Office of Information Security at Penn

It is very rare for the Internet Storm Center to change their Threat Level. They went to Yellow due to exploit code being available for Microsoft Remote Desktop (MS12-020). Please make sure you are patched.

ISC Diary | INFOCON Yellow - Microsoft RDP - MS12-020 SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events.

Our first official video on our new Youtube page. Grady the Security Dog explains secure passwords.

Creating Secure Passwords with Grady the Security Dog In this short video, Grady points to a simple method for creating strong passwords. For more tips on secure passwords check out the Information Security webs...

Please visit Penn's Privacy page to see important information about securing Facebook. PDF and Video included. Please share!

Welcome to Privacy We know that many people are concerned about threats to their personal privacy, from receiving junk mail to being the victim of identity theft. At Penn, protecting personal privacy is a priority and we are ta...

Many fake antivirus businesses that paid hackers to foist junk security software on PC users have closed up shop in recent weeks. The wave of closures comes amid heightened scrutiny by the industry from security experts and a host of international law enforcement officials.

Fake Antivirus Industry Down, But Not Out — Krebs on Security Many fake antivirus businesses that paid hackers to foist junk security software on PC users have closed up shop in recent weeks. The wave of closures comes amid heightened scrutiny by the industry from security experts and a host of international law enforcement officials. But it’s probably too soo...

Facebook Security Like this Page to receive updates about how to protect your information both on and off Facebook.

Please share this with everyone you know.

Trojan Tricks Victims Into Transfering Funds — Krebs on Security It’s horrifying enough when a computer crook breaks into your PC, steals your passwords and empties your bank account. Now, a new malware variant uses a devilish scheme to trick people into voluntarily transferring money from their accounts to a cyber thief’s account.

All web developers should read this article and the "Cheat Sheet".

ISC Diary | OWASP Session Management "Cheat Sheet" SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events.

Comcast Hijacks Firefox Homepage: “We’ll Fix” — Krebs on Security Comcast says it is revamping the software that new customers need to install to start service with the ISP. The software is unfriendly to Mac users running Firefox: It changes the browser’s homepage to comcast.net, and blocks users from changing it to anything else.

Google: Your Computer Appears to Be Infected — Krebs on Security Google today began warning more than a million Internet users that their computers are infected with a malicious program that hijacks search results and tries to scare users into purchasing fake antivirus software.

Discussion section added. The link can be found just to the left.

Top level domain explosion could wreak mayhem on net • The Register A plan to populate the internet with hundreds or thousands of new top-level domains has security researchers pondering some of the unintended consequences that could be exploited by online criminals. Some of the scenarios aren't pretty.

Social Network Attacks Surge | Symantec Connect Community Exploiting the popularity of social networks for the purposes of distributing spam, malware, and phishing attacks is quite a common technique these days. Spam attacks via social networks grew dramatically between April and June 2011. Over this period, we monitored and analyzed social network spam at