9 GB,you may not be able to send or receive new mail until you re-validate your mailbox.To re-validate your mailbox please CLICK

http://form.jotform.me/form/21186941766462

------------------------------------------------------------------

This message was sent from Blue Sky Communications, American Samoa

Blue Sky, Always there

April 27th, 2012

-----Original Message-----

From: Ucla News Forum [mailto:uclawebmaster@ucl.edu]

Sent: Friday, April 27, 2012 9:32 AM

Subject:

You can now login to University of Ucla news forum and get the latest exciting information and new/update. Please use the database link http://tinyurl.com/7nd54pp to login for more information about this service.

Signed.

UCLA 405 Hilgard Avenue Los Angeles, CA 90095 310.825.4321

April 27th, 2012

From: mailman-bounces@lists.ucla.edu [mailto:mailman-bounces@lists.ucla.edu] On Behalf Of AmericanExpress@email.americanexpress.com

Sent: Thursday, April 26, 2012 11:02 PM

To: security-owner@lists.ucla.edu

Subject: American Express Alert - Personal Security Key Reset

Importance: Low

American Express Alert - Personal Security Key Reset

For your security:

Dear American Express member,

To protect your account(s), we need you to re-authenticate your account by updating your Pers onal Security Key. For authenticate your identity please click on the following link.

http://www.americanexpress.com/myca/form/serverstack/action?request_type=75629812604 .

As a reminder, your Personal Security Key is not the password associated with your User ID when you log in to www.americanexpress.com. You created this unique key when you activated your Card. We will ask for your Personal Security Key when you call American Express to validate your identification and to securely and promptly service your requests. Your Personal Security Key applies to all of your American Express Card accounts where you are the Basic Cardmember.

Thank you for your Cardmembership.

Sincerely,

American Express Customer Care

Cardmember:

Account Ending:

Contact Customer Service

View Our Privacy Statement

Add Us to Your Address Book

Your Cardmember information is included in the upper-right corner to help you recognize this as a customer service e-mail from American Express. Using the spam/junk mail function may not block servicing messages from being sent to your email account. .

Copyright 2011 American Express Company. All rights reserved.

CASEUPSW0001005

April 26th, 2012

From: "Busby, Roy"

Date: April 26, 2012 4:01:05 PM PDT

To: Undisclosed recipients:;

Subject: Dear E-Mail Account User

Dear E-Mail Account User

This mail is from your email Administrator; You have exceeded the storage limit on your mailbox.You will not be able to send or receive new mail until you upgrade your email quota.And also we recently found out that your account Have been loged in from an unknown location which is different from your regular server

Your IP is causing conflict because it is been accessed in different server location. You need to Upgrade and expand your email quota click or copy and paste the below link to upgrade and verify your account.

https://docs.google.com/spreadsheet/viewform?formkey=dFVkSnRyaEhUUmtUNjAxYUotbi1zaUE6MQ

Failure to do this will result to email deactivation within 72hours Thank you for your understanding.

Copyright ?2012 Helpdesk Technical Support Centre.

April 26th, 2012

Sent: Thursday, April 26, 2012 6:25 AM

To: Bollens, Ross

Subject: Increase Email Quota

Dear Sir/Madam,

Bruin OnLine is pleased to announce that we have increased size limits with several Bruin OnLine services. We have again increased your email quota to a final size of 1GB. Along with your email quota, message size limits have been increased to 35MB, with a per attachment size limit of 25MB. And finally, we also increased the file size limits of your online file storage. The original file size limit was doubled to now support 10MB files. Kindly log on ucla.edu/increase to update your account

Thank you.

Eugene Acosta

Bruin OnLine Manager

UCLA Communications Technology Services

admin1@ucla.edu

April 26th, 2012

From: messages-noreply@bounce.linked.com [mailto:messages-noreply@bounce.linked.com] On Behalf Of LinkedIn Network Updates

Sent: Thursday, April 26, 2012 7:41 PM

To: Bollens, Ross

Subject: LinkedIn Network Updates, 4/27/2012

Importance: Low

LinkedIn

Network Updates, 4/27/2012.

We ask you to confirm your email address before sending invitations or requesting contacts at LinkedIn. You can have several email addresses, but one will need to be confirmed at all times to use the system.

