This feed is a collection of the information security and privacy tips published since 2006 in Penn's Journal of Record,The Almanac, and is provided by Penn's Office of Information Security http://www.upenn.edu/computing/security 2007 University of Pennsylvania Wed, 25 Nov 2009 12:22:15 -0500 security@isc.upenn.edu (Office of Information Security) Wed, 25 Nov 2009 12:22:15 -0500 PHP/MySQL Tue, 17 Nov 2009 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=146 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=146 The fact that the phrase to google someone has become a standard part of our language in recent years is clear evidence that Google remains the dominant force in the fierce competition among the various public search engines, and the introduction this year of Microsofts Bing service highlights the ongoing drive by search engine providers to index and access vast amounts of data more rapidly. Unfortunately, it continues to be the case that a significant portion of this data is personal, sen... Tue, 03 Nov 2009 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=145 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=145 A few months ago, at a peer institution, a laptop containing names and Social Security numbers of 45,000 students, faculty and staff was stolen. This was not an isolated incident. More and more data breaches are occurring as a result of lost or stolen laptops. Data is also at risk when it is stored on an unsecured desktop. The best way to avoid risks to sensitive data, to individuals, and to Penn is simply not to download sensitive data unless you absolutely must. Your Local Suppo... Tue, 20 Oct 2009 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=144 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=144 One of the "holy grails" coveted by hackers when they compromise a system is the file which contains the passwords for all the users on that system. The passwords are stored in encrypted form, of course, but if a hacker can decode or "crack" the encryption the reward is a valuable set of user credentials, especially if the system in question is a large, heavily used server. "Crackers Dictionaries" have been used for this purpose for several years, and these typicall... Tue, 06 Oct 2009 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=143 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=143 You have often heard the strong caution, "dont share your PennKey," but you may not know why. Here are some important reasons. First, your PennKey and your PennKey password protect your information. PennKey is the authentication system for logging on to many websites at Penn, including U@Penn, and viewing your personal data. Anyone with your PennKey and password can look up your pay, tax-related information, and other data that you probably want to keep private. Second, the PennK... Tue, 22 Sep 2009 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=142 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=142 The success of Sweden's Pirate Party prompts a reflection on the reasons for copyright law. The Swedish party now holds a seat in the 2009 European Parliament and Pirate Parties in 33 countries decry patents and advocate for decriminalizing file sharing. Copyright law traces back to English law. With the Statute of Anne in 1710, Parliament limited the monopoly enjoyed by Crown-chartered publishing and bookselling guilds with fixed term limits. Framers of the US Constitution distrusted sanctioned monopol... Tue, 08 Sep 2009 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=141 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=141 Did you know that during the annual Employee Resource Fair, Penn's shredding vendor, Nova Records Management, will shred personal papers free of charge for Penn employees? This shredding service provides a great opportunity to reduce risks such as the possibility of identity theft by securely disposing of confidential papers that are no longer needed. A related Penn vendor, Gigabiter, will securely shred pe... Tue, 14 Jul 2009 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=140 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=140 Computer privileges are like scissors; its not safe to "run" with them. Windows and Macintosh computers assign users specific capabilities. On a Mac, they are called "privileges." Windows calls them "rights." The most privileged account, "Administrator," has privileges to create new accounts, read or delete any file, modify the operating system and much more. Few such privileges are needed for most day-to-day computer activities like reading e-mail, using a web browser, ... Tue, 26 May 2009 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=139 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=139 Many of us are users of Google's online services, which include a search engine, e-mail, a calendar, a photo album and YouTube, among others. The company stores huge amounts of data related to use of its services. Depending on the specific products you use, Google may have data about your searches, websites visited, ads clicked, e-mails sent and received, personal appointments and videos youve watched. If you use Google Health, the company may even have your medical records. ... Tue, 12 May 2009 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=138 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=138 The number of people who have switched over to electronic personal banking in the last few years has skyrocketed, especially when it comes to paying bills online, and it's easy to see why. Not only is it convenient, but the savings in timeand postagecan add up. And, in an era of heightened "green" consciousness, many online banking customers view dealing with fewer printed bills and statements as "a good thing." But is it safe? Many people are hesitant to enable thei... Tue, 05 May 2009 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=137 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=137 The University's Purchase Order Terms and Conditions document states the general terms of contracts applicable between the University and its vendors. The document is automatically incorporated into each University purchase order. Recently, the Terms and Conditions were updated with respect to privacy and security of information. The new Terms and Conditions include strong requirements to protect confidential data, including provisions for dat... Tue, 28 Apr 2009 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=136 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=136 In 2004, the United Nations issued a report on Syria's suspected involvement in the assassination of Lebanon's former prime minister, Rafik Hariri. Recipients of some versions were able to track the editing changes, which included the deletion of names of officials allegedly involved in the plot, among them the Syrian president's brother and brother-in-law. Word, Excel, and PowerPoint documents have complex, sophisticated data formats. They can contain a mixture o... Tue, 21 Apr 2009 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=135 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=135 Distributing and sharing important data and files electronically has become such an integral part of our jobs and lives in recent years that most of us routinely send sensitive and confidential information in the form of e-mail attachments or file transfers through instant messaging clients, despite frequent reminders from our IT support staff about the insecure nature of these methods. To help reduce and mitigate the risks inherent in distributing electronic files over insec... Tue, 14 Apr 2009 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=134 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=134 Facebook is a fun place to celebrate your birthday, but with all the well wishes that are sure to come your way from your Facebook friends, it is important to think carefully about how broadly to share your information. One of the key pieces of information used in identity theft is a persons date of birth, and a Facebook account which is not carefully controlled through privacy settings could be exposing your birthday and other personal data to thousands of pe... Tue, 07 Apr 2009 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=133 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=133 Today, 175 million users subscribe to Facebook. Stated differently, if Facebook were a country, it would be the 7th most populous in the world. And yet, many on Facebook, or considering going on Facebook, are worried about how to use it safely. Sophos, an Internet security company, has produced a Facebook Best Practices Guide, recommending how to navigate and set Facebook privacy settings to minimize ones risk of identity theft while using the site. The Guide can b... Tue, 31 Mar 2009 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=132 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=132 As an older generation joins their co-workers, old friends, and maybe a few uncomfortable teenagers on Facebook, it's time for a primer on privacy: Be careful with Facebook apps.Check and recheck your privacy settings.Facebook apps are software programs usually intended to allow users to connect, interact, and entertain themselves. Some apps, like Photos and Wall, were written by Facebook, but the vast majority are written