Computing Services ISO - Carnegie Mellon University

Information Security Office (ISO)

The ISO collaborates with the campus community to protect Carnegie Mellon from and to respond to threats to our electronic information resources and computing and networking infrastructure.

News & Alerts

horizontal rule

Security Alert: Vulnerability Affecting Browsers ("POODLE")
10/15/2014

A vulnerability has been announced for most web browsers that could enable the disclosure of private information during a "secure" web session (https), such as a shopping, banking, enrollment or mail viewing session, where you'd normally expect secure, encrypted traffic.

For detailed information about this alert and What You Need To Do, please visit Security Alert: Vulnerability Affecting Browsers ("POODLE").

horizontal rule

National CyberSecurity Awareness Month - 2014
10/02/2014

October is National CyberSecurity Awareness Month!  Please join us in the Security 101 Completion Challenge - our goal is to reach a 50% completion rate.

Please visit NCSAM: Take Security 101 for more information.

horizontal rule

Security Alert: Significant Vulnerability in Internet Explorer V6-11
04/28/2014

A vulnerability has been discovered in Internet Explorer (IE) browser that is being exploited to compromise computers. The campus community should refrain from using IE until Microsoft releases a security update. The Information Security Office will continue to monitor for and block known malicious websites.

For detailed information about this alert and What You Need To Do, please visit Security Alert: Significant Vulnerability in Internet Explorer V6-11.

horizontal rule

Security Advisory: OpenSSL "Heartbleed Bug" may disclose sensitive information
04/10/2014

Announced on April 7, 2014, a security vulnerability called Heartbleed allows attackers to collect information that is expected to be encrypted including encryption keys, session cookies, credit card numbers, passwords, and social security numbers. Computing Services Information Security Office (ISO) is actively scanning CMU's network for vulnerable hosts, monitoring for evidence of attack and compromise, and responding to impacted individuals accordingly. University vendors are also being assessed.

For detailed information about this advisory and What You Need To Do, please visit Security Advisory: OpenSSL "Heartbleed Bug" may disclose sensitive information.

horizontal rule

ISO Releases its 2014 - Security 101 Training Course
03/31/2014

The 2014 - Security 101 training course was developed by Carnegie Mellon's Information Security Office (ISO) to raise awareness about Carnegie Mellon's information security policies and guidelines, data classification, roles and responsibilities, information security risks, and techniques for safeguarding institutional data and information systems.

For instruction on how you can access the 2014 - Security 101 course, please visit Security 101 Training and Awareness Program.

horizontal rule

Security Advisory: Upgrade Now - Windows XP Support Ends April 8
03/20/2014

Microsoft plans to end support for Windows XP on April 8, 2014.  There have been a number of advisories from various sources indicating that shortly after the end of support, a rash of malware and exploits will be released targeting the XP operating system. Accordingly, the Information Security Office (ISO) will begin scanning for XP computers on campus or connected to campus services on Thursday, March 20, 2014.

For information on the security advisory and on What You Need to Do, please read the entire security advisory message on Upgrade Now - Windows XP Support Ends April 8

horizontal rule

Security Alert: Hewlett Packard (HP) Phone Scam
03/18/2014

Several university staff members reported receiving phone calls where individuals asked for their "HP number". When questioned, the caller typically hangs up. While "HP number" is unclear, it is possible that they are looking for the printers IP address, which might provide the scammer with remote access to the printer.

For information on the security alert and on What You Need to Do, please read the entire security alert message on Hewlett Packard (HP) Phone Scam.

horizontal rule

Lessons from Recent Security Breaches
02/25/2014

Several recent high profile vulnerabilities and security breaches serve as reminders of the importance of reporting concerns, staying up to date with security patches, remaining vigilant to scams, and other good security practices, both on campus and at home.

To access the announcement with detailed information and resources, visit Lessons from Recent Security Breaches.