Information Technology Updates
Welcome to the UNI campus for the start of the fall semester! We hope this upcoming school year is a good one, especially with your use of technology at UNI. If you do encounter problems or have questions, fill out a support request through Service Hub, UNI's IT help system, or contact the IT Service Desk.
If you are on campus this weekend and need assistance, the IT Service Desk is open Saturday (8/18) from 11am to 1pm and again on Sunday (8/19) from Noon until 4pm. Call, stop by, or chat with us online and we would be happy to help.
UPDATE: See the end of the article for information on how to delete and disable much of Google's tracking information
Is your mobile device spying on you? It may be doing just that! Let's look at the two major mobile arenas, Apple iPhones and Google Android phones.
Apple explains how Siri listens for "Hey, Siri" without eavesdropping and how it keeps Siri usage anonymous. Siri uses a buffer, or a chunk of audio that's continually recorded over, to listen for the "Hey, Siri" trigger phrase. Once the trigger is heard, it records the user's question or command. This recording is sent to Apple with an anonymous identification number that isn't tied to an individual's Apple ID. More on the Apple story here: https://nakedsecurity.sophos.com/2018/08/13/siri-is-listening-to-you-but-shes-not-spying-says-apple/
Google wants to know where you go so badly that it records your movements even when you explicitly tell it not to. An Associated Press investigation found that many Google services on Android devices and iPhones store your location data even if you've used privacy settings that say they will prevent it from doing so. Computer Science researchers at Princeton University confirmed these findings at the AP's request. More on this story is here: https://www.securityweek.com/google-tracks-your-movements-it-or-not
The bottom line - check your device's privacy settings, both overall and on a per-app basis. Set them to levels that you feel comfortable with. If you find that the app doesn't adhere to your settings, complain to the app's authors and consider using an alternate app that provides a similar function.
UPDATE: How to Find and Delete Where Google Knows You've Been
The first thing to do, regardless of device, is to login to myactivity.google.com and go into "Activity Controls." Disable "Web & App Activity" and "Location History" to stop Google from storing location markers on your Google account. Some services won't work well (or at all) without these features, such as Google Assistant or a Google Home speaker. Additional details are in this AP News article: https://www.apnews.com/b031ee35d4534f548e43b7575f4ab494/How-to-find-and-delete-where-Google-knows-you%27ve-been
Social engineering is a term you often hear IT pros and cybersecurity experts use when talking about Internet threats like phishing, scams, and even certain kinds of malware, such as ransomware. But its definition is even more broad. Social engineering is the manipulation or the taking advantage of human qualities to serve an attacker’s purpose. It preys on a number of human traits to gain an advantage: curiosity, fear, desire, doubt, empathy and sympathy, ignorance, naivete', inattentiveness, and complacency. This blog entry from Malwarebytes helps you recognize potential attacks and counter them. https://blog.malwarebytes.com/cybercrime/social-engineering-cybercrime/2018/08/social-engineering-attacks-what-makes-you-susceptible/
In the recent "Sextortion" campaign, attackers used one of the victim's actual compromised passwords to try to convince the victim that they had access to the victim's system and had recorded video of them watching pornography. The hacks were false; in reality, the attackers used old data breaches and had only passwords, names, and email addresses with which to work. Nonetheless, the threat of potential exposure of claimed browsing habits was an enticing lead-in to "give me some money". Five key takeaways to avoid being caught by phishing:
- Avoid clicking on links and attachments in email
- Urgency should be a giant red flag
- Don't re-use passwords
- Don't respond to spam or phishing emails
- Don't pay off extortionists
Other universities are reporting a new phishing effort that starts with an email message from the university president containing a malicious PDF. The PDF has a link that goes to a fictitious "Microsoft Reader" that requires credentials to access. In our case, the credentials would be CatID of course.
Subject: [ACTION REQUIRED] <university> Revised and Updated Business Integrity & Policy Guidelines For All Employees
Because I routinely recommend KeePass as a good choice for a standalone password safe, I think it's important to bring this fake KeePass site to your attention.
A French security researcher has stumbled upon an adware delivery scheme that involves clone websites that use legitimately-looking domain names to trick victims into downloading famous apps, but which are actually laced with adware.
The first of these websites was discovered three days ago by Ivan Kwiatkowski. This website was located at keepass.fr, a domain name trying to pass as the app's official site located at keepass.info.
The complete article is available at https://www.bleepingcomputer.com/news/security/fake-websites-for-keepass-7zip-audacity-others-found-pushing-adware/
Outage Date & Times: Thursday August 2nd at 12:00 a.m. through Tuesday August 7th at 5:00 p.m.