by 400,000+ third-party developers. When you install an... Tue, 24 Mar 2009 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=130 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=130 In a recent survey of nearly 5,000 adults in the United States, 482 individuals reported that they had been victims of identity theft in 2008. Lost or stolen wallets, checkbooks and credit/debit cards were the most common sources of personal information in these identity thefts, accounting for nearly 43 percent of incidents where the source of information was known. In a similar survey conducted one year earlier, these sources had accounted for a significantly lower 33 percen... Tue, 17 Mar 2009 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=129 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=129 We are sometimes surprised at what's on our computer. With the advent of data breach notification laws, when an employee computer goes missing, data privacy is the first concern. Employers want to know their risks, and common practice is to scan any available backups for confidential information. Often, news coverage of a data breach notes that the employee was unaware of sensitive records on the stolen computer. In the days before identity theft mushroomed, it wasnt uncommon to find s... Tue, 03 Mar 2009 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=128 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=128 The U@Penn Portal, reached by clicking the Faculty & Staff link on the main Penn home page, offers easy access to your W-2 tax statements from 2005 to 2008 through "My Tax Info." All University employees should have received a copy of their tax statements via US mail, and accessing your statements online is strictly optional, but if you want to review your statement or need additional copies they are available for your convenience. Tax statements contain sensitive information, includi... Tue, 24 Feb 2009 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=127 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=127 Identity thieves have a new technique this year to make their IRS tax scam seem more credible. The Philadelphia Inquirer reports that fraudulent e-mail is circulating that purports to come from the IRS. The e-mail includes attachments of letters on real IRS letterhead and real IRS forms. The victim is instructed to fill out the forms, including social security numbers, and to fax the forms to a phone number. Thieves hope the authentic-looking documents and the use of a fax will trick an otherw... Tue, 17 Feb 2009 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=126 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=126 In recent years, more and more people have found Instant Messaging IM services from companies like America Online, Google and Microsoft a useful way to communicate and exchange data with other users in a "real time" way that even e-mail does not afford. However, there are dangers and pitfalls to using these mass-market IM channels. As with e-mail, you can't always be absolutely certain the person you're swapping messages with is really who he/she claims to be. Another concern is th... Tue, 10 Feb 2009 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=125 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=125 Whether it's common spam or messages that are actually threatening or disturbing, Penn Information Security is often asked about how to identify the sources and senders of troublesome e-mail. Because e-mail is so easily forged, it's usually the case that conclusive identification of who and where a "bogus" message came from is not possible. There are instances, though, where the information contained in the message headers can indicate or strongly suggest the source. Similar to the inform... Tue, 03 Feb 2009 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=124 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=124 In these turbulent economic times it is easy to be distracted from important financial basics, such as remaining vigilant about identity theft. Unfortunately, however, major incidents of identity theft continue to occur. This point was brought home recently when a data processing company announced that intruders had hacked into a system that processes 100 million payment card transactions each month. The total number of stolen records in this incident is not yet known, nor is the ... Tue, 20 Jan 2009 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=123 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=123 Over the last couple of years there have been several reports in the media about "skimmers" found attached to ATM machines and credit-pay gas pumps in the Philadelphia region, notably at several Wawa convenience stores. Skimmers are small electronic devices which read, store and, in some cases, transmit the digital information from the magnetic stripe of any credit or debit card passed through it: name, account number, expiration date, etc. Skimming has become a major factor in the growth of credi... Tue, 13 Jan 2009 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=122 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=122 Phishing e-mails are the perfect storm. They are sophisticated and easy to fall for. Recent examples include commonly received warnings, such as Your Mailbox is Over its Size Limit; messages that seem to come from your real friends, especially in the form of greetings cards; and messages about major news events.They are frequent. The AntiPhishing Workgroup reported that crimeware-spreading URLs infecting PCs with password-stealing code rose 93 percent in the first quarter of 2008. ... Tue, 16 Dec 2008 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=121 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=121 Phishing in its basic form typically arrives as an e-mail message purporting to be from a reputable financial institution or other business. The message may instruct you to click on a link to a website where you will be asked to enter information about your account in order to fix a "problem, or may ask you to update or confirm your account information. The actual intent, of course, is to collect your personal information for purposes of committing iden... Tue, 09 Dec 2008 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=120 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=120 Even as we hear of a credit crunch around the world, its likely that once again the holiday season will see Americans credit card balances reach their annual peak. Before going online or heading out to the malls, its worth pausing to consider some basic security measures when using credit cards: When shopping online, be sure that youre using a secure server site check for https: in the URL and/or a locked padlock icon in the browser fram... Tue, 18 Nov 2008 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=119 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=119 The weeks leading up to and following major events -- such as a presidential election or a Phillies World Championship -- are always highlighted by a peaking of interest in news and items about the event, and the Internet is always buzzing with videos, images, and news items that are "virally" distributed by e-mail, websites, and other electronic sources. Unfortunately, in some cases this "viral" aspect is literally true. Hackers, spammers, and identity thieves often lev... Tue, 11 Nov 2008 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=118 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=118 When turning on wireless networking, it is increasingly common to see a number of available networks to join. In fact, some newer devices actively alert the user to the presence of available networks. Some of those networks will be "free," even though there may be no indication of who is providing the service. Just as clicking a link in a "phishing" message may take you to a malicious website, joining an unknown wireless network may lead to compromise of your data. Whenever possibl... Tue, 04 Nov 2008 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=117 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=117 As more and more sensitive and confidential information makes its way into online systems and databases, strong authentication is a term were all going to be hearing more about in the coming months and years. The need for computer users to select and protect strong passwords has been a recurring topic of our One Step Ahead series, and it remains a fact that the overwhelming majority of systems in the world still rely on passwords as a single method to authenticate users despite the ... Tue, 28 Oct 2008 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=116 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=116 In Penns complex environment it is difficult to be aware of all the requirements that apply, and all the tools that are available, to help protect the privacy and security of confidential information. Recognizing these challenges, Information Systems and Computing and the Office of Audit, Compliance and Privacy have developed an online training module called "Information Privacy and Security at Penn: A Practical Guide." The module, which requires less than twenty m... Tue, 21 Oct 2008 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=115 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=115 