Description

Graham reports on his tests of systems across the University and the news isn't great, particularly on the password front. Apparently we still have work to do in getting the message across. We also do our usual trawl of security news inside and outside the University.

• UIS Service Desk: service-desk@uis.cam.ac.uk
• UIS Cyber Security pages: http://www.uis.cam.ac.uk/cybersecurity
• E-mail CERT: cert@cam.ac.uk
• National Cyber Security Centre: https://www.ncsc.gov.uk/
• Three Random Words: https://www.ncsc.gov.uk/blog-post/three-random-words-or-thinkrandom-0
• UIS Friendly Probing: https://probing.csx.cam.ac.uk/
• Home routers: https://cyber-itl.org/assets/papers/2018/build_safety_of_software_in_28_popular_home_routers.pdf
• Phish bypassing (SMS) 2FA: https://blog.certfa.com/posts/the-return-of-the-charming-kitten/
• Worst password list: https://www.teamsid.com/100-worst-passwords-top-50/
• USDHS copying data: https://www.oig.dhs.gov/sites/default/files/assets/2018-12/OIG-19-10-Nov18.pdf
• MS combatting scam support: https://blogs.microsoft.com/on-the-issues/2018/11/29/new-breakthroughs-in-combatting-tech-support-scams/
• Chrome mitigates ads masquerading as clickbait: https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
• Edge and the Mail: https://uk.pcmag.com/news-analysis/119288/microsofts-edge-browser-says-not-to-trust-the-daily-mail
• Wikipedia and the Mail: https://www.theguardian.com/technology/2017/feb/08/wikipedia-bans-daily-mail-as-unreliable-source-for-website