Be wary of disks, usb sticks, and other things that arrive unexpectedly.

A CD arrives claiming to contain important information about DOE policies or DOE funding opportunities or a free usb memory stick arrives in the mail from a vendor you've never heard of: what do you do?

While we don't want anyone to stop interacting with the outside world, it's useful to know that all these scenarios represent risks. When you place a CD in a Windows box for instance, it often "autoruns" a particular file. If that file is malicious, your box could be compromised without you even knowing it.

Several parts of DOE have been targeted with just such an attack in the past year.

As in all the other cases, if you are ever suspicious, report it to cppm@lbl.gov. You may also be able to check the authenticity by visiting a known, trusted website to see if there are any indications that such a disk has been sent out.