[FRIAM] Fwd: Cybersecurity Updates

George Duncan gtduncan at gmail.com
Wed Apr 8 11:18:11 EDT 2020 

Carnegie Mellon on Zoom security.

George Duncan
Emeritus Professor of Statistics, Carnegie Mellon University
georgeduncanart.com
See posts on Facebook, Twitter, and Instagram
Land: (505) 983-6895
Mobile: (505) 469-4671

My art theme: Dynamic exposition of the tension between matrix order and
luminous chaos.

"Attempt what is not certain. Certainty may or may not come later. It may
then be a valuable delusion."
>From "Notes to myself on beginning a painting" by Richard Diebenkorn.

"It's that knife-edge of uncertainty where we come alive to our truest
power." Joanna Macy.




---------- Forwarded message ---------
From: The Information Security Office <iso at andrew.cmu.edu>
Date: Wed, Apr 8, 2020 at 7:57 AM
Subject: Cybersecurity Updates
To: <gd17 at andrew.cmu.edu>


** Visit the Information Security Office News page to verify the
authenticity of this message. **

Dear Members of the Campus Community,

I am writing to address recent Zoom security and privacy questions, alert
you to new and ongoing coronavirus-related scams, and remind you about
securing remote workspaces.

*Zoom Security and Privacy*

In the wake of explosive growth and worldwide dependency on Zoom’s video
conferencing platform, public scrutiny has surfaced numerous privacy and
security concerns. In response, Zoom’s leadership publicly accepted
responsibility and committed to greater transparency, improved security
practice and timely resolution of system vulnerabilities.

As first steps, Zoom patched several security vulnerabilities that were
identified last week, discontinued certain sharing practices and updated
its privacy policies to provide greater clarity.

As it relates to encryption, Zoom does not provide end-to-end encryption as
commonly defined. Zoom provides encryption in transit. While Zoom is
working to improve upon its encryption implementation, it remains
acceptable for public, private and some restricted content like FERPA.

Computing Services and the Information Security Office will continue to
monitor Zoom developments.  We expect new findings and fixes will continue
to be announced.

What can you do? Update your Zoom client whenever prompted, so new fixes
get applied as soon as possible. You also can periodically “Check for
Updates.” Also, refer to the Secure a Meeting or Class
<https://www.cmu.edu/computing/services/comm-collab/web-conferencing/zoom/how-to/secure-meetings.html>
guidance
on the Computing Services site to help you use Zoom as securely as possible.

*New and Ongoing Scams*

As the 2020 stimulus check process begins to unfold, be on guard for a wave
of related scams. Security researchers and the IRS predict fraudulent
“verification” schemes and expedited delivery schemes.  Expect similar
fraud attempts related to prevention and therapeutics as these appear in
the media.

Whether delivered by phone, email, text or any other method, scams will
persist and adapt as long as coronavirus fears continue and events evolve.
Stay alert to these scams via the ISO’s coronavirus scam page
<https://www.cmu.edu/iso/aware/coronavirus-alerts/coronavirus-scam-awareness.html>,
report suspicious emails to the ISO at iso-ir at andrew.cmu.edu, fact-check
before responding to or clicking on unsolicited communications, and
continue to maintain good computer hygiene like keeping software up to date
with security patches and making regular back-ups of your data.

*Secure Remote Workspace*

As we continue to work remotely, remember to observe reasonable physical
security practices like conducting sensitive discussions where others can’t
overhear, including while using devices like Alexa, Cortana, Google and
Siri. Review the ISO’s news page
<https://www.cmu.edu/iso/news/remote-work-surroundings.html> for additional
tips for protecting your surroundings.

As always, thanks for sharing your concerns, inquiring about additional
security measures, and doing your part to keep yourself and our community
safe.

Sincerely,

Mary Ann Blair
Chief Information Security Officer
Information Security Office
Computing Services
Carnegie Mellon University
https://www.cmu.edu/iso
Phone: 412-268-8556
ISO Hotline: 412-268-2044
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://redfish.com/pipermail/friam_redfish.com/attachments/20200408/c041b6f7/attachment.html>

More information about the Friam mailing list