May 15

Alert- New malicious software infecting Windows computers

Hello friends- Alert from SAS Computing below.

We are actively monitoring faculty and staff computers on campus, but please contact us with any questions! Restart and update your computers, and please make sure everything is up to date.

———–

Saturday May 13, 2017

To:      School of Arts and Sciences Faculty and Staff

From:  Warren Petrofsky, Senior Director, SAS Computing

SAS Computing and ISC’s Information Security Office are monitoring a massive ransomware attack that appears to have infected many organizations around the world.  The WannaCry ransomware (also called WCrypt or WCry) spreads rapidly on an organization’s network, targeting unpatched Microsoft operating systems. Once infected, files on a Windows computer are encrypted and a ransomware popup window appears demanding the user pay approximately $300 in Bitcoin to unlock (decrypt) the files. The computers that are most vulnerable to this attack are Windows computers that have not been patched recently.

Most SAS computers are patched and managed by SAS computing, and their patches should be up to date as patching status is monitored on an ongoing basis by SAS Computing staff.

For computers you manage yourself or for your home computers, it is very important that you take the following steps to protect your data as soon as possible:

  1. Ensure you have a current backup of your files.  Back up the files stored on your computer to an external hard drive (or even a thumb drive) and disconnect the external hard drive afterwards. 
  2. Patch (ie update) your Windows operating system by running the latest Microsoft updates.  For information on how to do so see the following:

https://support.microsoft.com/en-us/help/12373/windows-update-faq

You may also want to reach out to your LSP on Monday and ask about how SAS Computing can automatically patch your SAS computer for you and help ensure you have a means of backing up your data.

If your computer becomes infected:

  1. Immediately disconnect your computer from the network (unplug the network cable and/or disable wifi)
  2. Contact your Local Support Provider (LSP): http://www.sas.upenn.edu/computing/support

Information about this latest attack can be found here:

http://www.cnn.com/2017/05/13/world/ransomware-attack-things-to-know

For more information about ransomware in general, please see:

https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx

Category: Uncategorized | Comments Off on Alert- New malicious software infecting Windows computers
May 4

How to Make a Secure Password

Hello folks,

Password pop quiz! I know, it’s hard to remember the ongoing strings of passwords we have to maintain, but remember, they are access into very important personal parts of your life!

In the interest of keeping your passwords up to date and current with the modern requirements and complexities, I have noted the following resources. Please consider changing your old passwords, especially if they have been previously shared.

UPenn’s Pennkey Password general information: http://www.upenn.edu/computing/pennkey/password.html

A tool for creating complex passwords, courtesy of XKCD.com, following the idea that phrases and sentences are easier to remember for humans and harder for computers to guess: http://preshing.com/20110811/xkcd-password-generator/

Another useful tool for creating complex passwords which are easier to remember and safe: http://correcthorsebatterystaple.net/

The Pennkey Password Requirements are listed below, in openly suggested options.

20 or more characters: any U.S. keyboard characters
example: boldaugustpretzelcloud
16-19: capital and lower-case letters
example: BoldAugustPretzel
12-15: capital and lower-case letters and numbers
example: 4Bold7August8
8-11: capital and lower-case letters, numbers, and symbols
example: $4Bold78!

PennKey passwords are also screened for easily guessed combinations, such as:

  • Portions of, or simple variations on, your name or username
  • Single dictionary words (English and non-English): Diversifications, Alternativamente
  • Common 2-3 word combinations: PhiladelphiaEagles
  • Predictable strings: 123123, abcdef, qwerty, johnpaulgeorgeringo, pa$$w0rd, drowssap
  • Compromised passwords on published lists

If you have trouble remembering a longer password, write it down and handle it with the same caution you would a credit card.

And remember! Legit IT Support will never ask you for your password, especially in an email!

-SSC Help Desk
leonhart@sas.upenn.edu, 215-898-6454

http://www.sas.upenn.edu/computing/rds/ssc/

Category: Uncategorized | Comments Off on How to Make a Secure Password