@MiddInfoSec: Information Security is Everyone’s Responsibility!

It is important for each of us to be aware of the increasing security risks to our increasingly connected lives. From laptops and tablets to smartphones and wearable technology, and 24/7 access to our personal data, the risk of sensitive information being exposed is very real.

  • Be Data Aware:

 Travel with, save, or record ONLY the data that is necessary and essential. Always redact or remove unnecessary sensitive data. Always keep your data backed-up and encrypted, when possible.

  • Protect Your Device:

Add a passcode to your cell phone, tablet, or laptop right now! iOS devices automatically encrypt your data once a passcode has been set. Android devices can encrypt your data with a few minor settings changes.

  • Use Strong & Unique Passwords or Passphrases:

Especially for online banking and other important accounts.

  • Use Multi-Factor Authentication when available:

Middlebury is introducing MFA for O365 and other services in 2016. Use MFA wherever possible.

  • Check Your Social Media Settings:

Review your social media security and privacy settings frequently. Enable MFA whenever possible. Keep your social media accounts current or close them.

  • Educate Yourself:

Stay informed about the latest technology trends and security issues such as malware and phishing. Visit http://go.middlebury.edu/infosec for more information. For targeted training visit: http://go.middlebury.edu/infoseced .

  • Get Trained:

Contact ITS – Information Security at infosec@middlebury.edu to set up a training session for your department.

ACTT Extended Team Meeting Agenda for September 6, 2016

The new ACT Team process includes Extended Team meetings. These closed meetings allow the Team to work with expert staff and focus on evaluating solutions that inform recommendations.


  1. Video Conferencing – Middlebury is investigating alternative video conferencing services for distance learning. Adobe will be discontinuing their education pricing for Adobe Connect licenses, doubling our costs. Services with comparable features are available with enterprise licenses at the same cost. – Mack
  2. Canvas LTI Governance – Middlebury is adopting Canvas, a Learning Management System developed and maintained by Instructure. Canvas has built-in features that support course activities in an online environment, like discussions, quizzes, and assignment submissions. Canvas also has an extensible architecture that allows for integration with other services. These services, commonly known as apps or LTIs, can be integrated at the course, program and service level. – Joe

Weekly Web Updates – August 29, 2016

WordPress Comment Spam

We received no reports of issues and did not notice an increase in spam comments this week during our test removal of one of the several comment spam measures we use in WordPress, so we’ve decided to leave the one we removed on Monday turned off.

WordPress Plugin and Theme Removals

We have removed the OnSwipe plugin, which was no longer getting updated. This plugin created a tablet view of a blog for non-responsive themes. If you still need this functionality, you can switch to one of our responsive themes, like any of the “Twenty” series or enable the WPtouch plugin.

We have also removed the JournalCrunch theme, which was no longer getting updated and was not being used by any sites.

Additionally, the Magazeen, colorpaper, Blogtheme, Bueno, Monotone, and Mystique themes were disabled, but not removed. Sites using one of these themes will still be using it, but the themes cannot be enabled on any new sites. Sites using these themes are encouraged to switch.

In each of these cases, the theme or plugin is using an old, common program to generate thumbnail images that has had issues in the past. Moving away from this script will help improve the availability and responsiveness of our WordPress service.


Fixes and Tweaks

  • The Course Hub will now check to see if you have Panopto content before allowing you to delete a Panopto Resource from your course. You will need to delete the videos in Panopto before removing the resource.
  • Fixed various widths and margins in the CCI WordPress theme sidebar. [From our colleagues in College Communications].

Exchange Public Folders Will Be Unavailable 8/30–8/31

The migration of Middlebury’s email services to Microsoft’s Office 365 cloud environment is well underway. As of Friday, August 26th, we have moved 87% of all mailboxes to the cloud. Thank you so much for the help and feedback to date, it wouldn’t be possible without your support. The migration schedule can be found at http://go.middlebury.edu/cloud, updated daily.