Much has been reported in the media about the ongoing campaigns by entertainment trade organizations, such as the Recording Industry Association of America RIAA, to seek out infringement via illegal filesharing of their copyrighted materials on college campus networks and, in some cases, institute lawsuits in order to recover damages from the responsible parties. As reported in the Daily Pennsylvanian in recent months, numerous Penn students have been targeted by RIAA l... Tue, 14 Oct 2008 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=114 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=114 New List of Privacy and Security ResourcesAt Penn it is important to protect many types of information, sometimes because of regulatory requirements and sometimes because of the personal nature of the information itself. Student records, health information, credit card information, personal financial information, Social Security numbers and personnel records are among the kinds of data that need to be protected by Penn faculty, staff and other constituents. In our complex environment it is difficult to be aware of all the requirements t... Tue, 07 Oct 2008 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=113 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=113 Sometimes its absolutely necessary to share Social Security numbers SSNs with colleagues; however, sharing SSNs via email is never a good idea and is prohibited by University policy. Nor is it a good idea to share other sensitive data via email. Almost all email on campus is sent and stored in clear text, neither protected by encryption in transit nor at rest on the senders and recipients hard drives. There are many dangers associated with including sensitive and confidential data in em... Tue, 23 Sep 2008 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=112 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=112 Allowing your web browser to save your ID and passwords, especially at public or shared computers, creates an unnecessary privacy and security risk. Viruses and worms can steal stored passwords, and anyone else who uses your computer could also use your stored passwords. Needless to say, you should also never save your PennKey password, or passwords for other University systems, in your browser, since this would put Penn data at risk for unauthorized access and use. Here is how you can ... Tue, 16 Sep 2008 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=111 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=111 Web-based tools have revolutionized the way that surveys are conducted and their results analyzed. Popular online tools, such as SurveyMonkey, Zoomerang and QuestionPro, speed up survey creation and distribution, and streamline submission of responses. These tools can also create a wide variety of analytical reports almost instantaneously. The value of web-based survey tools is clear. At the same time, it is important to be aware of a potential priva... Tue, 09 Sep 2008 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=110 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=110 In recent years, the use of mobile computing devices, including laptop computers, has increased dramatically. Because such devices can easily be lost or stolenputting both the device itself and data stored on it at riskthere has been a corresponding increase in adoption of security measures. At Penn, one security measure that is commonly used, and in some cases is required, is installation of Computrace software on laptops. Computrace software has two major features. First, it allows authorized ... Tue, 02 Sep 2008 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=109 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=109 Fraud Artists Working Now to Convince You Otherwise In recent weeks, we have witnessed an increasingly sophisticated set of email messages that look very similar to legitimate messages from some Penn programs. The key difference is that the fraudulent emails ask you for your username, password, and other information. Make no mistake -- Penn as a University, and Schools and Centers at Penn, will never ask you for your username and password via email. A list of ... Tue, 15 Jul 2008 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=108 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=108 For the 2008 academic year ending June 30, 2008, Penn experienced a sharp drop in the numbers of hacked computers and a respectable drop in numbers of alleged copyright infringement notices. The most serious security and privacy incidents were most often due to lost or stolen computers or portable data storage devices. The number of hacked computers in 2008: 239, is down 63% from 2007. Reasons for the improvement include broader use of automated patch management ... Tue, 27 May 2008 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=107 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=107 It has been estimated that 93% of all business records now created are stored electronically. Civil litigators and criminal investigators have known the value of electronic records for years, and the market for electronic records discovery services is projected to grow 30% over the next five years. Electronic discovery, or E-discovery, is a legal process in which electronic data is sought, located, secured and searched with the intent of using it as evidence in a civil or crimin... Tue, 13 May 2008 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=106 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=106 So, you just got another one of those e-mail messages from a friend, or a family member. You know, the ones that implore you not to open other messages with certain subject headers because its a virus that will wipeout your hard disk, or that the State Police are about to launch a frenzy of issuing speeding tickets on several major local highways. And, of course, the message urges you to pass this on to everyone in your address book. You suspect its probably a hoax ... Tue, 06 May 2008 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=105 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=105 Identity thieves approach their task in different ways. Some steal wallets and use personal information to open new accounts; some steal credit card data to run up charges on existing accounts. And many do the following: look through trash dumpsters to find tossed out pre-approved credit card offers, forge the signature of the person whose good credit history qualified them for the offer, and then submit a change of address. The result is that a new credit card can arrive... Tue, 29 Apr 2008 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=104 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=104 Remember the days, not so long ago, when many of us walked around with two or more gadgets clipped to our beltscell phones, Palm devices, pagers and others? Personal Digital Assistant PDA technology has advanced in just the last couple of years to the point where a single Blackberry, Treo or other smartphone device rolls all our on the go computing needs into a single convenient, compact package that has more computing power than the desktops of just a few years... Tue, 22 Apr 2008 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=103 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=103 No matter which operating system you use, it actually takes some thought and effort to make certain that a sensitive file you no longer need is completely deleted from your system. And then, youll need to think about where backup copies may exist, and how to securely dispose of them as well. Simply dragging a file to the Recycle or Trash folder on your desktop is very much analogous to crumpling up a piece of paper and tossing it into the wastebasketits a trivial matter to retr... Tue, 15 Apr 2008 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=102 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=102 As you may recall, Penns Social Security Number Policy was announced in the Almanac last fall. See www.upenn.edu/almanac/volumes/v54/n16/sspolicy.html.The policy establishes expectations around the use of Social Security numberssensitive data whose misuse poses privacy risks to individuals, and compliance and reputational risks to the University. The policy calls on staff, faculty, contractors, and their respective agents to inventory their online and o... Tue, 08 Apr 2008 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=101 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=101 The US Internal Revenue Service is alerting taxpayers to a range of scams aimed at stealing either your money or your identity. Many of the scams reference either your tax refund or the 2008 Economic Stimulus rebate as an incentive to get you to fall for the scam.Some taxpayers have received bogus e-mail messages that purport to come from either the IRS or the Social Security Administration. The messages request personal information that would supposedly expedite the turnaround time of a t... Tue, 01 Apr 2008 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=98 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=98 Do you currently use Social Security Number SSN to identify people in your IT systems or in day-to-day procedures? Did you know there is a tool available to help you switch from SSN to PennID? Using PennID as