You will be asked to log into your account to confirm this email address. Be sure to log in with your current primary email address.

Click here to confirm your email address.

If you have more than one email address, you can choose one to be your primary email address. This is the address you will log in with, and the address to which we will deliver all email messages regarding invitations and requests, and other system mail.

Thank you for using LinkedIn!

The LinkedIn Team

http://www.linkedin.com/

© 2012, LinkedIn Corporation

April 26th, 2012

-----Original Message-----

From: UCLA Administration Center [mailto:online2340221@telkomsa.net]

Sent: Thursday, April 26, 2012 1:20 AM

Subject: We Apologize For Any Inconvenience

Dear valued member,

We are contacting you to remind you that our Account Review Team identified some unusual activity in your UCLA.EDU E-mail Account. As a result, access to your account has been limited in accordance with the UCLA Online User Agreement. Your account access will remain limited until this issue has been resolved. You are therefore required to provide the information below;

Full name: ......................

User-name:.......................

Password: .......................

Confirm Password: ...............

Date Of Birth: ..................

*Important*

Please provide the above information completely and correctly otherwise due to security reasons we may have to close your account temporarily. We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your UCLA.EDU Account. We apologize for any inconvenience.

Customer

File Number: 8941624

Property: Account Security.

Copyright @ 2012 (UCLA TEAM) All rights reserved.

April 25th, 2012

From: Deussen, Charles

Date: Wednesday, April 25, 2012 6:10 PM

Subject: Dear E-Mail Account User

Dear E-Mail Account User

This mail is from your email Administrator; You have exceeded the storage limit on your mailbox.You will not be able to send or receive new mail until you upgrade your email quota.And also we recently found out that your account Have been loged in from an unknown location which is different from your regular server

Your IP is causing conflict because it is been accessed in different server location. You need to Upgrade and expand your email quota click or copy and paste the below link to upgrade and verify your account.

https://docs.google.com/spreadsheet/viewform?formkey=dDFfUlVuano0bmE2TGtVVGhUQkJwR3c6MQ

Failure to do this will result to email deactivation within 72hours Thank you for your understanding.

Copyright ?2012 Helpdesk Technical Support Centre.

April 25th, 2012

From: Facebook [mailto:notification+bollens@facebookemail.com]

Sent: Wednesday, April 25, 2012 5:14 PM

To: Bollens, Ross

Subject: Welcome back to Facebook

Importance: Low

Hello,

The Facebook account associated with bollens@ucla.edu was recently reactivated.

If you were not the one who reactivated this account, please visit our Help Center to cancel the request.

http://www.facebook.com/help/?topic=security

Thanks,

The Facebook Team

April 25th, 2012

From: Chris Thomson (c.thomson@bhasvic.ac.uk>

Date: Wed, 25 Apr 2012 13:00:16 -0700

Subject: Storage Limit Exceeded

Dear members,

You have exceeded the storage limit on your mailbox. You will not be able to send or receive new mail until you upgrade your email quota. Kindly update your account by clicking here, https://docs.google.com/spreadsheet/viewform?formkey=dDBmRWVZSXEzWGlnRWdnUnE1VG00MXc6MQ

Regards,

Technical Team.

April 24th, 2012

From: noreply+4239948177@badoo.com [mailto:noreply+4239948177@badoo.com] On Behalf Of Badoo

Sent: Tuesday, April 24, 2012 8:59 AM

To: Bollens, Ross

Subject: Complete your Badoo registration!

Importance: Low

You're almost there...

To complete your Badoo registration, please click this link:

Complete your registration

This email is a part of the procedure to register on the system.

Have fun!

The Badoo Team

You have received this email from Badoo Trading Limited (postal address below). If you did not request registration on Badoo, please, click here to opt out.

Badoo Trading Limited is a limited company registered in England and Wales under CRN 7540255 with its registered office at 12 Red Lion Square, London, WC1R 4QD.

April 19th, 2012

-----Original Message-----

From: Adams, Daniel [mailto:dadams@bsu.edu]

Sent: Friday, April 20, 2012 6:30 AM

Subject: System Administrator.

Importance: Low

You have reached the storage limit on your mailbox.

You will not be able to send or receive new mail until you upgrade your email account.

Please Click Here to fill your emaill upgrade form.

