Category Archives: Middlebury Community Interest

@MiddInfoSec: Don’t Get Hooked

You may not realize it, but you are a phishing target at school, at work, and at home. Phishing attacks are a type of computer attack that use malicious emails to trick targets into giving up sensitive information. Ultimately, you are the most effective way to detect and stop phishing scams. When viewing email messages, texts, or social media posts, use the following techniques to prevent your passwords, personal data, or private information from being stolen by a phishing attack.

  • Verify the source. Check the sender’s email address to make sure it’s legitimate. Remember that the name of the sender is not the important part. The sender’s email address is what you are really looking for. If in doubt, forward your message to
  • Read the entire message carefully. Phishing messages may include a formal salutation, overly-friendly tone, grammatical errors, urgent requests, or gimmicks that do not match the normal tone of the sender.
  • Avoid clicking on erroneous links. Even if you know the sender, be cautious of links and attachments in messages. Don’t click on links that could direct you to a bad website. Hovering your mouse over a link should disclose the actual web address that the link is directing you too, which may be different from what is displayed in the message. Make sure this masked address is a site you want to visit.
  • Verify the intent of all attachments with the sender before opening them. Even when you know a sender, you should never open an attachment unless have checked with the sender to verify the attachment was sent intentionally. Word and Excel documents can contain malicious macros which could harm your computer. Other files, such as zip files and PDF files, could download malware onto your system. Always verify the intent of attachments with the sender before you open them from an email.
  • Verifying a message is always better than responding to a phish. If you ever receive a message that provides reason to pause, it is always better to forward the message to or to send a separate email to the sender to verify its intent, before clicking a link or opening an attachment that could potentially impact the security of your computer..
  • Change your passwords if you have fallen for a phish. If you think you have fallen for a phishing attack, change your password at go/password and then contact the helpdesk at x2200. It is also a good practice to change your personal passwords outside of the College.


Watch for phishing scams. Common phishing scams are published at sites such as , , These resources will also allow you to report phishing attacks if you should fall victim outside of the College. Again, if you think you have fallen victim to a phishing attack, always start by changing your passwords.

Notes for Kick-Off on April 5, 2016


We will be starting the new ACTT process with a Kick-Off meeting. This is an open, non-mandatory meeting for anyone who is interested in learning about the Academic Cyberinfrastructure Transformation Team to attend. We will introduce the new team members, structure, and thoughts on how the Team activities will be evaluated.

This is an open meeting, please share with anyone who is interested in learning about the ACTT


  • Mission: “Our mission is to evaluate and recommend technology services and innovations for teach, learning and research.”
  • Joe is teaching a course on “Design Thinking” this semester. Design Thinking includes an “Empathy Phase”


  • Q (Melissa/CNS). How will information and requests trickle up?
    • “I have many day-to-day projects where I would love to have a license that exists on the Midd campus, but not the MIIS campus, or I would like to build a server with 1TB of storage to host a web site”
    • “My research center, CNS, is becoming such a large consumer of storage and bandwidth”
    • “On a request from Laurie Patton, I am researching a cloud services that could host our information”.
    • Answer – Joe – Anyone who wants to make a request for technology or technology services for academic use may approach the team. Happy to be an entry point for requests that may go to ITS or other groups.
    • Jim – we have to account for the resource requests during the budget request process.
  • Q (Melissa/CNS). We are a collection of researchers that become PI on large grants, we need to inform others of the implications on the projects that we are running…  So we can write it into
    • We are giving money to non-Middlebury developers to do things that could be done inside Middlebury
    • Jim: not necessarily opposed to using outside resources…
  • Q (Jim): May be Amy McGill can weigh in on the MIIS budget process and how funding decisions are made.
    • Amy McGill
      • MIIS Research Centers are funded with base productivity requirements
      • Campus community infrastructure is for day-to-day use
      • Research Centers seek their own funding for larger projects that need additional resources, they do typically provide for initial as well as on-going maintenance costs.
  • Q. ACTT contribution to the Strategic Planning Process?
    • t.b.d.
  • Q (Melissa/CNS).  Is it too early to start making suggestions for agenda items?
  • Q (Melissa/CNS).  I would love to explore the ability to share licenses across campuses.  We pay out of grant licenses for Tableau, for image processing software…  I drool over some of the licenses that the Geology department has.  This is not a simple request, but I would love to tackle it as a subject.
    • A (Zach/ITS-SR): Let’s talk; more productive if we can get an idea of the specific titles you’re interested in, so we can check what licensing models are available.
  • Q (Melissa/CNS).  I would love to talk about our data storage and access to bandwidth.  Because we use satellite images, large data sets, we are becoming something of a hog on the MIIS systems.   I would like to open a discussion on how we can meet CNS’s research technology needs including storage, bandwidth, and some security issues.
    • Joe: Has anyone done a “needs assessment for the department”?
      • We don’t have a department, we are a research center within a larger campus.
      • I have done a casual needs assessment. 13 TB of storage, external drives, google drives, drop boxes… Need access across three offices.
      • Jim:  ITS can help with a needs assessment and identify appropriate technology solutions, perhaps on campus or in the cloud, ideally consistent with other larger IT initiatives for Middlebury and work with CSN to identify, implement solutions.  We did this for the Middlebury DC office a couple of years ago that included the CSN operation there for example.
  • Q (Bob/MIIS).  Working toward equitable cyber infrastructure across VT and Monterey campuses seems like a an appropriate activity for the Team.


