ACTT Kick-off Meeting: April 5th, 2016

Tuesday, April 5th from 3-4pm
LIB 105A or Polycom 712833

Agenda

We will be starting the new ACTT process with a Kick-Off meeting. This is an open, non-mandatory meeting for anyone who is interested in learning about the Academic Cyberinfrastructure Transformation Team to attend. We will introduce the new team members, structure, and thoughts on how the Team activities will be evaluated.

This is an open meeting, please share with anyone who is interested in learning about the ACTT.

@MiddInfoSec: Phishing Alert – – “Update Announcements”

A phishing email message was sent to @middlebury.edu mailboxes today with a subject line of “Update Announcements”.  DO NOT RESPOND ON THIS MESSAGE!

The phishing email message is an attack designed to trick people into disclosing their username and password.  Do NOT follow the instructions in the message, as it could lead to your Middlebury account being compromised.

If you were tricked by the email and responded,  reset your network password immediately at go/password and then call the Helpdesk at x2200 for further assistance with your account and any possible concerns with your computer.

Here’s a sample of the phishing email message:


Dear middlebury.edu User.

Urgent Update Announcements.

Your middlebury.edu Account has been Sign in with a strange IP Address: And this indicate your mail account is been used for FRAUDULENT ACT, For these reasons, Our records indicate you are no longer our current/active user. Therefore, your account has been scheduled for deletion on this Month of APRIL, 2016. As part of this process, your account, files, email address messages etc, will be deleted from our Data Base.

To Retail Your Account.

You are required to reply with your valid ONLINE ACCESS for reactivation, to ensure Your account remains active and subscribed, Otherwise this account will be De-activated within the next 72 hours hence from now.

Name In Full:

User Name:

Pass Word:

@middlebury.edu

Thank You.



 

Extended Team Membership

Academic Technology – Joe Antonioli
Center for Teaching and Learning – Bill Koulopoulos
Central Systems and Networked Services – David Guertin
Digital Learning – Sean Morris
Digital Liberal Arts – Alicia Peaker
HelpDesk – Joe Durante
InfoSec – Paul Dicovitsky
Librarians – Stacy Reardon
Media Services – Mack Pauly
MIIS Digital Learning Commons – Bob Cole, Amy Slay
SR Hardware – Jamie Carroll
SR Software – Zach Schuetz
Web Applications – Adam Franco

Extended Team responsibilities:

  • Contribute expertise.
  • Round-the-table updates.
  • Share back with their group.
  • Attendance by invitation.

Come Secure your Mobile Device

Learn about Mobile Security

Plan ahead for an afternoon RoadShow with Information Security March 30th @ 2:00 in Lib145.

This is an opportunity for you to ask questions and converse on topics such as:

  • How do I add a pin to my mobile device
  • Is my device encrypted
  • How do I track my device if lost
  • How do I remote wipe my device
  • How do I ensure my data is backed up

Image 001

Get help securing your mobile device.

Join Information Security in Lib145 @ 2:00PM on March 30th.

Follow Information Security on Twitter @MiddInfoSec.

Beware of Fake Order/Fake Invoice Emails with Malicious Attachments

Attackers commonly use the macro functionality found in Microsoft Word and Excel to attack their victims. They attach malicious documents to an email. When opened, the files can lead to a virus infection on your computer.  If you ever get a message with any of these attachments, particularly if you were not expecting it, do NOT open the attachment.

We have received reports for faked order confirmation and fake invoice emails this week that have been well crafted. The faked emails included malicious Microsoft Word documents bearing malware. A couple of examples are included below.

ALWAYS verify unexpected emails with the sender, particularly if they include attachments.

NEVER open attachments that you are not expecting without first verifying they are legitimate with the sender.

If you do open an attachment or file that you suspect is malicious unplug your network cable and contact the helpdesk at x2200 immediately.

fake-invoice-email fake-order-summary-email

@MiddInfoSec: Securing Mobile Devices

Information Security has a new Twitter feed and other new content on their website. Follow us at @MiddInfosec on Twitter or visit our website at http://go.middlebury.edu/infosec

Mobile devices have become one of the primary ways that we communicate and interact with each other. Powerful computers now fit in our pockets and on our wrists, allowing us to bank, shop, view our medical history, work remotely, and communicate from virtually anywhere. With all this convenience comes added risk, so here are some tips to help secure your devices and protect your personal information.

