Tag Archives: Post for MiddPoints

@MiddInfoSec: Don’t Get Hooked

You may not realize it, but you are a phishing target at school, at work, and at home. Phishing attacks are a type of computer attack that use malicious emails to trick targets into giving up sensitive information. Ultimately, you are the most effective way to detect and stop phishing scams. When viewing email messages, texts, or social media posts, use the following techniques to prevent your passwords, personal data, or private information from being stolen by a phishing attack.

    • Verify the source. Check the sender’s email address to make sure it’s legitimate. Remember that the name of the sender is not the important part. The sender’s email address is what you are really looking for. If in doubt, forward your message to phishing@middlebury.edu.
    • Read the entire message carefully. Phishing messages may include a formal salutation, overly-friendly tone, grammatical errors, urgent requests, or gimmicks that do not match the normal tone of the sender.
    • Avoid clicking on erroneous links. Even if you know the sender, be cautious of links and attachments in messages. Don’t click on links that could direct you to a bad website. Hovering your mouse over a link should disclose the actual web address that the link is directing you too, which may be different from what is displayed in the message. Make sure this masked address is a site you want to visit.
    • Verify the intent of all attachments with the sender before opening them. Even when you know a sender, you should never open an attachment unless have checked with the sender to verify the attachment was sent intentionally. Word and Excel documents can contain malicious macros which could harm your computer. Other files, such as zip files and PDF files, could download malware onto your system. Always verify the intent of attachments with the sender before you open them from an email.
  • Verifying a message is always better than responding to a phish. If you ever receive a message that provides reason to pause, it is always better to forward the message to phishing@middlebury.edu or to send a separate email to the sender to verify its intent, before clicking a link or opening an attachment that could potentially impact the security of your computer..
  • Change your passwords if you have fallen for a phish. If you think you have fallen for a phishing attack, change your password at go/password and then contact the helpdesk at x2200. It is also a good practice to change your personal passwords outside of the College.

 

Watch for phishing scams. Common phishing scams are published at sites such as http://IC3.gov , http://phishing.org ,https://www.irs.gov/uac/Report-Phishing. These resources will also allow you to report phishing attacks if you should fall victim outside of the College. Again, if you think you have fallen victim to a phishing attack, always start by changing your passwords.

What’s an Approval Profile, and Why Does the Library Want to Change Ours?

A brown-bag lunch will be held on May 3 at 12:30 pm, in the Crest Room of the McCullough Student Center, to explore the subject of the library’s approval profile. Douglas Black, the library’s Head of Collections Management, will be presenting, with some sweets and coffee to augment your own lunch. He’ll give some history of the approval program in library acquisitions over the years and lead discussion on its role in the academic library collection of the 21st century.

For context, the library selects, acquires, and provides access to materials in many different ways:

  • upon request by students, faculty, and staff
  • automatic purchase of e-books and streaming media based on usage
  • subscriptions
  • package deals on journal subscriptions and purchased journal archives (“backfiles”)
  • one-time purchases of electronic databases, which often require annual maintenance fees
  • gifts/donations
  • and through automatic purchase via an “approval profile.”

Under the approval model, the library utilizes a library vendor (in our case, YBP Library Services) to purchase automatically books that meet certain criteria (e.g., subject, hardbound only, no workbooks, scholarly publishers only, within a certain price range, etc.).  Middlebury typically purchases about 3,000 volumes/year this way, at an average annual cost of $97,000 in the last few years. We recently conducted a thorough analysis of the program’s effectiveness, finding that print books purchased through the approval profile are used much less than those specifically requested. The library believes some of that money could be spent more effectively and would like to gather input from members of the campus community on reshaping the profile.

Please feel welcome to contact your liaison or Douglas Black (dblack@middlebury.edu or x3635) with any questions (whether or not you can attend the meeting), or comment here in the blog.