Joe to build form for collecting evaluation requests.

Notes for Core Team March 29, 2016

[RE] Introductions

We all knew each other from the CTT, so this was a chance to reaffirm a commitment to looking at technologies and the services around them that make them successful. The re-boot to the ACTT structure provides definition and focus, while sticking to the mission to evaluate and recommend technology services and innovations for teaching, learning and research.

Review Charge and Process

We reviewed the slides at go/delta, paying attention to the responsibilities of the various Team members. The Extended Team is made up of experts, Program Teams, and Project Teams.

Program Teams

The Middlebury Institute of International Studies is in the process of forming a Team, similar to the CTT, that will focus on cyberinfrastructure conversations pertaining to Monterey. They will have their own sponsorship (Amy McGill) and leadership (Bob Cole), set their own agenda topics, and determine how they will communicate together. Bob and Amy will share information between the MIIS Team and the ACTT.

Other Program Teams may develop in the future. MIIS has a head start, the DLC is a good hub for these conversations.

Project Teams

Small Project Teams carry out the charge of the evaluation. Their activities may include gathering requirements, identifying solutions, contacting vendors, and starting drafts of recommendations. These Teams will share information with the Extended Team, this allows the Project Teams to be nimble while still gaining a variety of perspectives. The ACTT Core Team is responsible for the final proposals.

Academic Cyberinfrastructure

We agreed on the importance of looking at the practices and people associated with technologies. Joe presented a short definition of cyberinfrastructure, others provided their own understanding. The Core Team is currently working on a shared definition that will help describe what we do. Joe will start share his definition, others will contribute.


Make Decisions About Communication

We decided an email group and slack channel, Joe will make these happen.

We have started building a schedule of meetings.

Plan Open Kick-Off for April 5th

Joe will present the slides avalable at Everyone will provide their own input. MIIS will have a number of people who are interested in their Program Team attend.

Set Agendas for Future Meetings

Future topics include video streaming, RStudio, and the Academic Cyberinfrastructure Inventory. There is also an interest in learning about GoogleAppsforEdu and One Drive, especially knowing what will be available for the fall. Joe will confirm presenters, then we will share the topics and dates as far out in advance as we can.

ACTT Kick-off Meeting: April 5th, 2016

Tuesday, April 5th from 3-4pm
LIB 105A or Polycom 712833


We will be starting the new ACTT process with a Kick-Off meeting. This is an open, non-mandatory meeting for anyone who is interested in learning about the Academic Cyberinfrastructure Transformation Team to attend. We will introduce the new team members, structure, and thoughts on how the Team activities will be evaluated.

This is an open meeting, please share with anyone who is interested in learning about the ACTT.

@MiddInfoSec: Phishing Alert – – “Update Announcements”

A phishing email message was sent to mailboxes today with a subject line of “Update Announcements”.  DO NOT RESPOND ON THIS MESSAGE!

The phishing email message is an attack designed to trick people into disclosing their username and password.  Do NOT follow the instructions in the message, as it could lead to your Middlebury account being compromised.

If you were tricked by the email and responded,  reset your network password immediately at go/password and then call the Helpdesk at x2200 for further assistance with your account and any possible concerns with your computer.

Here’s a sample of the phishing email message:

Dear User.

Urgent Update Announcements.

Your Account has been Sign in with a strange IP Address: And this indicate your mail account is been used for FRAUDULENT ACT, For these reasons, Our records indicate you are no longer our current/active user. Therefore, your account has been scheduled for deletion on this Month of APRIL, 2016. As part of this process, your account, files, email address messages etc, will be deleted from our Data Base.

To Retail Your Account.

You are required to reply with your valid ONLINE ACCESS for reactivation, to ensure Your account remains active and subscribed, Otherwise this account will be De-activated within the next 72 hours hence from now.

Name In Full:

User Name:

Pass Word:

Thank You.


