04/18/14

All Clear: ITS Update: OpenSLL Vulnerability – Heartbleed Bug

ITS has completed patching SSL and replacing security certificates on all UM-Flint customer services. At this time ITS recommends that all Faculty, Staff, and Students change their UM-Flint LAN passwords. Please note that this DOES NOT apply to your UMICH (Kerberos) password at this time.

ITS is happy to report that over the last week we have been monitoring systems for abuse and we have not seen any unusual activity or account abuse related to Heartbleed. ITS will continue to scan the campus network and monitor systems for any problems or abuse. Thank you for your patience while we worked to secure our campus systems.

To Change your UM-Flint Passwords:

  • Navigate to My UM-Flint in your browser
    • To change your UM-Flint LAN password and click “Password Change”. Login here and click “Change Password” and follow the on-screen instructions.
    • To change your Banner password and click “Banner”. Login here using your uniqname and Banner password. On the right side of the screen click “Change Banner Password” and follow the on-screen instructions.

For non-UM-Flint websites:

  • Only change your passwords after you have confirmed that the site or service has installed a security update.
  • Continue to monitor your sensitive online accounts (e.g., banking, email).

If you have any further questions please contact the ITS Helpdesk at itshelpdesk@umflint.edu or 810-762-3123 opt. 1.

For further information on the Heartbleed vulnerability visit: http://heartbleed.com.

 

XKCD Webcomic recently published this Heartbleed explanation that we found helpful:

heartbleed_explanation

04/10/14

Important Security Notice: Brace Yourself for Heartbleed Spam and Targeted Attacks

In the wake of the very serious OpenSSL vulnerability, Heartbleed Bug, there are many emails scams starting.  Criminals are targeting users, including universities like the University of Michigan, trying to get your passwords (UMICH, Your Flint LAN password, your banking passwords, Facebook passwords, etc) so they can gain access to your accounts, your personal private information, university computing resources, valuable research data, and other sensitive institutional data. Dozens of university members have been victims of other criminal spear phishing scams in recent months so we would like to take this moment to remind you of some internet and email security tips.

  1. If you get an email asking you to click a link to change your password, don’t click it.  Instead navigate to the site through a link you trust and change your password directly from their site.
  2. NEVER provide your password through email to ANYONE.
  3. If you are ever in doubt contact the agency directly and speak to them about the message and if it is them or not.
  4. Don’t use the same password for all of your accounts. This can cause one compromised account to compromise all of your accounts.

To learn more about spear phishing and protecting yourself and the university, Ann Arbor has created a four-minute video on the U-M Safe Computing website http://www.safecomputing.umich.edu/main/phishing_alerts/spear-phish.php. ITS encourages you to watch this video provided by U-M ITS in Ann Arbor and learn how to recognize and protect yourself from spear phishing attempts.

At this time ITS still asks that users refrain from voluntarily changing their passwords until the all clear is issued.

If you have any further questions or concerns please contact the ITS Helpdesk at one of the channels listed below.

 

EDIT:  There is a helpful list provided by Mashable.com of common sites and recommendations for changing your password or not, http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/#:eyJzIjoidCIsImkiOiJfNzg4Z2VpbGZ6a2k5OXllNCJ9

04/9/14

Critical Announcement Regarding OpenSLL Vulnerability – Heartbleed Bug

On Tuesday, April 8, 2014, the OpenSSL Project team announced the Heartbleed security vulnerability.  The team of security researchers have discovered an extremely critical vulnerability in recent versions of OpenSSL that can expose data on systems running OpenSSL, including passwords and other sensitive data.

Most campus technology services and other online consumer services, such as online banking or photo-sharing, use OpenSSL, one of the most popular data encryption tools for Web traffic.

UM-Flint ITS staff have been in the process of patching SSL and replacing security certificates since early this morning. ITS DOES NOT recommend that Faculty, Staff, and Students voluntarily change their UM-Flint password at this time, please wait until ITS sends a follow up notification that all patching and new SSL certificates have been put in place.

For non-UM-Flint websites:

·        Do not change your passwords or transmit data to secure Web sites or services that you normally use until you have received an official security update.

·        Only change your passwords after you have confirmed that the site or service has installed a security update.

·        Monitor your sensitive online accounts (e.g., banking, email) for suspicious activity for at least the next week.

 

For further information on the Heartbleed vulnerability visit: http://heartbleed.com

 

04/9/14

VPN Downtime for Patching SSL Vulnerability

Due to a serious SSL security vulnerability we will be patching the VPN.  We will begin patching momentarily and expect downtime to only last 2-3 minutes but downtime of up to 30 minutes is possible. We apologize for any inconvenience but the nature of this vulnerability does not allow us to wait to patch systems.

Please contact the ITS Helpdesk with any questions.

04/7/14

Parking Permit and Mcard Distribution

Spring/Summer 2014

Parking Permit and Mcard Distribution

Located on the University Pavilion Stage (Under the ITS Tent)

Spring Hours – May 5th & May 6th

Monday, May 5th, 2014        8:00 a.m. – 7:00 p.m.
Tuesday, May 6th, 2014        8:00 a.m. – 7:00 p.m.

