Carnegie Mellon University Website Home Page
 

2008 News & Alerts Archive


Security Alert - Critical Microsoft Security Update MS08-078 for Internet Explorer (Windows)
(Posted December 19, 2008)

An attacker may be able to take complete control of your computer when you visit a maliciously crafted web page with Internet Explorer on Windows. You need to install and run update from Microsoft to safely continue using Internet Explorer.

For What You Need To Do, see Security Alert - Critical Microsoft Security Update MS08-078 for Internet Explorer (Windows).

Final Survey: Help Us Protect the Carnegie Mellon Community from Identity Theft study
(Posted December 15, 2008)

Final Survey: Help Us Protect the Carnegie Mellon Community from Identity Theft studyThank you for registering and participating in the study: Help Us Protect the Carnegie Mellon Community from Identity Theft. As a final step in the study, please complete the survey available at http://cups.cs.cmu.edu/cups-study/survey.html. The four character code you need to complete the survey has been emailed to you.

As a reminder, the complete consent form is available here.

if you have any questions or comments, please direct them to cups-study@andrew.cmu.edu.


Security Alert - Restrict Microsoft Internet Explorer Usage (Windows) - Unpatched Vulnerability - Attacks Underway
(Posted December 12, 2008)

An attacker may be able to take complete control of your computer when you visit a maliciously crafted web page with Internet Explorer on Windows. You may encounter these maliciously crafted web pages when visiting:

  • legitimate websites that have been compromised
  • unfamiliar sites found through legitimate search engines such as Google or Yahoo
  • links received through e-mail and instant messaging

For What You Need To Do, see Security Alert - Restrict Microsoft Internet Explorer Usage (Windows) - Unpatched Vulnerability - Attacks Underway.

Security Alert - Adobe Reader & Acrobat 9 and Flash Player 10 Security Update
(Posted November 17, 2008)

Windows, Mac and Linux users running Adobe Reader and Acrobat 8.1.2 and older or Flash player 9.0.124.0 and older are vulnerable to exploits. Without the security upgrade, an authorized attacker may take complete control of an affected system by convincing the user to open a maliciously crafted Portable Document Format (PDF) file or Flash file. The Adobe Reader & Acrobat vulnerabilities are actively being attacked through e-mail and malicious or compromised web sites.

For What You Need To Do, see Security Alert - Adobe Reader & Acrobat 9 and Flash Player 10 Security Update.


Security Alert - Virus Emails - You've received A Hallmark E-Card!
(Posted November 17, 2008)

Security Alert: Virus Emails - You've received A Hallmark E-Card!Virus emails have recently been sent to Carnegie Mellon email accounts claiming to be from postcards@hallmark.com.  The messages include a postcard.zip or similarly named attachment.  PLEASE DO NOT OPEN THE ATTACHMENT!

For What You Need To Do, see Security Alert - Virus Emails - You've received A Hallmark E-Card!.


Volunteers Needed: Help Us Protect the Carnegie Mellon Community from Identity Theft
(Posted October 30, 2008)

Volunteers Needed: Help Us Protect the Carnegie Mellon Community from Identity TheftAs part of our celebration of National Cyber Security Awareness Month, we are conducting a study to investigate how we can most effectively protect Carnegie Mellon community members from scam emails.


Thank you for your interest in this important community service.  REGISTRATION IS CLOSED.

The complete consent form is available here.

Please direct questions to cups-study@andrew.cmu.edu.


Security Alert - Critical Microsoft Security Update MS08-067 for Windows Users
(Updated October 24, 2008)

Security Alert - Critical Microsoft Security Update MS08-067 for Windows UsersOct 24 Update: Notification emails are being sent to owners of computers missing the update as detected by network scanning (Pittsburgh campus only).  The messages instruct owners to take action and notify Computing Services before the grace period ends.  If the grace period elapses without owners notifying Computing Service of their actions, then network access will be suspended to protect the vulnerable machine and the rest of the campus network.

Windows computers running Microsoft Windows may be vulnerable to exploits. This vulnerability may allow an unauthorized attacker to take complete control of an affected system that is connected to a network without any end user action. PLEASE PATCH AND REBOOT ASAP.

For What You Need To Do, see Security Alert - Critical Microsoft Security Update MS08-067 for Windows Users.


National Cyber Security Awareness Month (NCSAM)
(Posted October 8, 2008)

NCSAMOctober is National Cyber Security Awareness Month (NCSAM).  Learn about cyber security initiatives from around the University and participate in events and contests hosted by the ISO throughout the month of October.


To Learn More, see National Cyber Security Awareness Month (NCSAM).


Security Alert - Fraud Emails - CARNEGIE MELLON UNIVERSITY INTERNET USER
(Posted September 29, 2008)

Security Alert - Fraud Emails - CARNEGIE MELLON UNIVERSITY INTERNET USERFraud emails have recently been sent to Carnegie Mellon email accounts claiming to be from Carnegie Mellon University <cmu@webmaster.com>.  The fraud messages ask people to reply with their Full Name, User Id, and PasswordPLEASE ENABLE SPAM FILTERING AND DO NOT REPLY!