Extended Team Membership

Academic Technology – Joe Antonioli
Center for Teaching and Learning – Bill Koulopoulos
Central Systems and Networked Services – David Guertin
Digital Learning – Sean Morris
Digital Liberal Arts – Alicia Peaker
HelpDesk – Joe Durante
InfoSec – Paul Dicovitsky
Librarians – Stacy Reardon
Media Services – Mack Pauly
MIIS Digital Learning Commons – Bob Cole, Amy Slay
SR Hardware – Jamie Carroll
SR Software – Zach Schuetz
Web Applications – Adam Franco

Extended Team responsibilities:

  • Contribute expertise.
  • Round-the-table updates.
  • Share back with their group.
  • Attendance by invitation.

Beware of Fake Order/Fake Invoice Emails with Malicious Attachments

Attackers commonly use the macro functionality found in Microsoft Word and Excel to attack their victims. They attach malicious documents to an email. When opened, the files can lead to a virus infection on your computer.  If you ever get a message with any of these attachments, particularly if you were not expecting it, do NOT open the attachment.

We have received reports for faked order confirmation and fake invoice emails this week that have been well crafted. The faked emails included malicious Microsoft Word documents bearing malware. A couple of examples are included below.

ALWAYS verify unexpected emails with the sender, particularly if they include attachments.

NEVER open attachments that you are not expecting without first verifying they are legitimate with the sender.

If you do open an attachment or file that you suspect is malicious unplug your network cable and contact the helpdesk at x2200 immediately.

fake-invoice-email fake-order-summary-email

@MiddInfoSec: Securing Mobile Devices

Information Security has a new Twitter feed and other new content on their website. Follow us at @MiddInfosec on Twitter or visit our website at

Mobile devices have become one of the primary ways that we communicate and interact with each other. Powerful computers now fit in our pockets and on our wrists, allowing us to bank, shop, view our medical history, work remotely, and communicate from virtually anywhere. With all this convenience comes added risk, so here are some tips to help secure your devices and protect your personal information.

  • Password-protect your devices. Protect the data on your mobile device and enable encryption by enabling passwords, PINs, fingerprint scans, or other forms of authentication. On most current mobile operating systems you have the option to encrypt your data when you have a password turned on. Turn it on!
  • Secure those devices and backup data. Make sure that you can remotely lock and/or wipe each mobile device. That also means you should back up your data on each device in case you need to use the remote wipe function. Services such as iCloud, OneDrive, and Google offer device location, wipe and backup services.
  • Verify app permissions. Don’t forget to review which privacy-related permissions each application is requesting, before installing it. Be cautious of fake applications masquerading as legitimate programs by verifying that the application is from a reputable source, such as the Apple Apps Store, Microsoft’s Store, or Google’s Play Store. Occasionally,  applications in the official stores can include malware. Read reviews and descriptions carefully. Only install applications that you need. Remove applications that you are no longer using.
  • Update operating systems. Security fixes or patches for mobile devices’ operating systems are often included in these updates. Just like patching a computer, iOS, Android, and Windows Mobile all need to be patched and kept current.
  • Be cautious of public Wi-Fi hotspots. When using your mobile device, watch for connections to public hotspots. Many mobile devices will automatically connect to hotspots and prioritize data transmission over Wi-Fi by default. Verify that your settings require manually selecting hotspots if possible. Working with sensitive data while connected to a public hotspot could lead to unintended data exposure. Always ensure that you are using a secure connection.
  • Always apply safe computing practices. Whether traveling with a mobile device, a laptop, or sitting in a hotel business center, you always want to use safe computing practices to protect your data. See this link for more tips:


@MiddInfoSec: A New Phishing Attack is Targeting Email ID’s

A new phishing attack is hitting the campus with a subject line of, “Your email id”. Delete this message if you see it. Do NOT click any links in this message. If you believe you have fallen for this fishing attack:

This malicious email would have looked similar to the message below.


Subject: Your email id

Your?mail Id has used 91% of its allowable storage space.?Once your account exceeds the allowable storage space you will be unable to receive any email.?Click?Resolve?to login to your account and resolve this issue.




For additional information on phishing please visit .


@MiddInfoSec – New Phishing Threat

Information Security has become aware of a new phishing threat with a subject line of “ITS Help-desk”. Please see below for the full content of this attack. Note this email is a hoax and should be deleted from your email. Do not reply to this message and do not click any links in this message. If you have any questions please feel free to contact the help desk at x2200 or forward the message to


Important reminders to spot a phish include:

  1. Read the entire email from start to finish to ensure that the content and language fits with the sender.
  2. Hover your mouse over links to ensure the link directs you to the destination indicated by the email.
  3. Look for miss placed language, such as copyrights or signatures, that do not match the sender.

For additional information on phishing please visit