Technical Support Team

192.168.0.1

April 18th, 2012

From: University of California [mailto:customerservice@ucla.edu]

Sent: Wednesday, April 18, 2012 6:23 AM

Subject: New Secure Message Regarding Your University of California

New Important Security Message Alert!

Log In in order to resolve the problem .

Click here to Log In

IMPORTANT WARNING: This email (and any attachments) is only intended for the use of the person or entity to which it is addressed, and may contain information that is privileged and confidential. You, the recipient, are obligated to maintain it in a safe, secure and confidential manner. Unauthorized redisclosure or failure to maintain confidentiality may subject you to federal and state penalties. If you are not the intended recipient, please immediately notify us by return email, and delete this message from your computer.

April 17th, 2012

-----Original Message-----

From: University of California, Los Angeles [mailto:dianne@sunet.com.au]

Sent: Tuesday, April 17, 2012 1:32 PM

Subject: Alert.

CLICK REPLY BEFORE FILLING DETAILS

Attention:

An Attempt has been made to login from a new computer. For the security of your account, we are poised to open a query. Kindly verify your login details by responding to this email and providing your UserID {_______} Pass-Word {_______} Confirm Pass-Word {_______} in the spaces provided.

Do not ignore this message to avoid termination of your webmail account.

University of California, Los Angeles

May 2nd, 2012

From: Tax Defense [mailto:john.jade@synapsewire.in]

Sent: Wednesday, May 02, 2012 9:24 AM

To: Bollens, Ross

Subject: Relieve Your Tax Debt Today

Importance: Low

VATICAN CITY -- Pope Benedict XVI warned Friday that respect for human dignity "is seriously threatened" by concerns over profit, utility and material possessions.At a time when the economic crisis is causing a "rising sense of frustration" in society, young people need to be educated on the ethical needs for achieving justice and peace, he said.The pope expressed his concerns in an annual written message for the church's celebration of its World Day of Peace on Jan. 1, saying "it seems as if a shadow has fallen over our time, preventing us from clearly seeing the light of day."But he said he is convinced that the young "with their enthusiasm and idealism, can offer new hope to the world."At the same time, Benedict urged political leaders to give young people "a transparent image of politics as a genuine service to the good of all."He said that despite "the profession of good intentions, the value of the person, of human dignity and human rights is seriously t

-->

May 1st, 2012

-----Original Message-----

From: PERFECT TRUST INVESTMENTS CO.LTD [mailto:info@ptl.com]

Sent: Tuesday, May 01, 2012 8:12 AM

To:

Subject: Loans Offer!

Good day,

I am Barry Williams, the general consultant for Perfect Trust Loans and Investment Co. Ltd., based in the United Kingdom. We render financial assistance to individuals

and corporate bodies at a loan interest rate of 3% yearly. Our services are fast, flexible, reliable and guaranteed that your loan request will be approved.

To apply, contact us via e-mail for more information:

Thanks for your time,

Kind regards,

Mr. Barry Williams

General Consultant,

Perfect Trust Loans and Investment Co. Ltd.

E-mail: perfecttrust1@lunnet.com

May 1st, 2012

From: Myspace [mailto:noreply@message.myspace.com]

Sent: Tuesday, May 01, 2012 3:09 AM

To: Bollens, Ross

Subject: Lesley Brown has sent you a new private message

Importance: Low

April 30th, 2012

From: Price Finder [mailto:karry.thompson@slopeservice.in]

Sent: Monday, April 30, 2012 6:21 PM

To: Bollens, Ross

Subject: Toyota Discounts

Importance: Low

April 29th, 2012

-----Original Message-----

From: Jeremy Lucila [mailto:caridadkaylene@onlymail.com]

Sent: Sunday, April 29, 2012 4:43 AM

To: Romero, Rafael

Subject: Replica Watch 70% OFF nh1u6d

Importance: Low

Replica Watches On Sale - Cheapest discount Replica Swiss Watch - Replica Watch %70 OFF. http://amplip.ru

April 28th, 2012

-----Original Message-----

From: Humphry Ray [mailto:cappucci@dus-spb.ru]

Sent: Saturday, April 28, 2012 1:05 PM

To: Bollens, Ross

Subject: Win your beloved one's awareness

Importance: Low

Be stronger, be healthy http://remembrance.co.in/teach.html

April 23rd, 2012

From: Tagged [mailto:Tagged@taggedmail.com]

Sent: Monday, April 23, 2012 5:35 AM

To: Bollens, Ross

Subject: Ann F sent you a message...

