New computer security measures

As a part of the long-term strategy to improve computer security at CERN, and especially given the attention focused to CERN by the start-up of the LHC, two additional security measures concerning DNS and Tor will shortly be introduced. These are described in the following texts and will affect only a small number of users.

"PHISHING" ATTACKS CONTINUE

CERN computer users continue to be subjected to attacks by people trying to infect our machines and obtain passwords and other confidential information by social engineering trickery. Recent examples include an e-mail message sent from "La Poste" entitled "Colis Postal" on 21 August, a fake mail sent from web and mail services on 8 September, and an e-mail purporting to come from Hallmark Cards announcing the arrival of an electronic postcard. However, there are many other examples and there are reports of compromised mail accounts being used for more realistic site-specific phishing attempts.

Given the increased publicity related to the LHC start-up, vigilance is needed to protect us against attempts to break in to CERN’s computing infrastructure. Please use your computer account(s) with care, in particular when browsing external web pages. Do not reply to doubtful e-mails, do not click on links within doubtful e-mails, and delete suspicious e-mail attachments without opening them.

Never respond to a request to give your username and password, credit card details or any similar information as such requests are always bogus.

If you encounter suspicious activity on your computer(s) or your account(s), please contact Computer.Security@cern.ch immediately. If you have questions, please check the Computer Security web pages at

http://cern.ch/security/

or contact Computer.Security@cern.ch directly.

Thank you for your understanding and collaboration.

CERN Computer Security Team


by IT Department