Welcome back from the Information Security Office (ISO)!


Follow these three steps to start the semester off SAFELY!

STEP 1:  Think Before You Click!

STEP 2:  Adhere to Copyright & Intellectual Property Laws

STEP 3:  Visit the ISO Website Often

For More Details, see Fall Cyber Security Tips and Reminders.

Fraud emails have recently been sent to Carnegie Mellon email accounts claiming to be from memberservice@andrew.cmu.edu.  The fraud messages ask people to reply with their User ID and Password.  PLEASE ENABLE SPAM FILTERING AND DO NOT REPLY!

For What You Need To Do, see Security Alert - Fraud Emails - andrew.cmu.edu Feature Release: Upgraded Search.

Fraud emails have recently been sent to Carnegie Mellon email accounts claiming to be from "School WebMail Support Team" <support008@mail2webmaster.com>.  The fraud messages ask people to reply with their Password.  PLEASE ENABLE SPAM FILTERING AND DO NOT REPLY!

For What You Need To Do, see Security Alert - Fraud Emails - Confirm Your School WebMail Details.

Virus emails have recently been sent to Carnegie Mellon email accounts claiming to be from "postcards@hallmark.com".  The messages include a postcards.zip or similarly named attachment.  PLEASE DO NOT OPEN THE ATTACHMENT!

For What You Need To Do, see Security Alert - Virus Emails - You've received A Hallmark E-Card!.

Fraud emails have recently been sent to Carnegie Mellon email accounts claiming to be from "Abuse@andrew.cmu.edu" <blanche@3web.net>.  The fraud messages ask people to reply with their Email Password.  PLEASE ENABLE SPAM FILTERING AND DO NOT REPLY!

For What You Need To Do, see Security Alert - Fraud Emails - ITC UPDATE FOR THIS MONTH FOR NEW ACCOUNT!!!.

Fraud emails have recently been sent to Carnegie Mellon email accounts claiming to be from "support@andrew.cmu.edu" <support@andrew.cmu.edu>.  The fraud messages ask people to reply with their EMAIL Password.  PLEASE ENABLE SPAM FILTERING AND DO NOT REPLY!

For What You Need To Do, see Security Alert - Fraud Emails - Dear Email Account Owner.

Computers running older versions of Adobe Flash Player are vulnerable to exploits. Criminals have infiltrated many legitimate websites and are using them to deliver Adobe Flash attacks. The most serious of these vulnerabilities may allow malicious attackers to take complete control of an affected system when you visit an infiltrated or maliciously crafted website. The latest version of Adobe Flash Player is not vulnerable. Update now.

For What You Need To Do, see Security Alert - Widespread Adobe Flash Web Attacks.

Computers running Debian & Ubuntu Linux are vulnerable to exploits.  Users that connect to Debian & Ubuntu Linux servers via SSH are vulnerable.  Users that generated cryptographic material such as SSH keys or SSL certificates on affected systems are also vulnerable.  The most serious of these vulnerabilities may allow malicious attackers to gain unauthorized login access or eavesdrop on encrypted communications.

For What You Need To Do, see Security Alert - Debian & Ubuntu Linux Weak Encryption Keys.

Protect Yourself, Others and the University from Identity Theft with Identity Finder!


Did You Know?

• Your computer might be storing personally identifiable information (PII) such as your Social Security Number, bank account numbers, credit card numbers and passwords without your knowledge
• If your computer or external media is lost, stolen or broken into over the Internet, someone might use it to steal your identity and the identities of anyone who shares your computer or whose personal information you might handle
• If you store sensitive PII for Carnegie Mellon work and your computer or external media is lost or compromised, the University is obligated under PA state law to notify everyone affected by the breach and could potentially be legally liable
• Over eight million Americans have their identities stolen annually and on average victims spend 600 hours clearing their good name -- Federal Trade Commission & Identity Theft Resource Center

For What You Need To Do, see Do Your Part: Prevent Identity Theft.

Computing Services will NEVER send unsolicited attachments in notification e-mail messages. If Computing Services requires that you install a patch, the e-mail message will NOT CONTAIN the patch, but instead direct you to an appropriate download page for the vendor or on www.cmu.edu.

If you are in doubt about a message do not open it! Contact the Help Center to verify the message's authenticity.

Most peer-to-peer file sharing programs (Kazaa, LimeWire, BitTorent, etc.) set your computer to share (allow uploading) downloaded files AND possibly all your personal files to anyone who asks for them. The University of Chicago provides instructions on how to disable this feature for many of the more popular file sharing programs.

NOTE: The instructions on the University of Chicago pages are a guide for what we currently think are feasible workarounds, but ultimate responsibility for your network usage falls to you. Don't lose your network connection (or face a potential lawsuit) for copyright infringement!