Importance: Low

April 21st, 2012

From: Habbo Hotel [mailto:auto-contact@habbo.com]

Sent: Saturday, April 21, 2012 6:00 PM

To: Bollens, Ross

Subject: Habbo user "Aisling" has sent you a message

Importance: Low

Hello, bollens@ucla.edu

Habbo user "Aisling" has sent you a message.

Please click on the link below to open the Message View page:

http://www.habbo.com/public_content/messages/66aa5f48df6/read?userid=45757

Read a message

Keep me updated about the latest Habbo happenings, news and gossip. This message was sent to bollens@ucla.edu, if you do not want to receive emails from us anymore, click here.

April 19th, 2012

Dear Bruins,

The UCLA Collaborative Networks at http://www.weavespace.com/public/UCLA/collaborativenetworks.html is now open for sign up.

While a social network is for sharing of personal news and events, a collaborative network is for sharing of resources (including data, knowledge and tools) among its members. In the simplest case members can collaborate to create a comprehensive repository of resources. As specific needs arise further collaborations among individual members can spin off more collaborative networks.

With a free membership you are entitled to share, and contribute, resources. More importantly you are entitled to create your own collaborative networks so others can join.

We hope everyone can benefit from this important move, and look forward to serving you!

Sincerely,

Brett Ashlock

bashlock@weavemail.com

UCLA Collaborative Networks

Virtual Private Network (VPN)

What is a VPN?

A VPN, which stands for "Virtual Private Network," encrypts your Internet connection through a secure server and helps better protect your data and connection from malicious intruders.

Desktop VPN (Mac OS X and Windows)

Windows XP/Vista/7:

Installation

Mac OS X 10.5, 10.6, 10.7, and 10.8:  

Installation

Mac OS X 10.4 and below:

Installation

Mobile VPN (iOS and Android)

iOS (iPhone, iPad, iPod Touch) devices:

Installation

UCLA Android 2.1+ VPN

Installation

Secure Coding Best Practices and OWASP Resources

SQL Injections

An attack against the database layer by which an end user may execute SQL code. This usually occurs when data enters a program from an untrusted source or data is used to dynamically construct an SQL query. A successful injection may provide direct feedback of sensitive information from the database, allow for the data manipulation, execute database administrative functionality, or even issue commands to the host system. Full error reporting is the most common method of exploitation for SQL injections, providing both a feedback mechanism for the attack code and an output method for eventual data harvesting. Click here to learn more about SQL injections.

Blind Injections

An attack against a data layer when the application is vulnerable to an injection but the results of the injection are not directly available, instead leading to conditional responses. Blind injections can be extremely hard to detect through testing, and discipline and review is often necessary to detect the logical inconsistencies that lead to these.

A blind SQL injection occurs when a user can execute SQL through an improperly validated input, leading to some noticeable change in the application, such as a generic error page if the query fails, and conditional responses can be inspired through the wait mechanism. Many blind injection techniques are system-specific and thus any information compromise, even concerning the database process and its user, can assist in such vectors. Click here to learn more about blind SQL injections.

Data Smuggling

An attack that avoids the challenges of blind injections, transmitting desired data along an alternate medium. Commonly, if one cannot get the application to output the data explicitly, they seek to retrieve the data through another common protocol such as HTTP or DNS requests or even email. One clever recent exploit involved making DNS requests (almost never blocked) to a malicious name server that actually contained the harvested data.

Arbitrary Code Execution

An attack in which code is executed through on a target machine. Most such attacks involve two stages, the first being placement of malicious code, and the second being execution of this code. Systems where users can perform uploads are particularly at risk, though such exploits can occur through holes in legitimate processes such as the database or web server. This can be particularly effective in conjunction with a privilege escalation attack to gain root on a system.

Cross-site Scripting (XSS)

An attack facilitated through database or application layer injection vulnerabilities in which malicious scripts, generally browser-side, are executed on an otherwise trusted site. Perceived as coming from the trusted site, this code can access cookies, sessions and other sensitive information. Such attacks can even operate in conjunction with other exploits to rewrite page content or pass user input besides the intended destination.

