Information Technology Updates
Information Technology (IT) is constantly working to improve and secure the systems and services it runs. These changes take many shapes, including security updates, upgrades to functionality, and other modifications. These changes are worked on in testing systems and then deployed into production on a regular schedule. Under the circumstances of a campus closure event, IT will change its strategy to allow work to continue and progress to be made, without any changes actually being pushed into production. This may allow progress on system development to continue without introducing unnecessary risk (e.g. system outages, downtime, etc) into an already tense environment where a large number of employees are working from home.
IT continually works with campus leadership to identify those systems and services most crucial to maintaining the University's academic mission and during a campus closure event, our resources will be spent "keeping the lights on" for those systems.
If you have any questions, comments, or concerns, please don't hesitate to open an IT request by visiting Service Hub at servicehub.uni.edu and using the Get IT Help request form.
Information Technology (IT) has stepped up its efforts to ensure the cleanliness of public computer lab facilities, known as Student Computer Centers, around campus in light of recent concern over the spread of the coronavirus (COVID-19) in the United States.
IT has worked closely with Facilities Management to ensure cleaning and disinfecting supplies are in stock and available for our use throughout these facilities. IT is using "Clorox Disinfecting Wipes", on the list for EPA-approved supplies known to kill the virus, to clean keyboards and mice across campus. IT is also looking to make these supplies available on-location for students to wipe down equipment themselves as they sit down to use a computer in a Student Computer Center on-campus.
If you have a question, comment, or concern about the state of cleanliness of any computer lab facility, please submit a request through Service Hub by visiting servicehub.uni.edu and using the Get IT Help request form.
Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative ('root') privileges on Linux or macOS systems. See https://thehackernews.com/2020/02/sudo-linux-vulnerability.html for details, how to determine if your system(s) is/are vulnerable, and how to fix with a simple configuration change.
The default settings for MacOS and a number of common Linux distributions are such that sudo on those platforms is not vulnerable but the defaults on a few distros are vulnerable, e.g., Mint and Elementary OS. This vulnerability is being tracked as CVE-2019-18634.
Update: Pilot program has ended and Citrix is now widely available to students at UNI. See "Getting Started with Citrix" for more information.
Information Technology (IT) is seeking fifty UNI students who are interested in piloting a new virtual desktop service on campus. The service, powered by Citrix remote access technology, will allow students to run applications on their personally-owned devices like the Adobe Creative Cloud and others that are typically only available in on-campus computer labs. These applications would be accessible from on or off campus.
The pilot program will run over the course of the Spring 2020 academic term. IT will work closely with each student volunteer to ensure they are able to connect to and use the new virtual desktop service. Student volunteers are free to use the applications over the course of the pilot program for their academic needs while providing valuable feedback on the virtual desktops to help IT ensure the service is useful, robust, and ready for the rest of campus.
If you are a currently enrolled student at UNI and interested in participating, please fill out the following form to enroll in the pilot program.
Because it works! Here's a real life story... https://isc.sans.edu/forums/diary/Why+Phishing+Remains+So+Popular/25742/
A silly phishing campaign is underway where the attackers state that your password will expire and be changed unless you login and confirm that you want to keep it the same.
As people get better at spotting the phishing scams pretending to be shipping information, receipts, and voicemails, scammers need to come with new methods to get people to click the links in their emails. Such is the case with a new phishing email that states you need click on the "Keep same password" button or your password will expire.
FULL ARTICLE: https://www.bleepingcomputer.com/news/security/silly-phishing-scam-warns-that-your-password-will-be-changed/
The full article includes screenshots, and the text of a sample phish
The Information Technology policies have a new home on the UNI Policies website. What had previously been part of a shared chapter and numbered 9.51 through 9.59, is now a separate chapter, Chapter 14.
There is also a convenient IT Policy page that lists all IT and related policies, whether they are part of Chapter 14 or not, as well as IT Procedures that are referenced by a variety of Policies.
Due to Microsoft license changes, faculty, staff, students, and Emeritus no longer affiliated with UNI will no longer be able to use the Office 365 services through UNI including using Microsoft Office on personal devices with their UNI account. On December 3rd, 2019 these accounts will be deactivated and access to Microsoft products (like Microsoft Office) and other Microsoft services through UNI will end.
Anyone impacted by this change should complete moving documents they want to retain from their UNI OneDrive or SharePoint account before end of day on December 2nd, 2019 by following these instructions:
Downloading Content from OneDrive and SharePoint
This change will only impact Microsoft services through UNI for anyone no longer affiliated with the university.
A new phishing campaign on Instagram attempts to alarm its targets by sending what appears to be an official copyright infringement notice from Instagram, stating that the user's account will be suspended unless the user follows the link in the email to fill out a "copyright objection form." https://www.bleepingcomputer.com/news/security/instagram-phishing-attack-baits-with-copyright-infringement-note/
Security researchers have identified 24 Android apps delivering the recently-discovered Joker Trojan. As we've previously reported, Joker made its way onto Google Play as early as June, and it exfiltrates data while signing victims up for premium subscriptions.
The list of affected apps can be found here: https://hotforsecurity.bitdefender.com/blog/if-you-have-any-of-these-24-android-apps-installed-delete-them-now-21514.html