For those of you that use Exchange Public Folders for departmental calendars, etc., we have an update. Public Folders will be unavailable for access from Tuesday, August 30th through Noon EST on Wednesday, August 31st. Public Folders are handled differently from mailboxes in Microsoft Exchange, and because of that difference they will be unavailable during their migration to the cloud.

When they are available again on August 31st, some users may need to re-open the Public Folders they normally access. We apologize for any inconvenience this may cause.

Here are the instructions for Outlook 2016 for Windows:

In Outlook, press Ctrl-6 to open the Folder View. You should see something like this:


To add a public folder to your Favorites, right-click the folder, then select Add to Favorites…. You should now be able to access it whenever you need it, including in the Calendar screen under “Other Calendars.”

Other platforms:

Thanks again for your support and understanding. Please contact the Helpdesk with concerns or issues.

@MiddInfoSec: Keeping Your Password Secure

Did you know that most passwords are easily broken? A few “secrets” can help you make a stronger more memorable password.


  • Longer is better – use at least 8 characters with upper and lower case, numbers and symbols.
  • Create an easy-to-remember passphrase  with four or more words substituting special characters for some of the letters.
  • Use a unique password for each service or account.
  • Change your password or passphrase regularly:
  • Be sure you’re on the correct website before entering your password or passphrase
  • Set a password for access to your mobile device


  • Don’t include personal information such as usernames, account numbers, address or phone numbers in your password or passphrase.
  • Don’t reuse the same password for multiple services
  • Don’t use a single word, in any language
  • Don’t use consecutive repeating characters or a number sequence
  • Don’t share your password or passphrase – even with managers, co-workers or the Help Desk
  • Don’t send your passwords through email


Weekly Web Updates – August 22, 2016

WordPress Comment Spam

We are testing a change to our filtering this week that may result in an increase in the number of spam comments posted to your site. If you notice an increase, please let us know. This test will run though Friday, August 26 at the latest.

Drupal Permissions Changes

Since September 2015, there has been an issue where applying permissions to sub-pages in our Drupal sites would occasionally remove custom permissions at lower levels. We’ve corrected this so that changing page permissions now works as intended and have reviewed our Helpdesk tickets since last September to ensure that the permissions of everyone who reported a problem are back in place.

WordPress 4.6

  • Native fonts: The WordPress dashboard now takes advantage of the fonts you already have, making it load faster and letting you feel more at home on whatever device you use.
  • Inline link checker: Ever accidentally made a link to https://wordpress.org/example.org? Now WordPress automatically checks to make sure you didn’t.
  • Content recovery: As you type, WordPress saves your content to the browser. Recovering saved content is even easier with WordPress 4.6.

Course Hub “Panopto” Resource

In preparation for Middlebury’s pilot of the Panopto video recording and streaming service, we have built a Panopto integration into the Course Hub which allows instructors to provision course folders and appropriate groups with just a few clicks.


Fixes and Tweaks

  • The link to WebMail in the MIIS site header was changed to go/newmail as all MIIS faculty, staff and student mailboxes have been moved to the new cloud-based email system.
  • Reverted a code style change that caused the input fields in the WordPress MailChimp widget to disappear.
  • The “download” attribute is now supported for link elements in the Middlebury Drupal site. This can only be added using the HTML button in the editor at this time. The attribute means that the image or document file linked to will be downloaded rather than opened in the browser window. This only works in Firefox, Chrome, Opera and the Android browser at this time.
  • Fixed an issue with Panopto SAML2 authentication to ADFS caused by the roll-over of ADFS’s “signing cert”. Updating this cert configuration will be an annual task in the future.

Can Students See My Course Site?

Middlebury is approaching the start of the undergraduate academic year, this is the time where faculty are thinking about course web sites. The college has also started the transition from Moodle to Canvas, a new Learning Management System (LMS) that is developed and hosted by Instructure. Like Moodle, faculty can create their Canvas course sites...

[Continue reading]