Notes for Kick-Off on April 5, 2016

Agenda

We will be starting the new ACTT process with a Kick-Off meeting. This is an open, non-mandatory meeting for anyone who is interested in learning about the Academic Cyberinfrastructure Transformation Team to attend. We will introduce the new team members, structure, and thoughts on how the Team activities will be evaluated.

This is an open meeting, please share with anyone who is interested in learning about the ACTT

Notes

  • Mission: “Our mission is to evaluate and recommend technology services and innovations for teach, learning and research.”
  • Joe is teaching a course on “Design Thinking” this semester. Design Thinking includes an “Empathy Phase”

Q&A

    • Q (Melissa/CNS). How will information and requests trickle up?
      • “I have many day-to-day projects where I would love to have a license that exists on the Midd campus, but not the MIIS campus, or I would like to build a server with 1TB of storage to host a web site”
      • “My research center, CNS, is becoming such a large consumer of storage and bandwidth”
      • “On a request from Laurie Patton, I am researching a cloud services that could host our information”.
      • Answer – Joe – Anyone who wants to make a request for technology or technology services for academic use may approach the team. Happy to be an entry point for requests that may go to ITS or other groups.
      • Jim – we have to account for the resource requests during the budget request process.
    • Q (Melissa/CNS). We are a collection of researchers that become PI on large grants, we need to inform others of the implications on the projects that we are running…  So we can write it into
      • We are giving money to non-Middlebury developers to do things that could be done inside Middlebury
      • Jim: not necessarily opposed to using outside resources…
    • Q (Jim): May be Amy McGill can weigh in on the MIIS budget process and how funding decisions are made.
      • Amy McGill
        • MIIS Research Centers are funded with base productivity requirements
        • Campus community infrastructure is for day-to-day use
        • Research Centers seek their own funding for larger projects that need additional resources, they do typically provide for initial as well as on-going maintenance costs.
    • Q. ACTT contribution to the Strategic Planning Process?
      • t.b.d.
  • Q (Melissa/CNS).  Is it too early to start making suggestions for agenda items?
  • Q (Melissa/CNS).  I would love to explore the ability to share licenses across campuses.  We pay out of grant licenses for Tableau, for image processing software…  I drool over some of the licenses that the Geology department has.  This is not a simple request, but I would love to tackle it as a subject.
    • A (Zach/ITS-SR): Let’s talk; more productive if we can get an idea of the specific titles you’re interested in, so we can check what licensing models are available.
  • Q (Melissa/CNS).  I would love to talk about our data storage and access to bandwidth.  Because we use satellite images, large data sets, we are becoming something of a hog on the MIIS systems.   I would like to open a discussion on how we can meet CNS’s research technology needs including storage, bandwidth, and some security issues.
    • Joe: Has anyone done a “needs assessment for the department”?
      • We don’t have a department, we are a research center within a larger campus.
      • I have done a casual needs assessment. 13 TB of storage, external drives, google drives, drop boxes… Need access across three offices.
      • Jim:  ITS can help with a needs assessment and identify appropriate technology solutions, perhaps on campus or in the cloud, ideally consistent with other larger IT initiatives for Middlebury and work with CSN to identify, implement solutions.  We did this for the Middlebury DC office a couple of years ago that included the CSN operation there for example.
  • Q (Bob/MIIS).  Working toward equitable cyber infrastructure across VT and Monterey campuses seems like a an appropriate activity for the Team.

Actions

Joe to build form for collecting evaluation requests.

ACTT In-Progress Project Presentations for RStudio Server and the Academic Cyberinfrastructure Inventory

Tuesday, April 12th from 3-4pm
LIB 105A or Polycom 712833

The new ACT Team process includes in-progress project presentations. These presentations are meant to inform the community about how things are going, what has been done and what still needs to be done, what is going well and what are the challenges.

Agenda

In this meeting we will have two presentations:

In-progress project presentations are open meetings, anyone may attend. Please feel free to share the invitation with anyone you feel is interested in the topics discussed.