the identifier ensures that SSNs will not be stolen and used to commit identity theft. The 8-digit PennID number is a unique identifier for individuals associated with the University or the Health System. It can therefore replace the SSN as a key in databases, or to uniquely identify an ind... Tue, 25 Mar 2008 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=97 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=97 It is estimated that in 2005, in the US, there were 2.75 million professional programmers and 55 million end user software developers, i.e., people who had taught themselves to program. The trend began in the 1980s with spreadsheet software and continued with the advent of easy-to-use tools like FileMaker, PageMaker, and Visual Basic, to mention just a few. End user software development tends to be cheaper and faster. Often, however, a downside is that it does not conform to the types... Tue, 18 Mar 2008 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=89 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=89 In todays wired society, it is virtually impossible to wholly eliminate your risk of being a victim of identity theft. But, there are many important and often effective ways to significantly lower your risk of falling victim to this crime.For example: Do not give out personal information unless youve initiated the contact or are sure you know with whom you are dealing.Guard your mail and trash from theft. Tear or shred documents containing your personal information. ... Tue, 04 Mar 2008 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=88 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=88 People who think even a little bit about protecting the privacy and security of Penn data do a lot of good. Keeping privacy and security in mind for faculty and staff has paid great dividends. The more people think about privacy, the more people there are who clean their offices of sensitive data that no longer needs to be retained, who raise security questions with third parties working with Penn data, and who offer data subjects opt-in or opt-out choice f... Tue, 26 Feb 2008 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=87 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=87 Before sending an e-mail message, be sure to look beyond the body of the message. More and more privacy intrusions are occurring based on improperly addressed e-mail messages. The problem can often be exacerbated by e-mail programs that recognize the recipient after only a few letters of the name are typed and e-mail listservs that have similar names to one another. And, it is often too easy to hit the Reply to All button when you actually meant to reply only to the sender. A ... Tue, 19 Feb 2008 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=86 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=86 Cyberbullyingwhen children or teens use the Internet, cell phones or other digital technologies to threaten, harass or intimidate another child or teenis a growing problem, affecting almost half of US teens and children. Studies have shown that difficulty making friends, loneliness, low self-esteem, depression, poor academic achievement, truancy and suicide are all associated with being bullied. The pervasive, and sometimes invasive nature of some communication technologies can... Tue, 12 Feb 2008 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=85 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=85 If a computer security incident happens to you, dont panic. Penn has established a policy and infrastructure to support the appropriate response to security incidents. Penns policy, the Information Systems Security Incident Response Policy, contains several components to ensure that computer security incidents are handled responsibly and that appropriate internal and external communication takes place. The most important point to remember is that the polic... Tue, 05 Feb 2008 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=84 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=84 Last year, a study conducted by Carnegie Mellon University showed that somewhere between 2-4% of computers are reported to have some sort of hard drive failure. This figure is most alarming if you think about it in terms of the people who use computers and their data. Three people out of 100 could lose important data that is stored on their hard drives. In a given moment, research, photographs, spreadsheets, documents, e-mailanything and everything could be lost. Beyond hard drive failure, there is a... Tue, 29 Jan 2008 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=83 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=83 The availability of wireless networking on the Penn campus has expanded greatly over the last couple of years, and members of the Penn community have the luxury of using PennKey-authenticated and encrypted wireless sessions for secure networking over PennNet. Of course, more and more businessesespecially coffee shops, bookstores and airportsare also offering wireless hot spots for their customers to use, and even when its a major company or chain, it can be difficult to know how s... Tue, 22 Jan 2008 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=81 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=81 Much has been written and said, with good reason, about the importance of getting rid of sensitive data that is no longer needed. Keeping unnecessary paper documents and electronic files that contain confidential information creates unnecessary risks, both to individuals whose data is involved and to Penn. At the same time, it is of critical importance that destruction of such data be handled appropriately. Paper Files. Review your files containing confidential data and shred them whe... Tue, 15 Jan 2008 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=79 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=79 One of the most popular features of e-mail is the ability to send the same message to a group of individuals with a single mouse click. For example, you can create a group of addresses with your mail program such as Outlook, give the group a name, or alias, and substitute the alias for the underlying address list when sending a message. You can also initiate a list management service, or listserv, which allows you to send messages to list subscribers without enter... Tue, 18 Dec 2007 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=78 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=78 This time of year, you may be doing more online shopping than ever. And, when visiting many major web sites, you may be prompted to save your username and password to make future visits more convenient. Do not check the remember me box or similar functionespecially at public or shared computersbecause if you do, you create an unnecessary privacy and security risk. Remember that websites prompting you to save your password often hold other information such as... Tue, 11 Dec 2007 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=77 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=77 Be wary of sites like MySpace, Facebook and YouTube where practically anyone can provide content. These sites are designed to allow you and your friends, or even strangers, to post text, images, movies and, in some cases, programs. Bad guys have found ways to circumvent security controls and plant malicious software on such sites. In November, 2007, hackers infected Alicia Keys MySpace page. Many people who visited the site had their computers infected with softw... Tue, 04 Dec 2007 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=76 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=76 Google reported in May, 2007, that ten percent of websites are infected with malicious software that could result in a users personal information being stolen. Sometimes, simply visiting an infected site, without even clicking links, will compromise your computer. How can you tell a safe site from an unsafe site? For starters, avoid sites that offer celebrity photos, screensaver wallpaper, adult photos or movies, or free or pirated computer games, movies, or music. A 2005 study by resea... Tue, 20 Nov 2007 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=75 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=75 Penn has established standards of stewardship and ethical behavior that affect all areas of the University. These basic expectations for the Penn community have been articulated in ten Principles of Responsible Conduct, which can be viewed at www.upenn.edu/audit/oacpprinciples.htm. The Principles include, for example, maintaining confidentiality, respecting others in the work place, complying with laws, regulations and policies, and avoiding conflict of interest. If... Tue, 13 Nov 2007 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=74 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=74 Though much progress has been made in recent years in providing more secure methods of gaining access to computing resources, the primary authentication method remains the combination of a username and password. Of course, as we continue to open new accounts on websites like amazon.com, do our banking online, and perform other useful but confidential work, the number of account names and passwords multiplies as well, and its difficult for the average human being to remember