Members of the Colgate Community,

You may have seen recent news reports about security flaws recently discovered in the microprocessors of computers, tablets and other digital devices. Typically when we hear about security flaws they’re software based. A simple update often fixes everything. This security flaw is unique in that it’s “hard wired” into devices, so the “fix” is more complex. Software updates will go a long way, but the real repair will come over months and years as manufacturers like Intel, Apple, Dell and HP replace their hardware.

With all the media coverage, we wanted to make sure you were aware of how we’re handling the issue at Colgate. We’re writing to provide this information along with some suggestions that may be helpful as you seek to secure your personally owned devices.

On University-Owned Computers

These vulnerabilities can affect personal computers, mobile devices, and cloud services. Colgate ITS is applying software updates to university-owned devices as the updates become available. In virtually every case the updates will be applied automatically.

If you have a university-owned computer that’s been at rest for a while, we would ask that you turn it on and allow a day or two for the university’s update servers to send software updates.

Does This Impact Servers Here? What About in the Cloud?

It does. In fact just about every modern device is hard wired with this newly discovered vulnerability. Our service providers, such as Google, have already begun to apply their security updates to mitigate these risks and ensure our data remains secure.

ITS is in the process of updating our on-campus servers to guard against these hardware-based vulnerabilities as updates become available. However hardware and software manufacturers are still developing security updates, which can take some time. Occasionally applying a software update will require a brief service outage. We’ll keep you posted on any scheduled outages and coordinate with users in advance to minimize inconvenience.

What About My Home Computer?

The best thing you can do is make sure you’re keeping up to date on security updates issued by the maker of your devices (HP, Dell, Lenovo, Apple, etc.) and your operating system (for most, by using Windows update or Apple Software Update).

In addition, all of the usual security suggestions apply. Avoid using the same password on multiple services, and stick to secure websites (look for https:// and the lock symbol at the top of your web browser)

For More Information – The Flaw in Layperson’s Terms

The vulnerabilities have been referred to by the security community as “Meltdown” and “Spectre.” What we write here refers specifically to these vulnerabilities, but also applies broadly to any security flaw that is “hardware-based” or hard-wired into a device.

Computers can do many tasks simultaneously. Normally a computer does a good job of keeping the data being used by one program, for example a document in a word processor, isolated from the data in another program, for example a table in a spreadsheet. These sorts of vulnerabilities enable programs to breach that barrier. Normally that’s not an issue; most software doesn’t try to breach the barrier. However, if your computer or device is using software that, unbeknownst to you, tries to break the barrier, it’s possible that the software could capture sensitive information.

As we discover new and pertinent information we will post it on the ITS blog. Should you have any questions regarding these updates, please don’t hesitate to contact the ITS Service Desk at 315-228-7111 or itshelp@colgate.edu.

Regards,
Ahmad

SHARE

Yesterday our classmates and colleagues were among hundreds of thousands of Google mail users worldwide targeted by a Phishing attempt. Phishing is an attempt to convince a user to click a link or open a file that, in turn, gives another party permission to access their account.

Google and many institutional IT departments (including Colgate’s ITS) worked quickly to block this fraudulent e-mail message, but not quickly enough to prevent the early spread. At Colgate alone more than 400 people (including more than 300 students) were impacted by this problem. We were able to run a report to identify those community members affected and took steps administratively to remove any unauthorized access. ITS Support Team members are currently reaching out to every affected individual by phone or e-mail to offer assistance with changing your password, which serves as an additional precaution.

If you received the email, which purported to share a Google Doc with you, and clicked the links, it’s important that you reach out to the ITS Service Desk team (315.228.7111 or itshelp@colgate.edu) so that we can work with you to ensure your account is secure. Keep in mind that this may have also impacted your personal Gmail account as well. More information, including Google’s response and how to access Google’s Security Checkup can also be found in the ITS Blog at blogs.colgate.edu/its.

Year End Reminder

At this time of year we normally write to you to remind you to backup your most important work. As we prepare to finish our semester’s work, and finalize assignments and projects, be sure to follow one simple rule: It doesn’t exist unless it exists in three places. For your most important work, be sure to keep a backup copy either in the cloud and/or on external media like a thumb drive. For the most important work you might also occasionally print a copy at each major revision.

Thanks very much for your attention and collaboration as we work through this issue. If you have any questions or concerns, be sure to reach out to our Service Desk team any time.

SHARE

ITS will be performing network maintenance Thursday, November 3^rd between the hours of 4 a.m. and 6 a.m.  This work is part of a continuing effort to increase the speed and reliability of the campus network. Work will begin at 4 a.m. and involve restarting critical network equipment. We expect this maintenance will take 10 to 20 minutes during which you may experience intermittent network access. No prolonged service outages are expected.

If you encounter any difficulties with network or phone connectivity please contact the ITS Service Desk at extension 7111, email us at itshelp@colgate.edu or stop by the ITS Service Desk. The ITS Service Desk is located on the third floor of the Case – Geyer Library (adjacent to J.B. Colgate). Professional staff are available for in person support Monday through Friday from 8 a.m. to 6 p.m.

SHARE

ITS will be working to solve a network problem early Monday morning. The work, planned for 5:00 AM on Monday, October 3, will cause a brief disruption – approximately 5 minutes – to Internet access and telephone service in the following buildings:

Ho Science Center

Reid Athletic Center

Case-Geyer Library

Conant House

Chapel House

100 Hamilton St.

Base Camp

Technicians will be working in each building to complete the work, which requires a physical equipment change.

We apologize for the late notice and any inconvenience. The issue was discovered this weekend and it’s best that it be addressed before work resumes Monday morning. If you notice any issues with telephone or Internet service, or if you have any questions about this work, as always, please contact the ITS Service Desk on x7111 or email us at itshelp@colgate.edu.

Best regards,

Mark Hine
ITS Project and Communications Manager

SHARE

In an effort to generate dialogue and enhance open communication, the CIO Roundtable events are held monthly as an opportunity for members of the Colgate community to engage in conversation with Colgate’s interim CIOs on a range of information technology topics. The roundtables are intended to be informal events to consider issues, ask questions and share information about the role of information technology services at Colgate. Each of these roundtable events will take place at Merrill House, and lunch will be provided to those in attendance. Please RSVP to Denise Bolognone (dbolognone@colgate.edu) if you are interested in joining us for any of these conversations.

Classroom Technology and Learning Spaces (February 24, 12:15-1:15pm @ Merrill House)

This roundtable session will provide an opportunity to explore the current and future state of classroom technologies and learning spaces at Colgate. What classroom technologies are most valuable to support teaching? Are there promising areas for experimentation? What opportunities are there to integrate learning design principles within classrooms at Colgate? Please join us to consider these and other questions, share ideas and generate some dialogue.

CyberSecurity (TBD)

Network security, information privacy and protecting an institution’s digital assets remains a vitally important set of issues for all organizations. The higher education context presents a unique set of challenges as we seek to provide flexible access to resources for collaboration and inquiry that support the teaching and learning mission, while at the same time providing security to support business operations. Please join us for this conversation to explore questions, and consider the importance of engaging in secure computing practices.

Research Computing (TBD)

Centralized support for research computing at Colgate is evolving, and there is recognition of the need for enhancing services for faculty members. This roundtable will provide the opportunity to identify key issues, consider essential questions, and explore possibilities for building capacity. What resources are currently available? What are important / emerging needs on the horizon? Please join us for this roundtable to share ideas about research computing at Colgate.

SHARE