  • Password-protect your devices. Protect the data on your mobile device and enable encryption by enabling passwords, PINs, fingerprint scans, or other forms of authentication. On most current mobile operating systems you have the option to encrypt your data when you have a password turned on. Turn it on!
  • Secure those devices and backup data. Make sure that you can remotely lock and/or wipe each mobile device. That also means you should back up your data on each device in case you need to use the remote wipe function. Services such as iCloud, OneDrive, and Google offer device location, wipe and backup services.
  • Verify app permissions. Don’t forget to review which privacy-related permissions each application is requesting, before installing it. Be cautious of fake applications masquerading as legitimate programs by verifying that the application is from a reputable source, such as the Apple Apps Store, Microsoft’s Store, or Google’s Play Store. Occasionally,  applications in the official stores can include malware. Read reviews and descriptions carefully. Only install applications that you need. Remove applications that you are no longer using.
  • Update operating systems. Security fixes or patches for mobile devices’ operating systems are often included in these updates. Just like patching a computer, iOS, Android, and Windows Mobile all need to be patched and kept current.
  • Be cautious of public Wi-Fi hotspots. When using your mobile device, watch for connections to public hotspots. Many mobile devices will automatically connect to hotspots and prioritize data transmission over Wi-Fi by default. Verify that your settings require manually selecting hotspots if possible. Working with sensitive data while connected to a public hotspot could lead to unintended data exposure. Always ensure that you are using a secure connection.
  • Always apply safe computing practices. Whether traveling with a mobile device, a laptop, or sitting in a hotel business center, you always want to use safe computing practices to protect your data. See this link for more tips: http://www.middlebury.edu/offices/technology/infosec/education/training/SafeComputing.

 

Multimedia Jobs at Middlebury College – Get paid to learn digital media!

Wilson Media Lab in the Davis Family Library. Renovated in the summer of 2015.

Wilson Media Lab in the Davis Family Library. Renovated in the summer of 2015.

Are you looking for a way to add some multimedia skills to your resume? And most importantly, do you want to see and learn about how you can combine academic work and new media?

The Digital Media Tutor program is looking for students who want to learn more about these areas. Extreme technical expertise is not required, but a willingness to learn, a professional work ethic, great interpersonal and communication skills and an interest in working with others are all necessary to be successful in this position.

The program has current openings for:

Multimedia Lab Tutor Trainees

This is an introductory position where we teach you the nuts and bolts of digital media development. Learn how to create high quality images, starting with the scanning of slides and photographs, and moving into editing for print and web delivery.  Learn how to capture, edit and render video for DVD and web.

Previous experience is not required.  The tutor trainee position will begin with limited training hours during the spring semester, culminating in a transition to the tutor position (level B) prior to the start of summer. Students interested in applying for this opportunity must be willing to commit to 40 – 50 hours of training during the spring semester and 40 hours per week of work during the majority of the summer break. Priority will be given to applicants who can work for the full summer.

Apply online here: https://go.middlebury.edu/dmttrainee

Please feel free to let me know if you have any questions.

Heather Stafford, hstafford@middlebury.edu

Multimedia/Curricular Technologist 

@MiddInfoSec: A New Phishing Attack is Targeting Email ID’s

A new phishing attack is hitting the campus with a subject line of, “Your email id”. Delete this message if you see it. Do NOT click any links in this message. If you believe you have fallen for this fishing attack:

This malicious email would have looked similar to the message below.

————————————

Subject: Your email id

Your?mail Id has used 91% of its allowable storage space.?Once your account exceeds the allowable storage space you will be unable to receive any email.?Click?Resolve?to login to your account and resolve this issue.

?

Support

—————————–

For additional information on phishing please visit http://go.middlebury.edu/phish .

 

@MiddInfoSec: Beware of Presidential Election Related Phishing Emails

Every election year we find our senses pounded with propaganda from pundits and candidates trying to sway us to one political camp or another. Computer attackers are leveraging our curiosity, and perhaps desensitization to political messages to launch attacks with purportedly political themes.

Recent phishing attacks that have been reported by security firms such as KnowBe4 include:

  • Trump Withdraws from Presidential Race
  • Sanders Withdraws from Presidential Race
  • Update your voter registration
  • Hillary Clinton Indicted by FBI on Email Scandal

Watch for these and other email phishing attacks. Know how to spot a phish. Learn more at http://go.middlebury.edu/phish.