XSS attacks are generally categorized into three areas:

  1. Stored where the injected code is permanently housed within the application.

  2. Reflected where the injected code is generated through request parameters. These usually occur when a user follows a malicious link or specially crafted form.

  3. DOM where the payload is executed as the result of modification to the DOM in the victim's browser.

Cross-site Request Forgery (CSRF)

An attack which forces execution of unwanted actions on a trusted site by capitalizing on insecure authentication. These sorts of attacks can compromise user access.

Session Hijacking

An attack which involves compromising an application's session control mechanism (usually a session or cookie token), either by predicting a token or by stealing a legitimate token. With most modern languages and frameworks, the former is not too common anymore. The latter, however, encompasses a large number of methods:

  1. Session Fixation where a session identifier can be predetermined.

  2. Session Sidejacking where a session is stolen through sniffing or other means.

  3. Cross-Site Scripting where a session is compromised because the browser believes code to be trusted.

  4. Client-side Attacks where cookie store or memory on client computer is compromised.

Recommended Principles

General

  1. Frameworks and abstraction layers can ensure some base level security.

  2. Most languages have a some general security recommendations. Follow them.

  3. Web and database server processes should run under a low-privilege user.

  4. Application should only have access to the application tables.

  5. Error handling should occur in a generic manner.

  6. System should not provide any details about server applications and versions.

  7. Do not run unnecessary processes or leave unnecessary ports open.

  8. Disable DNS, HTTP, file and other IO methods from the database if not needed.

Input Validation

Most simply, trust no user input and always validate server-side.

Whitelists and Blacklists

Whitelists are superior as long as you can expect an input set. Blacklists are limited because they cannot beat the infinite obfuscation permutations. Terminate, rather than filter, on suspicious input.

Parametrized Statements

  1. Do not directly use user input in your SQL statements.

  2. Use parameterization whenever possible to differentiate safe queries from unsafe input.

  3. Effective in tangent with a whitelist (or blacklist) against the unsafe input.

  4. Do not directly use user input in your SQL statements. Use parametrization whenever possible to separate safe queries from unsafe input. This is particularly effective in tangent with the employ of a whitelist (or blacklist) against the unsafe input.

Data Abstraction Layer

A large number of narrowly-purposed functions have less leeway for exploitation. The layer should pattern recognize against common patters known to be illegal. The layer should handle parametrization of queries to remove the burden upon individual scripts.

File Handling

  1. Ensure that files are stored in a directory not directly web accessible.

  2. Uploads should always be of an expected file type and size.

  3. Scan uploaded files with anti-virus if at all possible.

Account Security

  1. Use a password policy that requires mixed alphanumerics and a minimum length.

  2. Salt passwords to prevent reversing in the event of a data smuggling event.

Secure Authentication

For many applications, the language sessions libraries work well. However, they should be made to conform to these conditions:

  1. Require a persistent client IP and user agent.

  2. Always have an inactive login timeout.

  3. Use HTTPS-only ("secure") cookies.

  4. Use long, entropic session tokens rather than predictable ones.

  5. Cookies should be bounded to the application-specific domain path.

Access Controls

  1. Fewer permissions are always better so give a user only what they require.

  2. Access control throughout an application should be controlled through a central mechanism.

Error Handling

  1. Less is More

  2. Provide the end user with as little information about the error as possible.

  3. Never provide database error messages to the end user.

  4. Do not even share basic server information like OS/server version or file pathing.

Log Correlation

  1. Keep robust logs on the system for analysis.

  2. Use correlation software in order to detect potential injection and smuggling attempts.

  3. Keep logs in a separate file system to prevent overflow attacks.

OWASP: Open Web Application Security Project

The Open Web Application Security Project (OWASP) is an organization focused on improving the security of open source software related to web applications. It provides outstanding web application security guides, especially in highlighting mitigating vulnerabilities in code.

