What does my windows security alert mean?

acquisitive
acquisitive used Ask the Experts™
on
My University account has been behaving strangely recently with a certain pattern to it, namely that 'important' contacts have been assigned to Junk Mail. This is impossible for me to do without making a deliberate decision and I haven't done this. So it seems likely someone has been able to access my password.
The other day I logged on to my account at the Uni and tried to access a powerpoint file and I got the following message:
"Windows Security Alert: The connection attempt could not be completed."
It then gave the following information:
Radius server: itstrad1.bham.ac.uk
Root CA: AddTrust External CA Root
"The server "itstrad1.bham.ac.uk" is not configured as a valid NPS server to connect to for this profile"
Is this hacking/phishing? And if so, what can I do to discover who is doing it?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Kash2nd Line Engineer

Commented:
first things first. You need to change your login password to a complex one.

if you are still getting issues then you may want to speak to the network admin at Birmingham uni.

NPS : that tells me that you are using DirectAccess of some kind to connect to the resources possibly from your laptop PC. The NPS (network policy server) has a checklist which it has to tick before it can let you logon to the resources.

If your PC (which I assume you are using) has some kind of virus on it or doesn't have certain patches installed on it then NPS server will deny access.

Hope this helps.

Author

Commented:
Kash
my password is complex, very complex, and I have also changed it but the phishing continues.
What is DirectAccess?. I do indeed connect to the system via my laptop and usually remotely, but this time it was in my office.
I have two antivirus programs on my computer, Norton and Superantispyware, so I don't think it's a virus.
please respond.

Author

Commented:
And also, this alert has never appeared before. And how do you explain the access to my email to change mail to Junk? And how do you explain changing my password does not affect the process of junking?
Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

If your password is complex, you haven't given it out to anyone and we can assume that the Uni is not compromised then I think its unlikely you have been hacked. A Trojan also seems like a remote possibility given your available security.

If there is a problem with the certificate chain then its possible your profile has been 'blacklisted' (probably not the correct term in this case but you see what I mean) locally and that's why your emails are hitting the junk folder.

There is a root certificate problem for wireless connections so try to connect by a hard line if available and/or refer the following article to the administrators:
http://support.microsoft.com/kb/2518158

Of course all this assumes you are not a high profile target who has annoyed the Russians in which case a directed attack might be possible too.
Kash2nd Line Engineer

Commented:
if your password is complex then it is not the password.

Direct access is a Microsoft Technology which is configured on the servers by Admins which basically allows you to access your files remotely which is the case.

The reason I said it is DA is because its uses NPS server to perform its tasks.

Have you tried speaking to the IT at uni whether they have recently done some updates or modified some settings etc. I bet that is the case.

It may be they have applied some stronger spam threshold to the emails UNI WIDE which in turn has caused your emails (legit ones) to end up in the junk email folder.

Author

Commented:
Just to clarify: the junking occurs even after I have changed my password. You don't think it is phishing by an outsider who can read my passwords?
No password/encryption system is 100% effective but unless you have reason to believe you are being specifically targeted by someone with high level access to UNI servers (or a government) I would look elsewhere. However changing your password won't change the white/black lists applied by the mailbox scanner that is doing the junking - even if YOU mark them as trusted it may be that their domains have been identified as spam from outside the University -
http://whatismyipaddress.com/blacklist-check

The problem with the powerpoint is more likely a change in policy or certificates as outlined by Kash

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial