Category Archives: LIS Staff Interest

Weekly Website Updates – March 28, 2016

New Features

We have added the TwentyTwenty plugin to WordPress, which can be used to show before and after images with a slider to compare.

Updates

Fixes and Tweaks

  • When you look at course information on the Course Catalog, the instructors will now be listed with the “primary” instructor, according to Banner, listed first, followed by additional instructors in alphabetical order.
  • We have re-enabled multi-file uploads in Drupal webforms that are behind authentication. There is an error that affects multi-file uploads in unauthenticated forms, but works when you’re logged in. This will allow files to be replaced in webform submission drafts for authenticated forms.
  • The MediaWiki API URL is now required when setting up Scripto in Omeka and there is better messaging on the form to indicate this and avoid error messages when creating new sites.
  • Fixed the GO shortcut dropdown for quick search results on the Middlebury Drupal site.
  • You should no longer see an SSL error when viewing a site using the responsive theme over HTTPS. Paths to the logo image file and the blue gradient background are now protocol agnostic.
  • If you add a page on the Middlebury website to your home screen on an iOS device you’ll now see the shield icon, rather than a styled blue “M”.

Systems Maintenance this Friday and Sunday, March 25th & 27th

During our regular maintenance window this Sunday, 27th from 6 am – 10 am EST we have the following activities scheduled.

  • ​The eduroam wireless network will be moved to a new IP range. Users logged in at the time will be required to reconnect.
Special maintenance window Friday evening, March 25th starting at 8 pm EST
  • ​The Monterey campus will migrate to a new phone system starting at 5 pm PST (8 pm EST). Incoming calls to Monterey lines will be unavailable for a 2-3 hour window. Afterward all incoming calls through Saturday will go to voicemail on the new system while handsets are replaced.

 

We appreciate your patience as we continuously strive to keep our systems functioning optimally.

 

Regards,

Billy

 

 

Billy Sneed

ITS – Central Systems & Network Services

Middlebury College

Come Secure your Mobile Device

Learn about Mobile Security

Plan ahead for an afternoon RoadShow and Workshop with Middlebury ITS staff on March 30th from 2:00pm to 4:00pm in Davis Family Library 145.

This is an opportunity for you to ask questions and get hands-on help securing your mobile device(s):

  • How do I add a pin to my mobile device
  • Is my device encrypted
  • How do I track my device if lost
  • How do I remote wipe my device
  • How do I ensure my data is backed up

Image 001

ITS Staff will be present to help you secure your mobile device, so bring your iOS, Android, and/or Windows Mobile device(s)!

Follow Information Security on Twitter @MiddInfoSec.

Weekly Web Updates – March 21, 2016

Middlebury WordPress Sites Now Resize Images After Upload

We have Network Enabled the Resize Images After Upload plugin on the Middlebury WordPress sites (sites.middlebury.edu). This plugin does not affect any images you have previously uploaded to WordPress, however, it will resize new images larger than 1200×1200 pixels so that they have a maximum of those dimensions. Smaller images will not be affected.

We find that people often upload very large original images from devices like their phone, but then only show them at the width of a WordPress post, which is usually less than 800px. This causes them to run out of space on their site quickly for images they’re not showing at full size. This plugin will help keep your site under the default storage quota.

If your site needs to store very large images at their original dimensions, you can change the plugin settings by going to your WordPress site dashboard, clicking on Settings, clicking on Resize Image Upload and changing “Enable re-sizing” to “NO – do not resize images”. You can also change the maximum dimension settings.

Drupal Taxonomy Field Permissions Update

In several places on our sites we have fields that allow you to add tags to content and, if you enter a tag that doesn’t exist yet, your new tag will be added to the list of available tags. We have changed this behavior so that only people in the Communications groups at Middlebury and MIIS can add new tags to the “New MiddTags” taxonomy on the Middlebury Drupal site and the “MIIS Tags” taxonomy on the MIIS site.

If you are not in that group, you can still tag your content with one of the tags they’ve made available, but if you try to add a new one, you will get an error message. This does not affect the “MiddTags” taxonomy, which can still be used to add whatever tags you like. The “New MiddTags” vocabulary appears on the News and Story content types in the Middlebury Drupal site. The “MIIS Tags” taxonomy appears on the Story, Profile, Gallery, File Upload, and Ten Questions content types on the MIIS Drupal site.

Updates

Fixes and Tweaks

  • Added a link to the MIIS Emergency information site to the Quick Links portion of the site header in Drupal, the Course Catalog, the Directory, GO, and the m.miis.edu site.
  • Fixed an issue with the “title” attribute of Vimeo embeds in Drupal.
  • The style of the Site Editor Log On link in the center page region of our Drupal site was updated to ensure that the link is readable when you hover over it and aligned with its bullet point.
  • If you are viewing content that embeds an image that’s in a Drupal Recycle Bin as an editor, the link to the Recycle Bin is now clickable.
  • The WordPress admin bar, with the Log In link is now set to appear above most other theme elements, ensuring that the links are clickable on themes with transparent headers.
  • The “featurednews” element, which showed out-of-date blog posts, was removed from the Current Students page.
  • Link paths to the submission form on the Non-College Housing site are now fully qualified as relative paths weren’t working on one person’s local network.
  • When we first set up the Davis UWC Scholars site we created a user account for everyone at Middlebury, but we really only need a few such accounts for the site editors. Accounts that aren’t associated with any content on the site have been removed to ease that site’s migration to Drupal 8.
  • Table cell padding in our responsive theme for the Middlebury site was decreased by 5px for mobile.

Beware of Fake Order/Fake Invoice Emails with Malicious Attachments

Attackers commonly use the macro functionality found in Microsoft Word and Excel to attack their victims. They attach malicious documents to an email. When opened, the files can lead to a virus infection on your computer.  If you ever get a message with any of these attachments, particularly if you were not expecting it, do NOT open the attachment.

We have received reports for faked order confirmation and fake invoice emails this week that have been well crafted. The faked emails included malicious Microsoft Word documents bearing malware. A couple of examples are included below.

ALWAYS verify unexpected emails with the sender, particularly if they include attachments.

NEVER open attachments that you are not expecting without first verifying they are legitimate with the sender.

If you do open an attachment or file that you suspect is malicious unplug your network cable and contact the helpdesk at x2200 immediately.

fake-invoice-email fake-order-summary-email

Weekly Web Updates – March 14, 2016

New Features

The login page for CAS, our single-sign on service, now uses a responsive theme. This should make it easier for you log in to our services on your mobile device, particularly useful for responsive-enabled services like WordPress.

We have added the CommentPress plugin to WordPress, which allows line-by-line commenting on a document.

Similarly, we added the Scripto plugin for Omeka, which enabled crowd-sourced document transcription.

iFrames from SensusAccess can now be embedded in Drupal using the iframe shortcode.

When our front-end caching service, Varnish, is unable to fetch a new page from the Drupal servers and has no cached copy of the page it used to show a gray error page that said “503 Guru Meditation”. We’ve improved this so that it looks like a regular Middlebury page, has a human-readable error message, and a link to Web Helpdesk.

School of Hebrew classes are now searchable in the Course Catalog and can provision curricular resources through the Course Hub.

Updates

Tweaks and Fixes

  • The MIIS Drupal site now uses the Institute’s shield for its favicon and the Middlebury and MIIS WordPress sites will now use their shield favicons by default. Individual sites can override this using the WordPress Customizer in the dashboard under Appearance.
  • We’ve improved the performance of the query that the Drupal Monster Menus module uses to apply permissions to multiple pages so that it’s optimized for our database software. This operation should run somewhat faster.
  • The homepages of our Drupal sites had titles ending with ” |” when the “site slogan” wasn’t set. These extra characters are now removed so that the title of the Middlebury site is now “Middlebury”, not “Middlebury |”.
  • We have resolved an error that was preventing some custom splash images from being used on MiddMedia embeds in WordPress.
  • The WRMC site was fetching and stores new cover art URLs on every page load, whether it already had them in its local database or not. It now only fetches cover art it doesn’t know about yet, reducing somewhat the 9,000,000,000 records stored previously.
  • The Pinterest sharing button on the MIIS Drupal site stories now uses the custom icon that matches the other share buttons.
  • Added 10px of padding between the main content region and the content sidebar on the MIIS site to ensure that the text doesn’t run directly against the sidebar, which now has a different background color.
  • Resolved a display issue with the Log In / Log Off links in the Course Hubs.
  • We added maps for Congo, Ghana, Mexico, and Palestine to the Davis Projects for Peace site.
  • We have removed a number of Drupal modules from our sites that were not actively used. These include accessibility, addressfield, bundle_copy, cf, config_perms, content_taxonomy, data, elements, expire, feeds, feeds_oai_pmh, feeds_tamper, geocoder, geofield, geophp, git_deploy, jquery_countdown, kml, middlebury_mobile_detection, middlebury_subjectsplus, migrate, node_accessibility, node_accessibility_statistics, oauth, openlayers, phplot_api, proj4js, quail_api, rules, twitter, twitter_pull, and views_rss. Additionally, the zen theme was removed.
  • MIIS Language and Professional Programs are now searchable again in the Course Catalog.

@MiddInfoSec: Securing Mobile Devices

Information Security has a new Twitter feed and other new content on their website. Follow us at @MiddInfosec on Twitter or visit our website at http://go.middlebury.edu/infosec

Mobile devices have become one of the primary ways that we communicate and interact with each other. Powerful computers now fit in our pockets and on our wrists, allowing us to bank, shop, view our medical history, work remotely, and communicate from virtually anywhere. With all this convenience comes added risk, so here are some tips to help secure your devices and protect your personal information.

    • Password-protect your devices. Protect the data on your mobile device and enable encryption by enabling passwords, PINs, fingerprint scans, or other forms of authentication. On most current mobile operating systems you have the option to encrypt your data when you have a password turned on. Turn it on!
    • Secure those devices and backup data. Make sure that you can remotely lock and/or wipe each mobile device. That also means you should back up your data on each device in case you need to use the remote wipe function. Services such as iCloud, OneDrive, and Google offer device location, wipe and backup services.
    • Verify app permissions. Don’t forget to review which privacy-related permissions each application is requesting, before installing it. Be cautious of fake applications masquerading as legitimate programs by verifying that the application is from a reputable source, such as the Apple Apps Store, Microsoft’s Store, or Google’s Play Store. Occasionally,  applications in the official stores can include malware. Read reviews and descriptions carefully. Only install applications that you need. Remove applications that you are no longer using.
    • Update operating systems. Security fixes or patches for mobile devices’ operating systems are often included in these updates. Just like patching a computer, iOS, Android, and Windows Mobile all need to be patched and kept current.
    • Be cautious of public Wi-Fi hotspots. When using your mobile device, watch for connections to public hotspots. Many mobile devices will automatically connect to hotspots and prioritize data transmission over Wi-Fi by default. Verify that your settings require manually selecting hotspots if possible. Working with sensitive data while connected to a public hotspot could lead to unintended data exposure. Always ensure that you are using a secure connection.
    • Always apply safe computing practices. Whether traveling with a mobile device, a laptop, or sitting in a hotel business center, you always want to use safe computing practices to protect your data. See this link for more tips: http://www.middlebury.edu/offices/technology/infosec/education/training/SafeComputing.

 

@MiddInfoSec: A New Phishing Attack is Targeting Email ID’s

A new phishing attack is hitting the campus with a subject line of, “Your email id”. Delete this message if you see it. Do NOT click any links in this message. If you believe you have fallen for this fishing attack:

This malicious email would have looked similar to the message below.

————————————

Subject: Your email id

Your?mail Id has used 91% of its allowable storage space.?Once your account exceeds the allowable storage space you will be unable to receive any email.?Click?Resolve?to login to your account and resolve this issue.

?

Support

—————————–

For additional information on phishing please visit http://go.middlebury.edu/phish .