Home - Office and Services - Information Technology - Information Technology News
Information Technology News

Latest Posts

ITS INFO: Heartbleed Announcement, April 10, 2014

By Peter Setlak on April 10, 2014

On the evening of April 7, 2014, the world became aware of a major flaw in how secure transactions are handled on the Internet. The flaw, known as the OpenSSL Heartbleed bug (CVE-2014-0160) enables the decryption of secure traffic by unauthorized third parties.

Colgate’s Response

While the bug affected over half the servers on the Internet, most companies, including Colgate, acted quickly and patched their systems. ITS began patching systems promptly on the morning of April 8; all systems were patched by 10:00 PM EST. ITS has no indication that our systems were compromised.

In staying true to our word that we will never contact you via phone or email to change your passwords, ITS chose not to send a mass-email alert with a link to our password page. 

What should I do?

The vast majority of secure traffic and transactions on the Web are encrypted using the SSL protocol. Everyone who uses the Internet or mobile apps for banking, shopping, communicating, sharing, or storing information may be at risk of having their information, including passwords, revealed to a third party.

That said, this bug has potentially serious consequences and ITS advises all users to change their passwords for personal services they use on the Internet.

If you have questions please contact the helpline at (315) 228-7111 or send an email to itshelp@colgate.edu

For more information about Heartbleed, see our initial blog alert at:


ITS ALERT: Password Security at Risk, April 8, 2014

By Peter Setlak on April 9, 2014

ACTION REQUIRED:  PASSWORD SECURITY AT RISK

OVERVIEW:

A major flaw in how web servers handle encrypted data including passwords was discovered. Known as the “Heartbleed” bug, the vulnerability could expose your password to an attacker. ITS worked diligently throughout the day to patch web services across campus.

WHO DOES THIS AFFECT?

Anyone who logged in to any Colgate web services prior to 10:00 PM on April 8, 2014 and anyone who uses web services and mobile apps for banking, email, social media, etc.

WHAT YOU SHOULD DO:  

1. Go to https://accounts.colgate.edu and change your Colgate passwords.
2. Work with your personal web services such as your bank, email and social networks to change your passwords.

To learn more about how to create strong passwords, please visit http://colgate.edu/itsecurity/passwords

If you have questions or need assistance please open a ticket with the help desk or call x7111.

To learn more about “Heartbleed” and how to protect yourself, click here.


ITS ALERT: Phishing Email, March 31, 2014

By Peter Setlak on March 31, 2014

ACTION REQUIRED:  PHISHING EMAIL / SECURITY ALERT

OVERVIEW:

A phishing email trying to trick users into giving up their username and password has been reported. The email states, “If you are receiving this message it means that your email address has been queued for deactivation”

WHO DOES THIS AFFECT?

Everyone on campus is urged to take caution when using email and to be aware that Colgate ITS will never ask for your username and password. Also, ITS will never ask you to update or confirm your email account via email due to congestion, deactivation or lack of use.

WHAT YOU SHOULD DO:  

1. Delete the email.
2. Never give out your username and password.
3. Never click on links in emails that are unsolicited.

If you have questions or need assistance please open a ticket with the help desk or call x7111.

To learn more about phishing and how to spot it, please visit http://colgate.edu/itsecurity/phishing

Thank you for your patience and cooperation.

To see a copy of this particular phishing email, continue reading. Read more


Tax Phishing Fraud Season

By Peter Setlak on March 31, 2014

It is that time of year when someone you’ve never met tries to get you to give up your money and I’m not talking about Uncle Sam. Each year starting in late March and early April and going through May, hackers send out phishing emails that look as though they are from tax service providers or the IRS. These phishing attacks are particularly successful (to the hacker) since the targets (we) are already flustered and confused about the filing process. The hackers prey on this fact and count on our fear of making a mistake, not filing on time, or guaranteeing our refund. During seasons like this, it is important to slow down and double-check any and every communication from tax service providers, the IRS and financial institutions. Scrutinize any email, phone call or text message you receive in relation to these institutions. It never hurts, even if you’re “pretty sure it’s legit” to contact the institution directly to verify the message. In general, follow these suggestions and you improve your chances of being safe:

1. If it came to you unsolicited and you’ve never done business with them, it’s probably a phish.
2. Handle interactions with the IRS by going to them directly: http://www.irs.gov - the same goes for your tax service or financial institution.
3. Never give out your password, Social Security Number, credit card information or other personal information in response to an email, phone call or text message.

For more information on how to spot and avoid phishing, check out our phishing page at: http://www.colgate.edu/itsecurity/phishing


ITS ALERT: Security Exploit Reported in Rich Text Format (.rtf) Documents, March 25, 2014

By Peter Setlak on March 25, 2014

ISSUE: Security Exploit Reported in Rich Text Format (.rtf) Documents

OVERVIEW:

A new exploit in how Microsoft Word and Outlook handles Rich Text Format (.rtf) documents has been reported by Microsoft.  The exploit enables a hacker to remotely run programs on a computer. As a precaution, ITS will temporarily block .rtf email attachments until a patch for this exploit has been put in place.

WHO DOES THIS AFFECT?

Anyone using Microsoft Word and Outlook (including Macs) and anyone expecting an .rtf document as an email attachment.

WHAT YOU SHOULD DO:  

1. If you use Outlook to read your email, you should make sure you are using the latest version. Staff should notify ITS to schedule an upgrade.
2. If you currently use Rich Text Format (.rtf) documents, open them in something other than Microsoft Word.
3. If you are expecting an .rtf attachment, notify the sender to have them zip the file or change its format.
4. Always be careful when using email – never open attachments or click links in unsolicited email.

