Chris Norris

Posts by Chris Norris

 
 
 

Security Note – Internet Explorer Zero-Day Bug

Categories: Midd Blogosphere

As you may have read in mainstream news media outlets, a security vulnerability was recently discovered in Internet Explorer which could allow a remote attacker to execute code on a compromised system. This vulnerability is being actively exploited through Flash-enabled web sites. The vulnerability allows an attacker to execute code on the compromised system and gain access with the same level of permissions as the system user.

Microsoft is releasing patches to address this vulnerability. Middlebury’s network has enhanced security protections already in place.

Here are some protective steps that you can take on your own:

More information about the vulnerability is available on the LIS Information Security web site’s ‘Threat Bulletin’ area: http://www.middlebury.edu/media/view/476056/original/middlebury_ie_zeroday.pdf

If you have specific questions, please feel free to email infosec@middlebury.edu.

Security Note – Internet Explorer Zero-Day Bug

Categories: Midd Blogosphere

As you may have read in mainstream news media outlets, a security vulnerability was recently discovered in Internet Explorer which could allow a remote attacker to execute code on a compromised system. This vulnerability is being actively exploited through Flash-enabled web sites. The vulnerability allows an attacker to execute code on the compromised system and gain access with the same level of permissions as the system user.

Microsoft is releasing patches to address this vulnerability. Middlebury’s network has enhanced security protections already in place.

Here are some protective steps that you can take on your own:

  • Patch your vulnerable Windows systems.
  • Use a different web browser like Firefox, Safari, or Chrome.
  • Disable  the  Flash  plug-in  in  Internet  Explorer.

More information about the vulnerability is available on the LIS Information Security web site’s ‘Threat Bulletin’ area: http://www.middlebury.edu/media/view/476056/original/middlebury_ie_zeroday.pdf

If you have specific questions, please feel free to email infosec@middlebury.edu.

Security Note – OpenSSL ‘Heartbleed’ Vulnerability

Categories: Midd Blogosphere

As you may have read in mainstream news media outlets, a vulnerability was recently discovered in certain versions of OpenSSL which could allow a remote attacker access to sensitive data on certain types of servers.

LIS has already patched relevant local systems and is working with vendors to ensure that any relevant externally-hosted systems are similarly patched. There is no evidence to suggest that Middlebury account credentials have been compromised.

More information about the vulnerability is available on the LIS Information Security web site’s ‘Threat Bulletin’ area: http://www.middlebury.edu/media/view/475111/original/middlebury_threat_bulletin_openssl_heartbleed.pdf

If you have specific questions, please feel free to email infosec@middlebury.edu.

New sign-in page for Middlebury Google Apps coming soon

Categories: Midd Blogosphere

Google has announced that all Google Apps services are getting a new sign-in page. This change will be rolled out to the Middlebury Google Apps instance by March 1st, 2014.

The new sign-in page requires users to sign in with their full email address, like this…

gapps_signin_new

The new sign-in page is intended to provide a streamlined and cohesive sign-in experience for all users, an account chooser that makes it easy to switch between Google accounts, and security enhancements, including advanced bot detection and improved account hijacking protection.

If you have any questions about this change, please comment below or email gadmin@middlebury.edu.

Regards,
The Middlebury Google Admin Team
(Chris)

Gartner Technology Research Access for Middlebury

Categories: Midd Blogosphere

The Middlebury campus community can find out what’s happening with global IT trends with access to research, news analysis and trends from Gartner Inc.

Gartner, Inc. (NYSE: IT) is the world’s leading information technology research and advisory company. Middlebury has a campus subscription to Gartner’s online research database. To access Gartner, simply visit http://go.middlebury.edu/gartner-login and authenticate using your Middlebury username and password.

Students can benefit by using Gartner to find research for assignments, learn where IT is headed and how it will shape our world, discover an area of interest, or even get ideas on careers. Gartner research enriches the educational experience by providing timely, objective real-world examples and content.

Faculty & Staff can benefit by using Gartner to stay current on IT industry trends. Gartner provides insight to the application of technology to real-world problems and enables understanding of the long-term trends and issues that current and future IT decision makers will face.

Should you have any problems accessing this resource or have any questions pertaining to Gartner research, please contact Chris Norris.

Interested in the most current and cutting edge information about technology?

Categories: Midd Blogosphere

The Middlebury campus community can find out what’s happening with global IT trends with access to research, news analysis and trends from Gartner Inc.

Gartner, Inc. (NYSE: IT) is the world’s leading information technology research and advisory company. Gartner delivers technology-related insight that helps clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, Gartner is a valuable partner to 60,000 clients in 11,000 distinct organizations. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, U.S.A., and has 4,400 associates, including 1,200 research analysts and consultants, and clients in 85 countries.

Students can benefit by using Gartner to find research for assignments, learn where IT is headed and how it will shape our world, discover an area of interest, or even get ideas on careers. Gartner research enriches the educational experience by providing timely, objective real-world examples and content.

Faculty & Staff can benefit by using Gartner to stay current on IT industry trends. Gartner provides insight to the application of technology to real-world problems and enables understanding of the long-term trends and issues that current and future IT decision makers will face.

The Gartner home page is the starting point to learn about which technologies are just hype, what innovations will change how people work and play, how current events will impact technology and business, and which issues keep IT leaders awake at night.

Gartner’s research is licensed for use and is accessible at no cost to our students, faculty and staff. To access Gartner, you’ll need to first authenticate using your Middlebury username and password at http://go.middlebury.edu/gartner-login.

(Middlebury username and password required)

Should you have any problems accessing this resource or have any questions pertaining to Gartner research, please contact Chris Norris in LIS Administration at cnorris@middlebury.edu.

GO/phish

Categories: Midd Blogosphere

Early this morning, Middlebury experienced another email phishing attempt. The email message read like this:

— Message Start —

Warning !!!

Web administration has noticed your email was logged in in another location we advised that you change your PASSWORD to submit your new information CLICK HERE

Thank you for using our email.

Copyright ©2013 Email Helpdesk Centre.

— Message End —

Had you followed the CLICK HERE link in the phishing email, you might have seen another fraudulent Google form asking for your account credentials and other personal information.

Be advised that Google recently implemented security improvements to the Google Drive/Docs service that blocked the fraudulent form almost immediately. In addition, controls were enabled on our systems to block any additional matching messages from being delivered.

Still, if you suspect that you may have recently provided your Middlebury credentials to a fraudulent Google web form, you should immediately reset your password at go/activate and then contact the Helpdesk. If you become aware that your Middlebury account has been disabled, you must contact the Helpdesk to resolve.

It is important that community members keep themselves informed about these types of information security threats and be vigilant about protecting their credentials and personal information.

More information about safe computing practices is available at go/infosec and remember that you can report phishing attempts to phishing@middlebury.edu.