all of them. Pa... Tue, 06 Nov 2007 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=70 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=70 In the past, hackers operated mostly for the glory of seeing their viruses distributed to millions of computers. Nowadays, they are more interested in financial gain and are increasingly writing viruses and worms targeted to particular groups to steal passwords and credit card numbers. By narrowing their focus, they also more easily evade anti-virus and spam filtering software. This summer, fraudsters sent targeted email to thousands of HR professionals who use the monster.com recruiting service. ... Tue, 30 Oct 2007 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=69 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=69 Your home computer from 2001 may seem to be chugging along fine, doing everything you need it to do, but saving a few bucks by keeping an outdated computer in service could cost you in the long run. Older computers connected to the Internet are at a higher risk for security and privacy breaches than newer systems. Moreover, it is a violation of University policy to put confidential research or administrative data onto a computer that cannot be properly secured. Here a... Tue, 23 Oct 2007 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=68 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=68 What is the right thing to do with documents and data of faculty or staff members when they leave Penn? In most cases, one can involve the individual in the decisions before they leave. They will often on their own, or at the request of their supervisor, help map out what is appropriate to share with colleagues, to securely delete, or for more personal items, what they wish to take with them. In some cases the handling of this issue is more difficult. Cons... Tue, 16 Oct 2007 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=67 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=67 Phishing has been the subject of previous One Step Ahead articles, but phishers, like spammers, are continually coming up with new wrinkles in their ongoing efforts to separate you from your confidential, personal informationand your moneyso its worthwhile to keep up to date on the latest trends. Phishing in its basic form arrives as an e-mail message purporting to be from a reputable online business or financial institution. The message instructs you to click on a link to a web... Tue, 09 Oct 2007 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=66 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=66 Working at home and while traveling are becoming common phenomena in our societyincluding the Penn community. Virtual offices can be created almost anywhere using current technology, and flexible work scheduling is expanding in large part because of technologys impact. The convenience that these developments make possible is accompanied, however, by increased risks to data privacy and security. For example, assume for a moment tha... Tue, 02 Oct 2007 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=65 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=65 A widespread computer worm named "Storm," circulating since January 2007, has many guises. The worm arrives in your email inbox as spam. A recent version warns that the Recording Industry is tracking you if you download free movies or music. You are pointed to a link to download Tor, a popular anonymous internet routing implementation. But if you follow the instructions, you infect your machine with the Storm worm. Your machine is then drafted into a network of hacked machines used to crash popular ... Tue, 25 Sep 2007 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=64 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=64 Website visitors - including members of the Penn community - who access information and services online are increasingly paying attention to online privacy and security issues. Their concerns are well-founded, since identity theft and other misuses of personal data are not uncommon in today’s wired world. Recognizing these rising concerns, it is important to consider the expectations of website users and post a privacy statement when appropriate. New guidance on when and where to post website priva... Tue, 18 Sep 2007 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=63 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=63 The online world gives us unprecedented opportunities to chat with people around the globe about current issues, to network professionally and socially, and generally to express ourselves. These are amazing and positive developments. But think about privacy risks when posting to blogs and similar services, and uploading to video-sharing sites. Electronic postings may be permanent and may define you now or at any future point. Statements and pictures posted online now, in jest or to convey a message to a defined gr... Tue, 11 Sep 2007 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=62 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=62 Peer-to-peer file-sharing software "file-sharing software" is often used illegally to download music or movies for free from other computers running the software. Are you running file-sharing software on your work or home computer? Or, has someone in your household installed it on your computer? If so, there is even more to be concerned about than the possibility of illegally downloading or sharing copyrighted audio and video files. Increasingly, criminals are using peer-... Tue, 04 Sep 2007 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=61 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=61 Many faculty and staff at Penn work with personal information of Penn constituents as part of their job responsibilities. Indeed, personal data drives many critical functions at Penn - from assigning grades to students, to managing and paying staff, to performing life-saving medical research on human subjects. Taking steps to protect confidential data from falling into the wrong hands is critical - someone elses private information may literally be in your hands. In addition to protecting data o... Tue, 17 Jul 2007 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=60 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=60 In a December, 2006 report, Microsoft warned about an increase in offers for "rogue security software" that tries to trick unsuspecting victims into downloading harmful, malicious software. The offers come in the form of website popup windows with false warning messages like: Warning! 1 Threat FoundYour Computer is Infected!Security Warning! Serious Security Threat DetectedWindows has detected spyware infection! At the bottom of the window are buttons to click with labels like: Click here t... Tue, 22 May 2007 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=40 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=40 A shadowy website in Chicago might have collected passwords from thousands of universities and businesses earlier this year. The site has been taken down, and there is no evidence that PennKey passwords were compromised, but similar rogue websites could pop up elsewhere in the future, so it is important to be alert for this scam. The rogue Chicago website spoofed login webpages. The spoofed PennKey site looked and functioned almost exactly like authentic PennKey login pages, with only ... Tue, 08 May 2007 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=39 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=39 Youve read about the hundreds of colleges, universities, retailers, banks, and others that have had data security breaches - hacked systems, lost laptops, stolen backup tapes and the like - involving Social Security numbers. You worry about this type of problem because: You cant be sure whether you still have old SSNs in any of your desktop or server files, ORYou think you need full SSNs to interface with other systems on campus, ORYou need some type of identifier to m... Tue, 01 May 2007 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=38 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=38 As many of us look forward to the fresh start that spring cleaning brings to our homes, it’s worth taking a moment to think about how a regular "cleanout" of our home computers can be beneficial as well. As with paper files, receipts, etc., we all tend to accumulate and retain computer files longer than we really need to in most cases. Many old files can simply be deleted, while others that still have some value don’t necessarily have to stay on your hard drive and can be archived t... Tue, 24 Apr 2007 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=37 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=37 You just built a great new database to improve administrative efficiency in your departmentYou’ve launched a new application collecting personal data of participants as part of a research study.You’ve upgraded an older system to a new version and are delighted by the better features.Are you thinking about the security and privacy implications in any of these scenarios? If you aren’t, you should be. Penn has developed an easy-to-use too... Tue, 17 Apr 2007 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=36 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=36 So, you dragged that sensitive file to the Recycle Bin, emptied