Summer Hours – June 30th & July 1st

Monday, June 30th, 2014        8:00 a.m. – 7:00 p.m.
Tuesday, July 1st, 2014        8:00 a.m. – 7:00 p.m.

Mcard

Please be sure to bring your Government Issued Picture ID along with the
MakeModel, and License Plate Number for your vehicle to receive
your Student ID and Parking Permit.

Returning Students who Already have a Parking Permit:

Please bring your Mcard and Parking Permit to receive your validation sticker.

ITS continues to distribute Mcards, parking permits, and/or validation stickers to students registered for the current semester throughout the semester at the Mcard stations in the open computing labs at 206 MSB and 3174 WSW.

03/28/14

Microsoft Vulnerability Reported – .rtf Files

Microsoft has issued a warning about a very serious security vulnerability involving .rtf files. The virus associated with these .rtf files will create an open portal to your computer allowing a hacker to gain control of your computer.

Currently, Microsoft is working on a patch for this vulnerability but is advising users to avoid opening any files that have a .rtf extension, this includes previewing the file in Outlook, to prevent the installation of this virus.

What can you do?

  • Do not open, even in preview, any files with a .rtf extension.
  • Keep your Microsoft software up-to-date.
  • If you need to share a .rtf file, or if someone needs to share one with you, UM-Flint offers a web application called Filelocker for easy file sharing. More information can be found here: http://go.umflint.edu/filelocker

If you have any questions please contact the ITS Helpdesk at 810-762-3123 option 1 or itshelpdesk@umflint.edu.

 

03/13/14

ITS Downtime Explanations

Earlier this week we experienced two unrelated network problems affecting mail and the virtual desktops in our open labs. We have included below a brief explanation of what happened and the timeframes that services were effected.  We apologize for any inconvenience that these may have caused you.

Virtual Desktop (VDI) Intermittent Errors – March 6th-11th:

Beginning on Thursday March 6th around 5:30pm we performed scheduled maintenance on our network. This scheduled maintenance produced some unexpected problems with the software used in our VDI labs on campus.  The problems experienced by users were intermittent session timeout with loss of data and black screens upon login. We confirmed at 5:00pm on Tuesday March 11th that all of the known VDI problems had been resolved.

Email Intermittent Outages – March 11th-12th:

Beginning around 11:00 am on Tuesday March 11th we started having intermittent email outages on our student mail servers.  We opened a case with Microsoft and began working to resolve the problem. ITS verified all mailbox databases were online and functioning as expected at 4:00am on Wednesday March 12th. Between 11am on Tuesday and 4am on Wednesday student mailboxes were available 95% of the time with only intermittent outages. Based on what we have seen all mail should have been delivered to the appropriate mailboxes after the box became available again.

If you have any further questions about either of these problems please contact the ITS Helpdesk and we will do our best to provide the answer.

03/7/14

Limited Helpdesk Support March 7th, 2014

Today, March 7th, the ITS Helpdesk will have limited support so that the staff may attend a 1/2 day training. Please see below for changes in support.  Please note that all labs will be open normal hours, www.umflint.edu/helpdesk/hours.

 

WSW Helpdesk

  • Closed from 9:45am-3:15pm
  • Open from 8am-9:45am and 3:15-5:00pm

 

MSB Helpdesk and Phone Support

  • Open 7am-10pm
    • Limited support from 9:45am-3:15pm and 6pm-10pm

 

Software Sales in 206 MSB

  • We WILL be delivering software today from 8am-9:45am and 3:15pm-6pm.
    • If you are unable to make it in during these times we will be open from 10am-6pm on 3/8/2014 and normal hours beginning Monday March 10th.
12/6/13

Winter 2014 Parking Permit and Mcard Distribution

Winter 2014 Parking Permit and Mcard Distribution

Located on the University Pavilion Stage (Under the ITS Tent)

Thursday, January 02, 2014        8:00 a.m. – 7:00 p.m.
Friday, January 03, 2014              8:00 a.m. – 4:00 p.m.
Monday, January 06, 2014           8:00 a.m. – 7:00 p.m.
Tuesday, January 07, 2014          8:00 a.m. – 7:00 p.m.
Wednesday, January 08, 2014    8:00 a.m. – 7:00 p.m.
Thursday, January 09, 2014        8:00 a.m. – 7:00 p.m.

Mcard

Please be sure to bring your Government Issued Picture ID along with the
Make, Model, and License Plate Number for your vehicle to receive
your Student ID and Parking Permit.

Returning Students who already have a parking permit:

Please bring your Mcard and Parking Permit to receive your validation sticker.

ITS continues to distribute Mcards, parking permits, and/or validation stickers to students registered for the current semester throughout the semester at the Mcard stations in the open computing labs at 206 MSB and 3174 WSW.