For What You Need To Do, see Security Alert - Fraud Emails - CARNEGIE MELLON UNIVERSITY INTERNET USE.


Fall Cyber Security Tips and Reminders
(Posted August 28, 2008)

Fall Cyber Security Tips and RemindersWelcome back from the Information Security Office (ISO)!


Follow these three steps to start the semester off SAFELY!

STEP 1:  Think Before You Click!

STEP 2:  Adhere to Copyright & Intellectual Property Laws

STEP 3:  Visit the ISO Website Often

For More Details, see Fall Cyber Security Tips and Reminders.


Security Alert - Fraud Emails - andrew.cmu.edu Feature Release: Upgraded Search
(Posted August 27, 2008)

Security Alert - Fraud Emails - andrew.cmu.edu Feature Release: Upgraded SearchFraud emails have recently been sent to Carnegie Mellon email accounts claiming to be from memberservice@andrew.cmu.edu.  The fraud messages ask people to reply with their User ID and PasswordPLEASE ENABLE SPAM FILTERING AND DO NOT REPLY!

For What You Need To Do, see Security Alert - Fraud Emails - andrew.cmu.edu Feature Release: Upgraded Search.


Security Alert - Virus Emails - You've received A Hallmark E-Card!
(Posted July 23, 2008)

Security Alert - Virus Emails - You've received A Hallmark E-Card!Virus emails have recently been sent to Carnegie Mellon email accounts claiming to be from "postcards@hallmark.com".  The messages include a postcards.zip or similarly named attachment.  PLEASE DO NOT OPEN THE ATTACHMENT!

For What You Need To Do, see Security Alert - Virus Emails - You've received A Hallmark E-Card!.


Security Alert - Widespread Adobe Flash Web Attacks
(Posted May 29, 2008)

Security Alert - Widespread Adobe Flash Web AttacksComputers running older versions of Adobe Flash Player are vulnerable to exploits. Criminals have infiltrated many legitimate websites and are using them to deliver Adobe Flash attacks. The most serious of these vulnerabilities may allow malicious attackers to take complete control of an affected system when you visit an infiltrated or maliciously crafted website. The latest version of Adobe Flash Player is not vulnerable. Update now.

For What You Need To Do, see Security Alert - Widespread Adobe Flash Web Attacks.


Security Alert - Debian & Ubuntu Linux Weak Encryption Keys
(Posted May 16, 2008)

Security Alert - Debian & Ubuntu Linux Weak Encryption KeysComputers running Debian & Ubuntu Linux are vulnerable to exploits.  Users that connect to Debian & Ubuntu Linux servers via SSH are vulnerable.  Users that generated cryptographic material such as SSH keys or SSL certificates on affected systems are also vulnerable.  The most serious of these vulnerabilities may allow malicious attackers to gain unauthorized login access or eavesdrop on encrypted communications.

For What You Need To Do, see Security Alert - Debian & Ubuntu Linux Weak Encryption Keys.


Do Your Part: Prevent Identity Theft
(Posted Jan 8, 2008)

Do Your Part: Prevent Identity Theft Protect Yourself, Others and the University from Identity Theft with Identity Finder!


Did You Know?

  • Your computer might be storing personally identifiable information (PII) such as your Social Security Number, bank account numbers, credit card numbers and passwords without your knowledge
  • If your computer or external media is lost, stolen or broken into over the Internet, someone might use it to steal your identity and the identities of anyone who shares your computer or whose personal information you might handle
  • If you store sensitive PII for Carnegie Mellon work and your computer or external media is lost or compromised, the University is obligated under PA state law to notify everyone affected by the breach and could potentially be legally liable
  • Over eight million Americans have their identities stolen annually and on average victims spend 600 hours clearing their good name -- Federal Trade Commission & Identity Theft Resource Center

For What You Need To Do, see Do Your Part: Prevent Identity Theft.


Computing Services & E-mail Attachments
(Posted ∞)

Computing Services & E-mail Attachments Computing Services will NEVER send unsolicited attachments in notification e-mail messages. If Computing Services requires that you install a patch, the e-mail message will NOT CONTAIN the patch, but instead direct you to an appropriate download page for the vendor or on www.cmu.edu.

If you are in doubt about a message do not open it! Contact the Help Center to verify the message's authenticity.


Disable Peer-to-Peer File Sharing Uploads
(Posted ∞)

Disable Peer-to-Peer File Sharing Uploads Most peer-to-peer file sharing programs (Kazaa, LimeWire, BitTorent, etc.) set your computer to share (allow uploading) downloaded files AND possibly all your personal files to anyone who asks for them. The University of Chicago provides instructions on how to disable this feature for many of the more popular file sharing programs.

NOTE: The instructions on the University of Chicago pages are a guide for what we currently think are feasible workarounds, but ultimate responsibility for your network usage falls to you. Don't lose your network connection (or face a potential lawsuit) for copyright infringement!


Security News Archive

For older news, visit the Security News Archive.

Support Contact


Related Topics