the bin, and now the file is gone forever, right? Not so fast. Like cats, deleted files seemingly have nine lives. When you delete a file, the operating system simply changes the first character of the filename and marks the space the file occupies as being free. The filename and data remain on the drive until overwritten and are easily retrievable using widely available recovery and forensic tools. But wait, there’s more. For s... Tue, 10 Apr 2007 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=35 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=35 You just realized that you wrote down your PennKey password and left it on your desk overnight. Did someone see it? Should you change it?While working on a sensitive project, you gave your PennKey password to a colleague so you could both get access to the information to complete the project. You now realize that you shouldn’t have shared this information and want to change your password - but how do you change it?Your PennKey password gives you access to sensitive institutional data and, in ... Tue, 03 Apr 2007 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=34 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=34 The affordability and ease of use of basic wireless access points WAPs has prompted many Penn users to set up "hot spots" at home.If you choose to set up your own wireless network, be aware of the following security issues and guidelines to prevent others from accessing your network and your data. Change the default passwords on all WAPs you use on your wireless network to strong passwords of your own choosing. This prevents intruders from taking control of your network by using published lis... Tue, 27 Mar 2007 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=33 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=33 Whether at Penn or elsewhere, you may be looking for opportunities to take control in areas affecting your privacy.Penn’s Privacy website has a "Manage Your Information" tab that identifies steps you can take to address many privacy concerns. Check your credit report for free, get on the national do-not-call list, or stop receiving pre-approved credit offers - all using resources described on the Penn Privacy website. You can also find out about privacy options at... Tue, 13 Mar 2007 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=32 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=32 The chances are good that you conduct sensitive transactions online. Whether you’re buying a book, submitting sensitive customer data at work, or doing online banking at home, the web is an essential part of doing business.Here are three things to look for when transmitting sensitive data online: 1. Check for the "S":Look for https:// in the address bar of your web browser and a picture of a lock in one corner of your browser window when doing online transactions credit ... Tue, 27 Feb 2007 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=31 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=31 Handheld computers comprise a broad class of devices including BlackBerry, Windows Mobile, and Palm Smartphone, as well as traditional PDAs Personal Digital Assistants. As these devices can contain lots of personally sensitive information, it is a good idea to make sure that they are protected from prying eyes as much as possible. In the event one of these devices is lost or stolen, the following short list of recommendations will help ensure that your data is protected, and is accessible ... Tue, 20 Feb 2007 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=30 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=30 One of the "hot button" topics in computing over the last several years has been the widespread downloading and sharing of digital media - music, movies, television, games, application software and more. At Penn, as at our peer institutions, there are incidents of copyrighted material being made publicly available on Penn computers, intentionally violating the Digital Millenium Copyright Act DMCA and University policy. As a research institution tha... Tue, 13 Feb 2007 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=29 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=29 Even though backing up the data on your computer gets less attention these days than issues like identity theft, it’s still a critical security procedure. ISC now has available a new for-fee service called Back-IT-UP, for backing up desktops, laptops, and servers. This easy-to-use service lets you define exactly what you want to back up and determine a convenient schedule for running your backups. All data are compressed and encrypted before being sent to the Back-IT-UP repository, ... Tue, 06 Feb 2007 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=28 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=28 As we all know, cell phones today are not just for having telephone conversations. You can surf the Internet, send and receive email and text messages, keep your calendar, manage contacts, shoot photos and videos and even listen to music. Along with all of those great features comes a potential risk that personal information could be available to strangers after your phone is sold or donated. With the average life of a cell phone at about 1 1/2 years, most of ... Tue, 30 Jan 2007 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=27 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=27 Have you asked yourself any of the following questions? May I discuss a students academic performance with his advisor? May I share a students grades with her parents?May I ask students for their Social Security number?May I leave graded exams outside my door for students to pick up?May I post class lists and student photos on the web?May I destroy copies of my old grade sheets? If you have asked any of these questions, then you have recognized that student data is often sensitive and privat... Tue, 23 Jan 2007 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=26 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=26 Although "phishing" was the subject of a previous security tip, it’s worth revisiting and focusing on the two most frequently "phished" companies: eBay and PayPal. PayPal was acquired by eBay in 2002 to facilitate online payments for its buyers and sellers. In recent years many other businesses have adopted PayPal as a payment method to the point where today untold millions of people worldwide have accounts with eBay, PayPal or both. These provide one of the single biggest &quot... Wed, 17 Jan 2007 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=25 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=25 If the answer is: I have a lot of personal, sensitive data in a database or application and I’m not sure I’m protecting it appropriately, you are not alone, and unfortunately, your concerns may very well be valid! Many faculty and staff at Penn are now learning different ways of building databases and applications to run administrative and academic functions -- but many have not had the security training to minimize the risks of hackers accessing data, physical theft, web crawlers like Goo... Tue, 09 Jan 2007 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=24 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=24 Most identity theft involves abuses of credit. Identity thieves may use your data to open up new credit card accounts or use your existing account to charge purchases for themselves. One of the best protective measures is to keep a close watch on - or actually control - your credit report. You can do this in a variety of ways: Credit Freeze. The best preventative measure is to put a freeze on your credit file, as allowed by Pennsylvania law beginning January 1, 2007... Tue, 19 Dec 2006 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=23 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=23 A critical aspect of keeping your computer secure is to regularly download and install operating system OS updates, patches and service packs. Many updates can be downloaded and installed "on the fly" with little or no impact on the computer’s operation. In some cases, however, rebooting is required for an update to take effect, and you may be presented with a dialogue box giving you the option of restarting immediately or can... Tue, 12 Dec 2006 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=22 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=22 More and more Penn faculty and staff are working from home and more and more resources are available to make it easy. But several data protection issues arise with work-from-home activities. The safest way to work from home is to use a Penn laptop, managed by a Local Support Provider, that is protected by a strong password, up-to-date patches, and antivirus software. Data should not be kept on the laptop. Instead, use the laptop and secure remote access to log onto Penns secure s... Tue, 05 Dec 2006 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=21 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=21 Though it sounds like something that might be a four-year degree program at Penn, "social engineering" is a term that refers to the practice of leveraging and manipulating human nature to gather sensitive and confidential information the "old fashioned way" by means of deceit, guile, subterfuge and fraud. In short, "social