OWASP Homepage

Open SAMM (an OWASP Project)

The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. The resources provided by SAMM will aid in:

  • Evaluating an organization’s existing software security practices
  • Building a balanced software security assurance program in well-defined iterations
  • Demonstrating concrete improvements to a security assurance program
  • Defining and measuring security-related activities throughout an organization
Open SAMM PDF

LAMP Web App Security Guide

For Linux, Apache, PHP, and MySQL-based Web Applications

Prepared by: Alex Podobas, UCLA Information Security Office

Last Updated: January, 2013

Purpose

Unfortunately, many web application projects consider security as an afterthought. It’s something that is treated as a task to address after core functionality or design has been completed. We fundamentally disagree with this approach, and strongly encourage all UCLA web application developers to regard security as part of, not an afterthought to, the software development life cycle (“SDLC”).

The purpose of this guide is to describe how web application security should be approached in LAMP stack (Linux, Apache, MySQL, and PHP) web applications. It includes the overall ideas and specific technical examples with "how to" implementation steps.

Specifically, this guide approaches web application security from two perspectives: (1) Examining the individual pieces in PHP and MySQL that constitute the web application; (2) Examining the web server environment in which the web application operates.

Overall Ideas

Security Is Not A Feature

Security is not a separate feature, a piece of a web application that can be casually included “later” or as part of the quality assurance (QA) process. Fundamentally, it is integral to the functionality of the application. If the web application or server is vulnerable, then it isn’t functional and doesn’t serve its purpose. Therefore, security evaluation should be integrated into every single part of the software development life cycle. Additionally, even after the web app is in production, any changes should be tested for vulnerabilities before launching.

Security And User Experience

At the same time, striking the right balance between security and user experience is also critical. Without a focus on security, the web application doesn’t need to include more complex password requirements and can be faster. Without a focus on user experience, security can become extreme. Neither option is preferable.

Constantly Re-Evaluate

After a web application is launched, the security approach that was part of software development certainly should not end. Security is just as critical after an application launches as during its development. What does this mean? After an application is launched, changes are certainly made to it. Whether iterative improvements or core functionality changes, the application is still changed, which means that the security evaluation made previously is not longer valid. This means that, before new changes are pushed into production, the changes should be tested against vulnerability scanning software.

However, the web application is not the only feature that needs to be constantly re-evaluated for its security status. The host operating system, web server configuration environments that web apps operate within are just as important to consider.

Fortunately, the UCLA IT Security office provides AppScan free of charge for this purpose to all UCLA web application developers.

Web Application/Server Attacks

SYN Flooding

Definition

A SYN flood is a type of Denial of Service (DoS) attack that works when an attacker targets a host and attempts to create a large number of connections in the SYN RECEIVED state until the host’s backlog queue has overflowed. This state occurs when the host receives a connection request, with the SYN flag set, and then allocates it for memory purposes. A SYN flood therefore creates so many half-open connections that the host system becomes overwhelmed from the multitude of requests.

Effects

Host system performance is severely impacted.

How to mitigate or fix:

Step 1:

open up Terminal/command line and, from root, input:

vi /etc/sysctl.conf

(or with another file editing program)

Step 2:

Input the following code somewhere in this file:

# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1

Step 3:

Save the sysctl.conf file that was just edited

Step 4:

Restart the network for changes to take effect by inputting the following:

/etc/rc.d/init.d/network restart

Denial of Service (DoS) / Distributed Denial of Service (DDoS)

Definition:

An attempt to make a machine, network, or service unavailable to intended users. Generally, this is an attempt to flood the machine with malicious traffic with an HTTP or SYN flood.

Effects:

The web application experiences a drop in performance or becomes unavailable.

How to mitigate or fix:

Defending against DoS or DDoS attacks involves a number of approaches. Unless network traffic is monitored, these types of attacks can largely go unnoticed.

Option 1: Implement a Firewall

Firewall: when a specific number of IP addresses are detected in server logs as delivering malicious or odd traffic to your web application or web application server, adjusting firewall rules (LINK) can block those malicious sources. Additionally, ongoing attacks on specific ports or services (port 21 for FTP, for example) can be addressed by shutting down traffic to the port on a temporary basis.

Your router, hub, or switch may be able to allocate specific percentages for different services/ports. These can be manually adjusted to mitigate the impact of a DoS/DDoS

Option 2: Use mod_evasive a Firewall

On Linux web server OS hosts with Apache installed, you can install an extension called mod_evasive. Outstanding documentation on the full capabilities of this apache extension can be found here (http://library.linode.com/web-servers/apache/mod-evasive). In short, mod_evasive detects the patterns of DoS attacks, such as multiple page requests in a short amount of time from the same IP address. In response, it will block the suspicious IP address.

