Please note: This is the final Tech Tuesday of this semester. We will resume the week of fall semester orientation.

Tech Tip of the Week

Do you use Excel? Sure.  Everyone does, and we all share files. All different types. For example, MyFile.xls or MyFile.xlsx or maybe MyFile.xltm or MyFile.csv. Ever wonder what those different file extensions mean? Wonder no more:

• Excel Version prior to 2007: .XLS

• Excel Version 2007 onwards: .XLSX

Interesting fact. Microsoft changed the file format from an internal one to a more useful XML format. This offered many advantages, including sharing between applications, smaller files and security features. Given the choice, always save as .XLSX.

Other extensions allow macros. Be careful of XLSM and .XLSB as they can contain malware and of .XLTX, . XLTM as they contain template files.

Other key extensions used in file sharing and data transfer:

• .CSV      Comma-delimited – commas separate the columns

• .TXT      Tab-delimited – tabs separate the columns

• .XML     Any spreadsheets from applications that store in the XML spreadsheet format.

• .ODS     Opendocument spreadsheet (Google Docs, etc.)

• .PDF      Adobe’s format.  You can retain .PDF formatting of data

Yeah – accountants aren’t the only ones who geek out with Excel. 

 

Online Browser Scams – Protecting Yourself, Your Data and Duke’s Data

The end of the semester is a great time to update your browser.  Here are some guidelines and what you should know about three browser-based scams to avoid. Check out this page from the Duke Security Office on Browser Security.  Follow these guidelines, and you’ll be in good shape.

TypoSquatting & URL Hijacking 

We’ve all accidentally typed “goigle.com” when we really meant www.google.com. Easy mistake. 

Someone actually expected you to do that, so they purchased URLs similar to Google’s URL and set up fake websites that look like the real thing. They hope that you’ll enter your UserID and Password in their fake site. Then, if you’ve used the same password on other sites, they’ve got you! Just another way to phish for your data.   

Heads up, pretty soon you’ll be seeing some typosquats related to the upcoming election.

It’s not all bad. Some are not malicious – they just try to sell you something. Some are actually just having fun with it – try www.microtoft.com, a typosquat of Microsoft.

How to protect your data? Type carefully when entering a web address, and use your favorite search engine as your homepage.

Drive-by Downloads

A drive-by download is an attack where a site you visit installs malware or adware on your computer without your knowledge. You don’t have to click anything or press a download button. Hackers use these attacks to:

• Spy on you

• Steal your identity

• Ruin your data

• Hijack or disable your device

• Bombard you with ads

We’ve seen drive-by attacks that hijack cameras and disk drives. Several years ago, I saw one that hijacked the keyboard. Usually, the only way to fix your computer is with complete reinstallation of the operating system. This type of attack is made possible by browser vulnerabilities.

How to protect your data?

• ONLY allow admin credentials to install anything on your computer.

• Keep your browsers updated, and ALWAYS use the latest version.

• Stay away from unknown sites.

• Use an ad-blocker – here’s one recommended by Duke.

Malvertising

Malvertising is a general term you’ll hear to categorize these attacks:

• Drive-by Downloads (we’ve already discussed above)

  • Can be inserted in many places (videos, ad content, links, even individual pixels)

• Force you to a malicious site (redirecting you to a site you didn’t want to go to)

• Display unwanted advertising, content, pop-ups, etc. 

How to protect yourself and your data:

• Keep your antivirus up-to-date

• For your Duke-owned machine, connect to the Duke network at least every month

  • Use VPN to do this if you aren’t going to be on-site

• Get an Ad blocker – here’s one recommended by Duke

• Keep your browsers updated

• Only go to sites that you trust

As always, if you have any technical questions or problems, please contact your IT Service Desk at 919-684-9200 or email to citdl@mc.duke.edu.