University of Southern California

← Older posts Newer posts →

Phishing Warning 2014-06-11

Posted on by mbordas

Many users have reported receiving the following phish. If you have received the phish, do not click the link or reply to the message. If you have replied, followed the link, or supplied login information, change your USC password as … Continue reading

Posted in Phishing |

More OpenSSL Vulnerabilities Reported

Posted on by mbordas

Security researchers have recently identified several vulnerabilities in the OpenSSL encryption library in addition to the widely publicized Heartbleed bug (see https://it-security.usc.edu/2014/04/09/openssl-heartbleed-bug​ for more information about Heartbleed). System Administrators within USC’s IT units should complete the action items (fixes) summarized … Continue reading

Posted in Security Updates | Tagged , , ,

TrueCrypt is insecure

Posted on by Robert

The anonymous developers of TrueCrypt warned yesterday “Using TrueCrypt is not secure” and that “the development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP.” They recommend using BitLocker on Windows and provide directions to migrate from TrueCrypt … Continue reading

Posted in Encryption, Security Updates | Tagged ,

eBay hacked

Posted on by Robert

eBay announced today that their internal and customer databases were compromised about two months ago. Names, addresses, birth dates and encrypted passwords were stolen. They will start prompting all of their users to change their passwords. See links for lifehacker, … Continue reading

Posted in Security Breach | Tagged

Phishing Warning 2014-05-13

Posted on by mbordas

Many users have reported receiving the following phish. If you have received the phish, do not click the link or reply to the message. If you have replied, followed the link, or supplied login information, change your USC password as … Continue reading

Posted in Phishing |

Zero-Day Vulnerability in Internet Explorer

Posted on by mbordas

Microsoft has issued a security advisory about a recently discovered zero-day vulnerability in Internet Explorer versions 6 – 11. The vulnerability could allow an attacker to install malware on a system without the user’s knowledge or consent if the user … Continue reading

Posted in Malware, Security Updates |

Phishing Warning 2014-04-18

Posted on by mbordas

Many users have reported receiving the following phish. If you have received the phish, do not click the link or reply to the message. If you have replied, followed the link, or supplied login information, change your USC password as … Continue reading

Posted in Phishing | Tagged ,

Heartbleed – vendor updates 2014-04-17 10:56

Posted on by Robert

Below is a partial list of vendors that have released updates to address the Heartbleed vulnerability.
This list will be updated as more information becomes available. Continue reading

Posted in Security Updates | Tagged

Server certificates and Heartbleed

Posted on by Robert

Cloudflare, a large web-hosting company, has a very detailed article on how server certificates are not (in the real world) extractable using the Heartbleed bug: http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed They set up a test server and challenged anybody to obtain the private key. … Continue reading

Posted in Password Security, Recommended Reading, Security Updates | Tagged

Passwords You Need to Change due to the Heartbleed Bug

Posted on by mbordas

Many websites and online services, including Facebook, Instagram, Google, and Yahoo, were affected by the recently announced Heartbleed vulnerability. The site linked below has collected responses from social media, email, financial, and other companies regarding steps they have taken to … Continue reading

Posted in Facebook, Password Security, Security Updates, Social Networking | Tagged

← Older posts Newer posts →