Category Archives: ITS

Macbook recalls

ITS wants to make all employees and students aware of two current serious Macbook recalls:

Recall #1:

Apple has issued a battery recall notice for “Mid-2015” model 15″ Macbook Pro laptops. The situation is a safety issue as according to Apple “the battery may overheat and pose a fire safety risk.”

Apple’s customer info page about the issue can be found at:
https://support.apple.com/15-inch-macbook-pro-battery-recall

Employees here at the college with college-issued Macbooks affected by this issue have been contacted via a WebHelpdesk ticket to arrange to have Apple repair their computer. Employees with personal computers and students are advised to use the above link to check their serial number and then follow the instructions on their website to arrange repair. Due to the nature of this repair, Apple is not allowing us to perform the repair in-house so your Macbook will need to be shipped to Apple for repair. Turn around will be 1 to 2 weeks and Apple advises users to shut down and stop using the computer until after it is repaired.  If you store any files to the local hard drive, you will want to transition your data onto one of our cloud storage solutions, like OneDrive/Middfiles beforehand.  With an off-site repair, data is not guaranteed to be intact, and our cloud storage options are backed up and accessible from just about anywhere.   


Recall #2:

Another recall is for the SSD (hard drive) in some 13” non-touchbar Macbook Pro laptops. This problem can lead to data loss. To check your serial number, use this link:

https://support.apple.com/13-inch-macbook-pro-solid-state-drive-service

Affected employees here at the college have already had tickets created and been emailed via WebHelpdesk. Users are advised to ensure they are properly storing all their data on OneDrive/Middfiles in order to protect their data in the event their SSD fails prior to repair.

Issue RESOLVED – 503 errors when attempting to open links to websites sent via email

We are pleased to report that the Safe Links service issue is now resolved and we have re-enabled Safe Links. To recap, Safe Links provides extra protections for the Middlebury community from phishing attacks and other malicious email activity by providing time-of-click verification of web addresses (URLs) sent via email.

Thank you for your patience while we worked to resolve matters. Again, we apologize for the disruption.  Please contact the Help Desk if you have any outstanding issues or questions.

Kindly,

ITS Help Desk

Issue UPDATE – errors when attempting to open links to websites sent via email

Microsoft is making significant progress towards resolving the issue with the Safe Links service. In most all cases now, clicking on a link sent to you via email works on the first try. If it doesn’t work, you can typically try again, and the linked website will open.

We are sorry for this disruption in service and any inconvenience. Thank you once again for your patience. We will provide an update as soon as we have more information.

ISSUE – 503 errors when attempting to open links to websites sent via email

We are experiencing an issue with the Microsoft Safe Links service which means you may receive a “503” error if you attempt to click on a link someone outside the organization sent to you via email.

We are working closely with Microsoft to resolve this issue as swiftly as possible. Microsoft has confirmed that this is an issue with their service impacting customers globally. We do not currently have an estimated resolution time.

We have temporarily disabled Safe Links for new, incoming email messages. We will re-enable the Safe Links service after Microsoft has solved the problem.

We will provide an update as soon as we know more. We apologize for this disruption. Thank you for your patience.

Kindly,

ITS Help Desk

Attention VPN Users! (Pulse Secure)

On January 31, 2019, Information Technology Services (ITS) will enable a feature on the Virtual Private Network (VPN) system that will detect if your VPN software needs to be upgraded to the latest release. If an upgrade is indicated, you will see a popup window from the Pulse Secure VPN application informing you that “An upgrade is available for Pulse Secure.” Please click on “Upgrade” to complete the upgrade process. Keeping the client up to date will ensure that all security updates have been applied.

Users of the older Juniper VPN client should note that the system tray icon has changed. The Pulse Secure client icon now looks like a fancy letter “S.”

Linux Users: The automatic upgrade isn’t offered for Linux; the new client can be downloaded manually from https://middfiles.middlebury.edu/software/public/VPN/

If you have concerns or issues with this upgrade please contact the Help Desk at http://go.middlebury.edu/helpme/, helpdesk@middlebury.edu, or 802-443-2200.

RESOLVED Slow connection to Zoom web services and issues connecting to Zoom meetings

Updated 2:35p, 1/9/18:

Zoom’s status page is reporting that services are restored.  If you continue to have issues, please restart the application and then submit a Helpdesk ticket.

View Zoom’s status at http://status.zoom.us

__________________________________

We are experiencing an issue with Zoom video conferencing.  According to Zoom, “customers are experiencing slow connection to Zoom web services and issues connecting to Zoom meetings.” Zoom is working to resolve the issue. We do not currently have an estimated repair time but will provide an update as soon as we know more.