engineer" is a euphemism for "con artist". Rather than spend hours stealing and cracking encrypted passwords, social engineers und... Tue, 21 Nov 2006 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=20 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=20 Security experts often warn against "shoulder surfers" who peek at your screen and watch your fingers as you type in order to steal passwords and other sensitive information, but those prying eyes aren’t necessarily right behind you - they can be almost literally "inside" your computer. Keystroke loggers can record everything you type, as well as your mouse movements and clicks, and transmit them secretly to one or more spies anywhere on the Internet. These are sometimes physical d... Tue, 14 Nov 2006 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=19 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=19 Many - maybe most - people at Penn have a need for access to information systems with some sort of confidential data. But think about who, in most cases, doesn’t need and shouldn’t have that access:Terminated employeesEmployees who haven’t used the system in a very long time Employees who have changed job functions and no longer need access for their new roleShutting down an account that is no longer needed goes very far in protecting the privacy of the data in that s... Tue, 07 Nov 2006 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=18 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=18 Don’t let this happen to you; it could. Dave, a business administrator, discovered that dozens of his department’s employees’ salaries, SSNs, and performance appraisal ratings were publicly available on the Internet. Dave was computer savvy and had been given responsibility for the department’s web accessible database. Though not an expert, he thought he knew enough to get the job done. However, in today’s complex web environment, he didnt know enough about how to pro... Tue, 31 Oct 2006 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=17 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=17 Hackers use Google extensively to find private data on the web. You can preempt theft of your data by using the same tools the bad guys use. Use search engines regularly to search for any private data that might have been mistakenly exposed. Because you’ll be searching computers throughout the world, you’ll need to limit your search somehow to avoid getting a lot of "false positives". To limit your search to just Penn, type the following in front... Tue, 24 Oct 2006 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=16 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=16 If you are careless, Google and similar search engines will index private files on your computer, making them available to the whole world. Here’s how you can prevent this from happening: Beware of Google Desktop. For details, see a previous One Step Ahead tip: www.upenn.edu/almanac/volumes/v52/n33/osa.html Ask your web administrator if directory index listings have been disabled. This has been done for www.upenn.edu.Be careful what folders you store sensitive files in. When... Tue, 17 Oct 2006 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=15 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=15 In his 1993 book, The Panoptic Sort, Annenberg Emeritus Professor Oscar Gandy warned about the threat to privacy that panoptic technology poses. Gandy describes panopticism as continuous, automatic surveillance, and describes efforts to monitor the spread of plague in cities in the 17th century by asking individuals to stand in front of their windows to be inspected for pox, and the design of prisons that permit a few guards to monitor hundreds of inmates. Classic examples of panopticism today are web search engin... Tue, 10 Oct 2006 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=14 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=14 While much data at Penn is absolutely necessary to our everyday operations and mission, most people retain sensitive data longer than they need to. This is true for paper documents as well as computer files, e-mails, and so on. And keeping unnecessary data creates unnecessary risks both to the individuals whose data is kept and to Penn. The best way to protect data is to simply not have it. Paper Files. Review your paper files containing confidential data and shred them when allowed ... Tue, 03 Oct 2006 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=13 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=13 Your Penn LSP probably goes to great lengths to keep your office computer free from viruses, worms, and other network nasties. But what happens when you lug a Penn laptop home or use your own home computer to stretch your workweek? If you have young kids at home, chances are they know more about computers than you do. They may spend more time online than you, and they probably take technology for granted. But there could be problems if you let them use your Penn-provided computer. Many kids’ rec... Tue, 26 Sep 2006 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=12 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=12 You may not realize it, but the number one reason computers get hacked is weak passwords. To protect against hackers, who use automated password-cracking dictionaries to gain access to online accounts and individual PCs, be sure to use strong, hard-to-guess passwords with the following characteristics: Are at least 8 characters longContain no words found in English or foreign language dictionaries Contain no words found in specialized dictionaries, including those ... Tue, 19 Sep 2006 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=11 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=11 You have often heard the strong caution, "dont share your PennKey," but you may not know why. Here are some important reasons. First, your PennKey and your PennKey password protect your information. PennKey is the authentication system for logging on to self-service websites at Penn, including U@Penn, and viewing your own personnel data. Anyone with your PennKey and password can look up your pay, your dependents, and other information that you probably want to keep... Tue, 12 Sep 2006 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=10 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=10 How many of you forget which passwords you use when? In today’s world of increasing password use, here’s some advice. Create distinctive passwords according to four categories: 1. PennKey; 2. Other Penn Systems; 3. Personal Most Critical; 4. Personal Other. 1. PennKey. For many Penn systems, you will be required to create a strong password with the PennKey application. Never share your PennKey password and use it ONLY on Penn systems. Your PennKey password can be abused to access institutional d... Tue, 05 Sep 2006 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=59 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=59 Welcome back to One Step Ahead, the weekly series of tips on important security and privacy issues and behaviors initiated last year by the Offices of Information Systems & Computing and Audit, Compliance & Privacy. A new set of tips begins in the next issue of Almanac. In the meantime, here’s a brief refresher on a handful of the most important topics covered last spring: Beware of free software - it might contain code that monitors your web activities. Limit the use and storage of SSNs on computers and in documents or forms.Be... Tue, 11 Jul 2006 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=58 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=58 It’s easy to let email accumulate in your inbox for years. But keeping email around too long may put you at risk for several reasons: You may go over your storage quota. Computer storage space is expensive. And your local copy may be archived in computer backup systems, taking even more space! When you delete email, make sure it is deleted everywhere. If you are unsure where copies of your email might reside, check with your Local Support Provider. Enormous mailboxes are more likely to ... Tue, 09 May 2006 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=57 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=57 A new feature added to the Google Desktop 3.0 program for Windows computers poses serious risks to the security and privacy of personal and Penn institutional data. Google Desktop is a search tool that lets you search all the information on your computer and other computers as well. In February, Google added a new "search across computers" function. This feature places images of your personal and work-related files on Google’s servers so you can search the contents of on... Tue, 02 May 2006 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=56 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=56 UPPD CrimeStats published in Almanac routinely report laptop thefts from on campus. The cost of replacing a stolen laptop is considerable, but looks small in comparison to the cost of losing months or years of work. Stolen laptops also pose a serious threat to privacy when they contain sensitive information like SSNs, medical records, or student information. To keep your laptop safe: Keep your belongings in sight and never leave your laptop unattended.Don’t leave your laptop visible on the seat in your