Tuesday, November 8, 2011
The Computing Services Information Security Office (ISO) hosted a number of events in observance of National Cyber Security Awareness Month during the month of October.
Featured events included classes on using the Identity Finder software and piloting a new security awareness program that will be offered online through the Open Learning Initiative (OLI). Staff members interested in participating in the pilot should contact the Information Security Office at email@example.com for the course access code. MORE
Tuesday, November 8, 2011The Computing Services Information Security Office (ISO) received numerous reports from Andrew users today of a phishing email with the subject, "Your [firstname.lastname@example.org] Account is on Restriction" from a sender address of Administrator <email@example.com>. In response, the ISO blocked the response Web address and further relaying of the phishing messages. Administrators at the originating site have been notified.
Friday, April 8, 2011Epsilon, a service provider that manages email communications for many companies, reported last week that it suffered a security breach that exposed names and email addresses for some of its clients' customers.
Although Epsilon has indicated that no other personally-identifiable information was put at risk, the compromised information could be used to send spam, phish, or malware-infected email. Most concerning is a type of phishing known as "spear phishing," whereby a phisher exploits a trust relationship to convince you to supply sensitive data like your login ID and password, credit card data, or banking information. Your name, email, and the name of a company that you do business with provide all the ingredients for a successful spear-phishing attack.
Thursday, March 24, 2011Earlier this week, Comodo, a service provider of Carnegie Mellon, experienced a security breach. According to details published by Comodo, this breach was the result of a compromised username and password that a customer used to access services. As a result of Comodo detection and remediation, this breach does not impact security controls at Carnegie Mellon. While this security breach does not directly impact Carnegie Mellon, it could potentially impact services provided by Google, Microsoft Live, Mozilla, Skype and Yahoo who were all targeted in this breach. MORE
Tuesday, March 22, 2011The Information Security Office would like to remind faculty and staff to follow a few security practices to minimize the risk and impact of computer and account compromises. Please read further for our Mid-Semester Security Tips for information on how to protect confidential information and University computing assets. MORE
Monday, March 21, 2011The Information Security Office welcomes you back from spring break and reminds you of a few important safe computing tips. Please read below to learn how to protect your confidential information and computing assets.
Thursday, March 3, 2011
During National Cyber Awareness Month (NCSAM) 2010, the ISO invited a number of local experts to present on security issues impacting the university. Mobile Device Privacy is a presentation conducted by Professor Norman Sadeh from the School of Computer Science, on how to protect your privacy when using a mobile device. Another interesting presentation was "How Cyberwar Impacts the University End User" by Timothy Shimeall, a Senior Member of the Technical Staff at the Software Engineering Institute.The presentation defines cyberwar and its effect on Carnegie Mellon community members.
For additional video training and presentations, please visit the ISO presentationswebpage. MORE