After having an account or device compromised, be aware of these common ways to get into trouble in order to prevent future incidents.
- Internet browser settings may not be secure.
- For re-installed PCs: the master boot record from the install CD (e.g. Windows) may not have been completely erased.
- For re-imaged PCs: the master boot record may not have been restored from the image (using Symantec Ghost, for example). Be sure that the MBR is overwritten completely using Diskpart clean command. Read more about that at http://knowledge.seagate.com/articles/en_US/FAQ/005929en
- If a hardware keyboard capture device was plugged directly into a computer in a public place, it could have connected to something suspicious.
- Using an unencrypted connection like UB Connect vs. eduroam.
- Sending a username and password in clear text (http:, ftp, telnet are some examples).
- Compromised USB flash drive, which re-infected the machine.
- Sharing passwords, even with close family or friends, is never recommended—remind students, faculty and staff that UB will never ask for your password.
- Filling out a fake web form with a username and password—be sure to check the URL. If the website uses encryption, check the certificate as well.
- Responding to a phishing email.
- Visiting the same infected website, .pdf, etc. without realizing that it is downloading and running something bad. It's common for infected files (movies, Word files, spreadsheets, PowerPoint presentations, and so on) to be transmitted via social networking websites.
- Using a compromised DNS server.
After rebuilding a PC, ensure the device is fully patched before restoring all data files. After everything is restored, run a thorough scan, using as many scanning tools available, to ensure all of the files are clean.