 

Welcome to “Self-Service” Software Installation

ITS has been working on options for our customers to install licensed software on their college-owned computers using convenient, “self-service” methods that provide control over when the installations take place. (We are not licensed to provide software on personally owned computers, only college owned.)  To learn how this works on college Windows computers, please visit  KACE Self-Service information.  If you have a college Mac, visit Mac Self Service information for details.

Initially, we have made a few of our most commonly-requested Adobe products available through self-service for both Mac and Windows platforms, as well as the new Microsoft Office 2016.   We will be working to add software titles in the next few months.  Please note that not all software is purchased with licensing to be available for every computer on campus.

Self-service installations work best when you are here on campus using a wired (Ethernet) connection to our network.  Use of VPN or wireless connections may work but they will be much slower and are more likely to experience issues.

We are excited to offer this new service and want to hear about how it worked for you.  Feel free to share your feedback, questions, or concerns with our Technology Helpdesk.

Digital Surrealism as Research Strategy April 5th

Please join us Tuesday, April 5th at 12:15 PM in the CTLR Lounge for a lunchtime discussion with Kevin Ferguson on some playful and interdisciplinary approaches to digital scholarship that use technologies developed in other fields (like the medical imaging software ImageJ) to answer humanistic questions. Lunch will be served, so please RSVP here. He also has some free time during the day on Wednesday, so if you’d like to learn more about ImageJ or chat with him email Alicia Peaker with your availability.

Most digital humanities approaches pursue traditional forms of scholarship by extracting a single variable from cultural texts that is already legible to scholars. Instead, this talk advocates a mostly-ignored “digital-surrealism” that uses computer-based methods to transform film texts in radical ways not previously possible. The return to a surrealist and avant-garde tradition requires a unique kind of research, which is newly possible now that humanists have made the digital turn. I take a surrealist view of the hidden in order to imagine what aspects of media texts are literally impossible to see without special computer-assisted techniques. What in the archive is in plain sight but still invisible? What in the cinema is so buried that our naked eyes are unable to see it? Here I present one such method, using the z-projection function of the scientific image analysis software ImageJ, to sum film frames in order to create new composite images. I examine four corpora of what would normally be considered rather different types of film: (1) the animated features produced by Walt Disney Animation Studios, (2) a representative selection of the western genre (including American and Italian “spaghetti” westerns), (3) a group of gialli (stylish horror films originating from Italy that influenced American slasher films), and (4) the series of popular Japanese Zatoichi films, following the adventures of the titular blind masseuse and swordsman living in 1830s Japan.

Kevin Ferguson is an Assistant Professor of English and Director of Writing at Queens College (CUNY). He teaches undergraduate and graduate courses on college writing, contemporary literature, and film adaptation.

@MiddInfoSec: Phishing Alert – – “Update Announcements”

A phishing email message was sent to @middlebury.edu mailboxes today with a subject line of “Update Announcements”.  DO NOT RESPOND ON THIS MESSAGE!

The phishing email message is an attack designed to trick people into disclosing their username and password.  Do NOT follow the instructions in the message, as it could lead to your Middlebury account being compromised.

If you were tricked by the email and responded,  reset your network password immediately at go/password and then call the Helpdesk at x2200 for further assistance with your account and any possible concerns with your computer.

Here’s a sample of the phishing email message:


Dear middlebury.edu User.

Urgent Update Announcements.

Your middlebury.edu Account has been Sign in with a strange IP Address: And this indicate your mail account is been used for FRAUDULENT ACT, For these reasons, Our records indicate you are no longer our current/active user. Therefore, your account has been scheduled for deletion on this Month of APRIL, 2016. As part of this process, your account, files, email address messages etc, will be deleted from our Data Base.

To Retail Your Account.

You are required to reply with your valid ONLINE ACCESS for reactivation, to ensure Your account remains active and subscribed, Otherwise this account will be De-activated within the next 72 hours hence from now.

Name In Full:

User Name:

Pass Word:

@middlebury.edu

Thank You.