For more information about this issue and additional things you can do to protect yourself from this exploit, please continue reading: Read more


Prof. Monica Facchini uses Prezi in her Italian class

By zlatko grozl on March 16, 2014

Recently i had a pleasure of interviewing Prof. Monica Facchini on her use of Prezi in her Intermediary Italian class.  Her students created a visual aid in Prezi, which enabled them to tell a story about the topics of their choice.  Prezi helped students collaboratively design an open ended story with multiple paths which could be taken during the narrative.  The students were able to embed text, images and videos to create a compelling and entertaining presentation for the class.   Click here to see the interview, or click “more” to watch the video below the fold. Read more


ITS ALERT: Phishing Email, March 14, 2014

By Peter Setlak on March 14, 2014

ACTION REQUIRED:  PHISHING EMAIL / SECURITY ALERT

 

OVERVIEW:

A phishing email made to look as though it is coming from “COLGATE.EDU <WEBMAILHELP@post.com>” with the subject, “COLGATE.EDU” has been sent to users in the Colgate domain. The email asks users to reply to it with their credentials.

WHO DOES THIS AFFECT?

Everyone on campus is urged to take caution when using email and to be aware that Colgate ITS will never ask for your username and password. Also, ITS will never ask you to update or confirm your email account via email due to congestion or lack of use. Finally, never use email to send passwords.

WHAT YOU SHOULD DO:  

1. Delete the email.
2. Never give out your username and password.
3. Never click on links in emails that are unsolicited.

 

If you have questions or need assistance please open a ticket with the help desk or call x7111.

To learn more about phishing and how to spot it, please visit http://colgate.edu/itsecurity/phishing

Thank you for your patience and cooperation.

A copy of the email can be seen below:

Read more


ITS ALERT: Phishing Email, March 2, 2014

By Peter Setlak on March 2, 2014

ACTION REQUIRED:  PHISHING EMAIL / SECURITY ALERT

OVERVIEW:

A phishing email made to look as though it is coming from “COLGATE.EDU <WEBMAILHELP@post.com>” with the subject, “COLGATE.EDU” has been sent to users in the Colgate domain. The email asks users to reply to it with their credentials.

WHO DOES THIS AFFECT?

Everyone on campus is urged to take caution when using email and to be aware that Colgate ITS will never ask for your username and password. Also, ITS will never ask you to update or confirm your email account via email due to congestion or lack of use. Finally, never use email to send passwords.

WHAT YOU SHOULD DO:  

1. Delete the email.
2. Never give out your username and password.
3. Never click on links in emails that are unsolicited.

If you have questions or need assistance please open a ticket with the help desk or call x7111.

To learn more about phishing and how to spot it, please visit http://colgate.edu/itsecurity/phishing

Thank you for your patience and cooperation.

A copy of the email can be seen below:

Read more


Be Careful with Sensitive Data

By Peter Setlak on February 28, 2014

The news is filled lately with reports of hackers breaking in to companies and either defacing their website or worse yet, stealing the passwords and credit cards or social security numbers of their customers. In fact, in the first month of this new year we were informed that nearly 110 million consumers had their information stolen from Target. Just last week, the University of Maryland lost 300,000 records to a hacker.

Hackers make news. Hacker stories sell papers (well, get re-tweeted). What we don’t hear about are the accidental data leaks that are potentially just as damaging as a hacked database. For example, Indiana University accidentally posted 146,000 records to a publicly accessible server. Many more can be seen here ranging from lost USB thumb drives to stolen laptops.

The fact is that accidents happen and regardless of the number of protections any IT department may put in place, the last bastion of security is always in the hands of the employee handling sensitive data. Here are some tips to keep in mind when dealing with sensitive data – tips that will go a long way to preventing accidental or inadvertent data loss.

1. If you do not absolutely need access to sensitive data, do not access it. Ask if there are ways to avoid seeing it at all while still having the information and access you need to do your job or research. If you can’t access it, you can’t lose it.

2. Never save sensitive data outside of the application you use to access it. For instance, cutting and pasting Social Security Numbers into a spreadsheet. If you don’t have the data, you can’t lose the data.

3. Scanned documents of sensitive data (such as passports) should not be stored outside of a protected, centralized and secure content management system. If the data is not on your local computer or laptop, it is not there to be lost or stolen.

4. When possible, avoid saving any sensitive data to plain text files, spreadsheets, or Word documents (or similar). If the files get placed in the wrong folder or posted to an open server, they will be clear of sensitive data.

5. Avoid using USB thumb drives or CDs to store files with sensitive information. If the removable media is lost or stolen, it will be clear of sensitive data.

6. Do not use personal file sharing services such as Dropbox or Box.net to store or share files with sensitive information. If sharing is accidentally turned on or the file-sharing service is hacked, your account will be clear of sensitive data.

For more information or tips on how to stay secure, check out the ITS Security page at http://colgate.edu/itsecurity


ITS ALERT: Phishing Email, February 19, 2014

By Peter Setlak on February 19, 2014

ACTION REQUIRED:  PHISHING EMAIL / SECURITY ALERT

OVERVIEW:

A phishing email made to look as though it is coming from “Colgate University” with the subject, “Account update!!” has been sent to users in the Colgate domain. The email is being sent with a spoofed name and has the Colgate Banner in the message.

WHO DOES THIS AFFECT?

Everyone on campus is urged to take caution when using email and to be aware that Colgate ITS will NEVER ask for your username and password. Also, ITS will never ask you to update or confirm your email account via email due to a quota or storage limit.

WHAT YOU SHOULD DO:  

1. Delete the email.
2. NEVER give out your username and password.
3. NEVER click on links in emails that look suspicious.

If you have questions or need assistance please open a ticket with the help desk or call x7111.

Thank you for your patience and cooperation.

A copy of the email can be seen below: Read more

css.php