We apologize for this disruption. Thank you for your patience.

Please submit a ticket with any questions or concerns.

SCAM Alert – “Sextortion” Scam Emails

ITS is aware of an influx of sextortion scam emails received by members of the Middlebury community. These are indeed scams, identified as such by online security sources (see below) and making the rounds on the Internet once again. Recent samples have been personalized with older passwords stolen from breaches of third-party websites, such as Linkedin, Adobe, etc..

Please forward any sextortion scam emails to phishing@middlebury.edu so that the sender addresses can be blocked!

For more information on these sorts of scams, see:

https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/comment-page-13/
Excerpt: “The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address.”

These are indeed scams. Recent samples have been personalized with older passwords stolen from breaches of third-party websites, such as Linkedin, Adobe, etc..

Here is a resource to help you find out where an old password to a 3rd party site may have been exposed: https://haveibeenpwned.com is run by Troy Hunt, a globally recognized security expert.

Check your email address here: https://haveibeenpwned.com (use your_username@middlebury.edu and then scroll down to see services where your username may have been part of a breach)

Check your password here: https://haveibeenpwned.com/Passwords

Change that password anywhere you use it and this time, pick a different STRONG password for each service.

Again, please forward any sextortion scam emails to phishing@middlebury.edu so that the sender addresses can be blocked from bothering our community members!

SCAM Alert – Gift Cards

ITS is aware of an influx of Gift Card scam emails received by members of the Middlebury community. These are indeed scams, identified as such by the FTC and other sources (see below). This variant seems to be spoofing faculty/staff members, using external email addresses from service providers like aol.com 

https://www.consumer.ftc.gov/blog/2018/10/scammers-demand-gift-cards 

https://abc7chicago.com/finance/gift-card-scam-uses-bosses-email-addresses-when-phishing/4556080/ 

https://blog.knowbe4.com/scam-of-the-week-the-boss-needs-itunes-gift-cards-for-customers…-now

Please forward any Gift Card scam emails to phishing@middlebury.edu so that the sender addresses can be blocked! Also see the How To Report Scams info below the FTC article.

From: https://www.consumer.ftc.gov/blog/2018/10/scammers-demand-gift-cards 

“Gift cards are a great way to give a gift. But did you know they are also a scammer’s favorite way to steal money? According to the FTC’s new Data Spotlight, more scammers are demanding payment with a gift card than ever before – a whopping 270 percent increase since 2015.Gift cards and reload cards are the #1 payment method for imposter scams. More scammers are demanding payment with a gift card. The percentage of consumers who told the FTC they paid a scammer with a gift card has increased 270% since 2015. Reports to the FTC say scammers are telling people to buy gift cards at Walmart, Target, Walgreens, CVS and other retail shops. 42% of people who paid a scammer with a gift card used iTunes or Google Play. Federal Trade Commission. ftc.gov/complaint. ftc.gov/giftcards

Gift cards are for gifts, not for payments. If someone calls with urgent news or a convincing story and then pressures you to pay them by buying a gift card, like an iTunes or Google Play card, and then giving them the codes on the back of the card – stop. It’s a scam.

Gift cards are the number one payment method that imposters demand. They might pose as IRS officials and say you’re in trouble for not paying taxes; or a family member with an emergency; or a public utility company threatening to shut off your water; or even a servicemember selling something before deployment. Or they might call with great news – you’ve won a contest or a prize! But to get it, you need to pay fees with a gift card. Scammers will say anything to get your money. And they know how to play into your fears, hopes, or sympathies. They like gift cards because, once they’ve got the code on the back, the money is gone and almost impossible to trace. But knowing how these scams work can help you avoid them, and you can help even more by passing on the information to people you know.

If you paid a scammer with a gift card, report it as soon as possible. Call the card company and tell them the gift card was used in a scam. Here is contact information for some of the gift card companies that scammers use most often. Then, tell the FTC about it – or any other scam – at ftc.gov/complaint. Your reports may help law enforcement agencies launch investigations that could stop imposters and other fraudsters in their tracks.”

How To Report Scams

Amazon

  • Call 1 (888) 280-4331
  • Learn about about Amazon gift card scams here.

Google Play

  • Call 1 (855) 466-4438
  • Report gift card scams online here.
  • Learn about Google Play gift card scams here.

iTunes

  • Call 1 (800) 275-2273 then press “6” for other, then say “operator” to be connected to a live representative.
  • Learn about iTunes gift card scams and how to report them here.

Steam

  • If you have a Steam account, you can report gift card scams online here.
  • Learn about Steam gift card scams here.

MoneyPak

  • Call 1 (866) 795-7969
  • Report a MoneyPak card scam online here.