vehicle.D... Tue, 25 Apr 2006 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=55 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=55 Several weeks ago, at a peer institution, a researcher’s laptop containing sensitive HIV-related information about 1500 patients was stolen from the researcher’s home. This was not an isolated incident. More and more data breaches are occurring as a result of lost or stolen laptops. Data is also at risk when it is stored on an unsecured desktop. The best way to avoid risks to sensitive data, to people, and to Penn is simply to not download sensitive ... Tue, 18 Apr 2006 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=54 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=54 Unsolicited commercial e-mail, commonly referred to as "spam", has risen exponentially in recent years and now accounts for 40-65% of all e-mail traffic. Spam is a problem for anyone with an email account. Spam messages can be quite annoying or offensive. They can include attachments and URLs that, if clicked on, can install viruses or worms on your computer. Also, spam uses up your e-mail quota and the amount of spam may overwhelm legitimate email, making legitimate e-mail harder to locate. At Pen... Tue, 11 Apr 2006 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=53 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=53 If you are using old, outdated web browsing, email or IM software, you are vulnerable to malicious websites, email attachments and Instant Messages. This can lead to infection with viruses. It can also open up your system to harmful adware and spyware that tracks your web browsing, causes frequent pop-up windows, and makes your computer sluggish. When you use the most current software, your computer is much less likely to get hacked. To get the latest supported browser and email sof... Tue, 04 Apr 2006 00:00:00 -0400 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=52 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=52 Most newer web browsers prompt you to save your usernames and passwords for websites, which may contain private information such as your email, or financial information such as your credit card number. You should never save your PennKey password or your passwords for other University systems, and it’s not a good idea to save passwords for other systems containing personal information, either. Once you save a password, anyone using your computer could access your private informat... Tue, 28 Mar 2006 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=51 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=51 The affordability and ease of use of basic wireless access points WAPs has prompted many Penn users to set up "hot spots" at home. On each WAP you use, change the default administrator password to a strong password.Change the default SSID, or "name" of each WAP to a unique name of your own choosing.Disable broadcasting of your network name SSID to make your network less visible to unauthorized users.Enable and require the strongest encryption that your WAPs offer - usually 128-bit Wir... Tue, 21 Mar 2006 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=50 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=50 What do you do when your boss asks you for a list of students in a certain residence or with a certain set of interests to alert them to an upcoming event? What do you do when a parent calls to find out where their child is? The answer in each case is, "It depends." Federal law and Penn policy tell us what student data we can share with whom. Student data cannot be shared except in specified circumstances. These are some common examples of when student data may be shared: You may always share s... Tue, 14 Mar 2006 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=49 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=49 For years, security experts have advised caution when opening email attachments. Now, clicking on website links in email poses an equally big threat. You can’t be sure where a link will take you. It is often difficult to tell whether a link is "trustworthy". In general, exercise caution, but consider factors such as: Do you know the sender? Generally, you should be able to trust content from people you know more than from people you do not though there are exceptions!. Is the message of a... Tue, 28 Feb 2006 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=48 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=48 You may have read about phishing email scams that try to trick you into going to bogus websites and entering personal information like credit card numbers and Social Security numbers. This is one of the most common ways of committing identity theft. In the past year, the attacks have become more personalized. In May 2005, several hundred people at Penn received e-mail forged to look like it came from the Penn Student Federal Credit Union, informing them that their account had bee... Tue, 21 Feb 2006 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=47 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=47 The online world gives us unprecedented opportunities to chat with people around the world about current issues, to network professionally and socially, and generally to express ourselves. These are amazing and positive developments. But think about privacy risks when posting to discussion boards, blogs, and similar services. Electronic postings may be permanent and may define you now or at any future point. Statements made now, in jest or to a small group of colleagues, may come back to haunt you in the future.... Tue, 14 Feb 2006 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=46 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=46 Before disposing of, or donating, old computers, hard drives, CDs, computer tapes, or other electronic storage devices, make sure that all the data is destroyed. A simple delete by dragging the file to the trash and then emptying it is not sufficient. Computers don’t actually get rid of the data deleted this way, but simply mark the space as available for subsequent use. Meanwhile the old data is still "squatting" on your hard drive until your operating system happens to ... Tue, 07 Feb 2006 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=45 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=45 Instant Messaging IM can be a useful tool, but be aware of the following risks: Don’t expect your IM conversations to be private. They travel over the network unencrypted and can be easily forged. IM is a bad way to transmit sensitive data such as credit card numbers, passwords, and social security numbers. It's about as secure as email, which is to say "not all that secure." Worms are also a big problem. Several IM worms will send messages to all your IM buddies with instruction... Tue, 31 Jan 2006 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=43 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=43 Have you done your SSN spring cleaning? Social Security numbers have long been used by financial services, health care, and educational organizations to identify people. In recent years, the use of SSNs has become much more problematic, as they are often used to commit identity theft. Because of this risk, it’s important that we at Penn do our best to limit the use and storage of SSNs: Check computers, file cabinets, and folders to eliminate any unnecessary storage of SSNs.Shred unneeded do... Tue, 24 Jan 2006 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=42 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=42 Weak and poorly protected passwords remain the single biggest threat to computer security. Unfortunately, many of us still choose passwords that are easily "cracked", like birthdays, pets’ names, foreign words, and celebrities’ names. Powerful, automated tools for cracking poorly chosen passwords are readily available to malicious individuals, and are often carried in computer worms and viruses. These tools call on large dictionaries to guess what a user’s password... Tue, 17 Jan 2006 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=44 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=44 What you see isn’t always what you get. Recently, dangerous programs have been widely distributed in the form of free Internet accelerator tools and search engine toolbar plug-ins. One example is MarketScore, which claims to provide a free tool to speed up your Internet connection though independent experts have not observed any appreciable speed improvement with its use. Its real purpose is to collect and sell information on Internet usage patterns. Once you sign up, all your web connecti... Tue, 10 Jan 2006 00:00:00 -0500 security@isc.upenn.edu (Office of Information Security) http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=41 http://www.upenn.edu/computing/security/footprints/display_tip.php?footprint_id=41 Electronic documents e.g., Word, Excel, Adobe may store hidden information, known as metadata, that you had no intention of sharing, such as prior revisions, deleted text, author and reviewer names, etc. Metadata is very useful for editing, viewing, filing, and retrieving documents. However, its disclosure to inappropriate parties can have adverse consequences. On Dec 4, 2005, the New York Times ran an article tracing the authorship of a publicly available White House document on Iraq to a Duk...