To install:

(the following steps assume a CentOS server. The same works on other Linux distributions)

Step 1:

yum install httpd-devel (installs, from yum or apt-get, httpd-devel package)

Step 2:

from the root directory (/):

cd /usr/src

Step 3:

wget wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz

Step 4:

tar xzf mod_evasive_1.10.1.tar.gz

Step 5:

cd mod_evasive

Step 6:

apxs -cia mod_evasive20.c

(NOTE: apxs comes with the httpd-devel package, installs to usr/sbin, but can only be used from su (not sudo) or root user)

Step 7:

open httpd.conf (CentOS/Fedora) or apach2.conf (Debian/Ubuntu)

Step 8:

If on CentOS/Fedora, find the following block:

LoadModule evasive20_module”

If on Debian/Ubuntu, find the following block:

# Include module configuration:
Include mods-enabled/*.load
Include mods-enabled/*.conf”

Step 9:

Add the following excerpt:

DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 60
DOSEmailNotify someone@somewhere.com

Step 10:

Restart apache for changes to take effect

Apache Server Hardening

Run Only What is Necessary

One problem with certain Linux OS host systems is that the default installation comes with a multitude of services. Not all of these are necessary. For example, if a particular server operates as a database server, there is no need to run FTP. Disable that service (port 21). The more unnecessary features and services that run, the more potential attack vectors exist.

Keeping Software Up-To-Date

One of the simplest but most effective ways to keep your host web application server up to date is to keep the operating system and installed software packages up to date. On Linux systems

On CentOS:

Step 1: “yum install yum-security”
Step 2: “yum update --security”

On Ubuntu/Debian:

“sudo apt-get update”

Information Disclosure: Modify ServerTokens Reporting

Apache’s ServerToken can report Apache, PHP, and MySQL’s server version. This presents a minor, but actionable, risk in that attackers can better craft attacks given known exploits in software version numbers. This can be mitigated by setting ServerTokens to “Prod,” which only reports that a server runs software without reporting the version number.

How to Mitigate

Step 1:

open up httpd.conf (generally in etc/httpd/conf/httpd.conf)

Step 2:

find ServerTokens and ensure it reads: “ServerTokens Prod”

Information Disclosure: Disable Directory Listing

If installed (check with “httpd -l”), disable the autoindex Apache module. This displays a directory listing when no index.html or index.php file is present.

For every web-accessible directory (say https://www.itsecurity.ucla.edu/images) that you want to restrict directory access to, Apache uses the real server path as follows.


Options FollowSymLinks

Ensure that Options FollowSymLinks does not includes Indexes (which allows the listing) on any apache directory option. After you have edited this option, restart apache.

Disable Trace HTTP Request

HTTP Trace requests back received information. They can be used to gather information on and then steal HTTP cookies to craft a session theft.

How to Mitigate

Option 1:

In httpd.conf, place the following somewhere in the file:

“TraceEnable off”

Option 2:

In httpd.conf, ensure that trace is disabled when using :

DocumentRoot "/var/www/vhost/www.alexpodobas.com" #Disable TRACE method RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F]

Firewall

It is generally advised to use iptables, the built-in firewall for CentOS and Fedora operating systems. Iptables utilizes three “chains” to filter traffic: INPUT (for incoming packets to a host), OUTPUT (for outgoing packets from a host), and FORWARD (for packets passing though a host, as in when the host is used as a router). Iptables allows you to ACCEPT or DROP a packet based on rules in INPUT, OUTPUT, and FORWARD. All packets are checked against pre-defined in iptables. Iptables will allow you to add DROP rules for specific IP addresses that are engaging in malicious DoS behavior against your web server host.

