Author Archives: Chris Norris

Improved Filtering of SPAM and Phishing Email

ITS has begun enabling new, proactive anti-spam and anti-phishing email filters intended to improve the filtering of unsolicited and unwanted messages, by leveraging external reputation-based lists of email servers that have been flagged for sending spam and/or malicious email.

We’ve had the new filters in “Tag” mode since October 2014, so we’re confident that they are accurate and we’ll be closely monitoring incoming mail queues during days after the change. Still, there is a possibility that someone trying to sending you email will have their message blocked, if their email servers have been flagged for sending spam and/or malicious email. The sender, in such cases, will receive an email advising them that their message could not be delivered.

If you encounter such as scenario, (i.e. a legitimate sender is trying to email you, but the message is being blocked by Middlebury’s email servers), or you have noticed legitimate messages recently having been incorrectly tagged as [SPAM?], please contact the ITS Help Desk at helpdesk@middlebury.edu and we will help you identify and resolve the issue.

General questions about this change may be directed to infosec@middlebury.edu.

Sophos Anti-Virus Updates to 10.3.x – Restart Required

College-managed Windows computers which have Sophos EndPoint Security suite installed have automatically received a Sophos update to version 10.3.x. This update requires a reboot of the computer to complete.

Middlebury’s software management application, (KACE), may display a “desktop alert” message requesting that your computer be rebooted to complete the Sophos update. This is a legitimate and valid alert! If you see this KACE “desktop alert” message, please save your files and restart your computer as soon as possible, thank you.

Questions related to this update may be directed to infosec@middlebury.edu.

Security Note – ‘Shellshock’ Vulnerability

As you may have read in mainstream news media outlets, a vulnerability was recently discovered in the Bourne Again Shell component of the Linux operating system. This vulnerability could allow an attacker to execute shell commands through the shell environmental variables. It has also been leveraged for denial of service attacks and other malicious activity.

ITS has already patched relevant local systems and is expecting vendors to patch any relevant externally-hosted systems. There is no evidence to suggest that Middlebury assets have been compromised.

More information about the vulnerability is available on the ITS Information Security web site’s ‘Threat Bulletin’ area: http://www.middlebury.edu/media/view/486102/original/middlebury_threat_bulletin_shellshock.pdf

If you have specific questions, please feel free to email infosec@middlebury.edu.

Security Note – Internet Explorer Zero-Day Bug

As you may have read in mainstream news media outlets, a security vulnerability was recently discovered in Internet Explorer which could allow a remote attacker to execute code on a compromised system. This vulnerability is being actively exploited through Flash-enabled web sites. The vulnerability allows an attacker to execute code on the compromised system and gain access with the same level of permissions as the system user.

Microsoft is releasing patches to address this vulnerability. Middlebury’s network has enhanced security protections already in place.

Here are some protective steps that you can take on your own:

More information about the vulnerability is available on the LIS Information Security web site’s ‘Threat Bulletin’ area: http://www.middlebury.edu/media/view/476056/original/middlebury_ie_zeroday.pdf

If you have specific questions, please feel free to email infosec@middlebury.edu.

Security Note – Internet Explorer Zero-Day Bug

As you may have read in mainstream news media outlets, a security vulnerability was recently discovered in Internet Explorer which could allow a remote attacker to execute code on a compromised system. This vulnerability is being actively exploited through Flash-enabled web sites. The vulnerability allows an attacker to execute code on the compromised system and gain access with the same level of permissions as the system user.

Microsoft is releasing patches to address this vulnerability. Middlebury’s network has enhanced security protections already in place.

Here are some protective steps that you can take on your own:

  • Patch your vulnerable Windows systems.
  • Use a different web browser like Firefox, Safari, or Chrome.
  • Disable  the  Flash  plug-in  in  Internet  Explorer.

More information about the vulnerability is available on the LIS Information Security web site’s ‘Threat Bulletin’ area: http://www.middlebury.edu/media/view/476056/original/middlebury_ie_zeroday.pdf

If you have specific questions, please feel free to email infosec@middlebury.edu.

Security Note – OpenSSL ‘Heartbleed’ Vulnerability

As you may have read in mainstream news media outlets, a vulnerability was recently discovered in certain versions of OpenSSL which could allow a remote attacker access to sensitive data on certain types of servers.

LIS has already patched relevant local systems and is working with vendors to ensure that any relevant externally-hosted systems are similarly patched. There is no evidence to suggest that Middlebury account credentials have been compromised.

More information about the vulnerability is available on the LIS Information Security web site’s ‘Threat Bulletin’ area: http://www.middlebury.edu/media/view/475111/original/middlebury_threat_bulletin_openssl_heartbleed.pdf

If you have specific questions, please feel free to email infosec@middlebury.edu.

New sign-in page for Middlebury Google Apps coming soon

Google has announced that all Google Apps services are getting a new sign-in page. This change will be rolled out to the Middlebury Google Apps instance by March 1st, 2014.

The new sign-in page requires users to sign in with their full email address, like this…

gapps_signin_new

The new sign-in page is intended to provide a streamlined and cohesive sign-in experience for all users, an account chooser that makes it easy to switch between Google accounts, and security enhancements, including advanced bot detection and improved account hijacking protection.

If you have any questions about this change, please comment below or email gadmin@middlebury.edu.

Regards,
The Middlebury Google Admin Team
(Chris)