UNI's existing on-campus Blackboard Learn System (eLearning) will be fully migrated to Blackboard Inc.'s cloud based offering known as SaaS (Software as a Service) from August 2-7, 2018. On August 1, 2018 at 11:59 p.m. CDT, UNI's Blackboard Learn System will be turned OFF for migration and will NOT be available to users during this extended maintenance period. For this migration, we will be doing a full migration of data: meaning all the existing content and entire database records will be moved to SaaS. For more information, please visit our Blackboard Learn SaaS webpage.
Outage Date & Times: Friday, August 10th at 6:00 p.m. through Saturday, August 11th at 6:30 a.m.
The UPS in the Curris Business Building data center will be replaced on August 10th & 11th. This replacement requires a full data center power outage and many major systems on campus will be unavailable. In an effort to minimize the impact on the campus community, the power outage will occur Friday evening August 10th after 6:00 p.m. through early Saturday morning. All systems are expected to be back online by 6:30 a.m. Saturday, August 11th. Internet access to/from campus and access to Google Email will be available during the outage.
The following systems will remain active during the outage:
- Centralized Authentication for off campus hosted systems
- Internet Access to/from campus
- Wireless Access on campus
- Campus Web Cluster (www.uni.edu) and subsites
- Google G Suite (email, docs, etc). ** Users will need to go directly to www.gmail.com or mail.google.com to login. Any link that points to www.uni.edu/email will not be functional during this outage.
- eLearning (Blackboard)
- Active Directory Authentication & DNS
- Voice calls & Voice mail
- UNI Bookstore servers (to serve the State Fair)
- Electronic Door Access Systems
- Public Safety related systems
- Service Hub
Services that will be UNAVAILABLE
- My Universe Portal
- Peoplesoft Campus Solutions
- Student Center
- Advisor Center
- Faculty Center
- Online Application for Admission
- Online Course Lookup
- eBusiness Forms and Self-Service
- Self-Service Java Applications
- Online Directory
- Document Imaging - All OnBase Clients (Web/Unity)
- Data Warehouse - OBI Applications - Analytics
- 6:00 p.m. to 7:00 p.m. Systems and Services in CBB are shut down
- 7:00 p.m. to 7:15 p.m. Power cut to CBB Data center
- 7:15 p.m. to 11:00 p.m. New UPS installation, system checks, and startup
- 11:00 p.m. to 1:00 a.m. Power back on, bring systems and services back online
The Department of Educational Technology and Media Services (ETMS) hosted this year’s Regent Day at UNI on May 30th. ETMS’s staff and their counterparts from the University of Iowa and Iowa State University met to share experiences, successes and challenges.
Main discussions and activities were centered around topics of Learning Spaces Technology, Online Testing/Proctoring, Student Response System, Badging, and Online Textbooks. Updates and inputs were also exchanged on Learning Management Systems, Digital Media Storage Solutions, Lecture Capturing programs, and Lynda online training site.
The successful day was concluded with show and tell groups presenting Hololens, Jamboard, SVSI, and Meetio. The three departments will continue to have this yearly event, in addition to their ongoing communication, to optimize services, relationships, and efficiency for the three regent universities.
Starting on July 16th, 2018, UNI will begin to turn off Google accounts for students, faculty, and staff not currently enrolled in classes or employed at UNI. However, if you graduated from UNI, received a certificate or other endorsement, you are eligible for a free UNI Alumni Google account. For more information and to sign up for your Alumni Account, visit the IT support article UNI Alumni Account.
Some important things to note:
- Your CatID credentials will continue to function for other resources at UNI like the MyUNIverse Portal (for checking unofficial transcripts or requesting official transcripts).
- If you have used your UNI Google account as your primary contact information for any online services outside of UNI (Amazon.com, Facebook, Etc) you will need to update those records prior to July 16th to avoid interruptions in service with those sites.
- You must migrate any personal data in your UNI Google account you wish to keep prior to July, 16th, 2018. For help and assistance in migrating your data, please see the IT support article on downloading your personal data.
- If you will not be eligible for a new alumni domain account and would like to continue receiving emails and newsletters from the University of Northern Iowa Alumni Association, please update them with your new email address. Send an email to firstname.lastname@example.org or visit their updating contact information form.
As always, if you have questions or concerns, please don't hesitate to get in touch with the IT Service Desk at 319-273-5555 or via email at email@example.com.