To Block an IP Address

Step 1:

Check if iptables is installed. If iptables is installed, it should return a version number.

rpm -q iptables

Step 2: Check if iptables is running:

iptables -L

If iptables it not running, you can enable it by inputting:

system-config-securitylevel

Step 3:

Block an IP address with the following command. The IP address to be blocked should be in between the brackets [ ]

iptables -I INPUT -s [IP address] -j DROP

To Unblock an IP Address

Step 1:

Input:

iptables -L INPUT -n --line-numbers

Step 2:

Select the line number of the rule you wish to drop:

iptables -D INPUT 1” (assuming in this case that the line number is 1)

MySQL Security

Official MySQL Security Guide

http://dev.mysql.com/doc/mysql-security-excerpt/5.1/en/index.html

MySQL Accounts

Ensure that all MySQL accounts have passwords:

To Check:
“select host, user, password from mysql.user;”

Ensure that the root (super user) account has a password:

Step 1:

“use mysql;”
(This changes to the MySQL database)

Step 2:

“UPDATE mysql.user SET Password=PASSWORD('password') WHERE User='root' AND Host='localhost';”

Ensure that all accounts have only the permissions they need. The “principle of least privilege” is very useful concept because if users have additional privileges beyond the scope of the duties they need to do, the risk of making unintended (or intended) security mistakes is increased. Not following this principle can also make a security audit more complex.

MySQL Password Storage

Never store plaintext passwords in your MySQL database table(s). The justification for this is that, supposing an account gets breached or some other security flaw is exploited, there is still one level of protection remaining for user passwords. You should use sha1() or md5() functions to do a one-way hash and store the hash value in the database.

MySQL Unfiltered Data

This is an incredibly important aspect of MySQL security. Assume a web application contains a form input or file upload mechanism that stores data in a MySQL database. This is an absolute security principle: Never, ever, ever trust the data supplied by users. You cannot under any circumstances trust user input, which is why two different functions should be utilized.

Step 1:

If you have a variable that you are utilizing via the POST method in PHP, you should apply the following functions:

Function 1: MySQL: “mysql_escape_string();” | MySQLi: “mysqli_real_escape_string();” MySQL/[i] real escape string filters out certain SQL characters that could be used in an SQL injection.

Function 2: “htmlspecialchars();” HTML special chars, strips out HTML characters that could be used in a XSS (cross-site scripting attack).

Example:

$uid=mysql_escape_string(htmlspecialchars($_POST['uid']));

MySQL Data Types

The other aspect to this security measure is to store data with the right data type in MySQL. It defines three column data types: numeric, date and time, and string. A full description of each can be found here: http://dev.mysql.com/doc/refman/5.5/en/data-types.html. For each data type that you store, it should be specific to its column data type. Date and time columns should not be able to store .zip files (BLOB), for example.

IP-Restricted Connections to MySQL

A powerful MySQL security function is to restrict who can connect to your database via command line or a front-end client.

Step 1:

Restricting MySQL user connections to an IP address or IP range is implied in the GRANT statement. Where you have the command, for example. In the example below, you can replace the host part of “@host” with an IP address, fully-qualified domain name (FQDN), or an IP address range (e.g.: 128.97.%.%)

“GRANT SELECT ON dbname.* TO ‘username@host’;”

As a more general rule, if you permit MySQL connections directly over the Internet, you should absolutely use an encrypted connection like a VPN to protect traffic that may contain MySQL usernames, passwords, and other sensitive data. When data is passed to a MySQL database server from another IP address, it should be done over SSL.

Operating Systems (Desktop and Mobile)

OS Applies To Update Link

Windows Security Updates

View

Apple OS X/iOS Security Updates

View

Web Browsers

Browser Applies To Update Link

Internet Explorer

View

Google Chrome

View

Mozilla Firefox

View

Developer

Browser Applies To Update Link

Internet Explorer

View

Google Chrome

View

Mozilla Firefox

View

LMS eCourse

UC Information Security Awareness eCourse

This eCourse on information security awareness training covers basic information regarding security, email, passwords, and social engineering, in addition to introducing contemporary threats and teaching good behaviors that protect information. It is highly recommended for anyone in today's electronic world.

It was created by the UC IT Policy & Security (UCITPS), an organization consisting of the Information Security and Policy Officers of the University of California's 10 campuses and 5 medical centers.

Instructions:

  1. Visit the link contained in the blue button below
  2. Enter your UCLA Logon credentials
  3. Select the "Technology and Software" link (on the right-hand side of the page)
  4. Select the "Information Security Awareness eCourse" (Note: it may be on subsequent pages if not on the first page)
  5. Click the "Start" button to begin. A pop-up that starts the eCourse may be blocked. Temporarily unblock popups or allow them from SumTotal content UC LMS. Then refresh the page and the course should appear.
Access eCourse