News

Phishing Scams

Published:June 17th, 2016
Category:Collegewide

UF is aware of two phishing scams recently targeting the University.   Both messages have hit the UF IT Alerts page and are also included below.  Engineering Administration users have been seeing the ‘Completed Transfer’ email throughout the morning.

https://alerts.it.ufl.edu/3341
https://alerts.it.ufl.edu/3342

Feel free to review the “Phishing Email” information available on UF’s Information Security & Compliance webpage at https://security.ufl.edu/learn-information-security/protect-yourself/email/id-theft-scams/phishing-email/.  The information here can help you determine if something is legitimate or not; however, you can always  forward it by us for review.  Additionally, you can report this directly to UFIT by forwarding the message  to abuse@ufl.edu.

If you have questions or comments regarding this feel free to call (392-9217) or email (mis@eng.ufl.edu).

From: IT Alerts
Sent: Friday, June 17, 2016 12:43 PM
To: IT-ALERTS@lists.ufl.edu; . ALL-IT <ALL_IT@mail.ufl.edu>
Subject: Alert Posted – Phishing Scam (University of Florida- new message)

 

The following Alert has been Posted by dmarlin at Fri 6/17/2016 12:43:28 —

Phishing Scam (University of Florida- new message)

Problem Message runs from Fri 6/17/2016 13:41:00 through Fri 6/24/2016 13:41:00 Link: https://security.ufl.edu/learn-information-security/protect-yourself/email/id-theft-scams/phishing-email/

The Information Security Office is aware of new phishing messages that pretends to be from a UF Administrator about a fictitious Shands email message. The malicious email includes links to a fake login web form. Access to the phishing host has been blocked from UF networks.

Please delete/ignore this message.

Original Message:

From: Murillo Longo Martins
Sent: Friday, June 17, 2016 11:19 AM
Subject: University of Florida- new message 

You have a message from University of Florida , kindly __click here__ and login carefully to read it now. 

Thank you.
University of Florida
Administrator

From: IT Alerts
Sent: Friday, June 17, 2016 12:36 PM
To: IT-ALERTS@lists.ufl.edu; . ALL-IT <ALL_IT@mail.ufl.edu>
Subject: Alert Posted – Phishing Scam (Completed Transfer | Completed Payment)

 

The following Alert has been Posted by dmarlin at Fri 6/17/2016 12:35:38 —

Phishing Scam (Completed Transfer | Completed Payment)

Problem Message runs from Fri 6/17/2016 13:33:00 through Fri 6/24/2016 13:33:00 Link: https://security.ufl.edu/learn-information-security/protect-yourself/email/id-theft-scams/phishing-email/

The Information Security Office is aware of new phishing messages that pretend to provide confirmation of a fictitious money transfers. The malicious email includes links to a non-UF hosted fake login web forms. Access to the phishing hosts have been blocked from UF networks.

Please delete/ignore these messages.

Original Message:

Sent: Friday, June 17, 2016 11:25 AM
Subject: Completed Transfer.

Good day,

Here is a confirmation of transfer.

Thank you.

Kind regard,

Attachment - 1  __View__  |  __Download__   v

 

Tagged as: , ,

Engineering Panic Button Project

Published:June 15th, 2016
Category:Collegewide, Engineering IT Workers

There was some discussion about Engineering Administration’s project to install ‘Panic Buttons’ throughout the College at the tail end of the last ENG-IT meeting. This information has been conveyed to your Department Chairs and project managers in the College and should have been conveyed down to you. Recognizing that it hasn’t yet here’s the info:

  • The College has been investigating panic button solutions for quite a while and working with UPD, Telecommunications, and Safety to identify and install something that will be approved and supported by all units. In other words, we wanted a campus standard.
  • The panic button capabilities of existing building controllers (Lenel system) was reviewed during this time. This option is too expensive for many reasons.
  • The panic button solution decided upon is basically an IP phone that calls a predetermined number and plays a prerecorded message. It is meant to be a ‘press a button and UPD shows up’ solution and not require any other interaction.
  • This panic button solution is one that has been piloted by Telecommunications and is in active installation in Housing. Telecommunications is also working with HSC to make it an approved option in those areas as well (expected review to be completed by end of August). Per discussions with Telecommunications this is what they are promoting as a campus standard.
  • Telecommunications has stated that they will be able to monitor these devices to insure they do not fall off the network and alert if they do.
  • Telecommunications and UPD are working together to establish a standard script to be used for the prerecorded message that will clearly identify the location of the emergency.
  • Installation requires purchase of the device (~$325), programming fee (~$25 (may be waived)), and an available network drop (~$350). During this project $700 per panic button was budgeted.
  • A certain number of these panic buttons were made available to each department (I believe it was three) for installation in general use and student concentrated areas. It was thought that the Department main office and the departmental advisors office locations would be good locations but, in the end, the final locations would be coordinated with the unit. Jeff Bielling has started the process of identifying contact people and button locations.
  • Coverage of these buttons were for every Engineering occupied building. Several buildings were identified that didn’t have departmental main offices or otherwise easily identified locations for an installation. Jeff and Denis were working together and would approach occupants of those spaces to identify an appropriate location.

Tagged as: ,

Update Your Personal Information in myUFL

Published:June 1st, 2016
Category:Collegewide

UF is updating its Gatorlink Account Management system this summer to include extra layers of security.  After the upgrade you will receive notifications and confirmations of password resets / changes via text message (SMS), email or voice call.  Additionally, the self-service password reset system will be similarly changed.  This is a system most banks and credit unions use and many large cloud services have adopted and is aimed at making account hijacking through the ‘forgot my password’ system and through phishing attempts much harder.

To prepare for this change UF is asking that you update your personal info in the myUFL system to include a personal home phone and/or personal/work cellphone numbers.  You will also have the option to include personal email addresses.

A little more information about this change can be found on the UFIT News channel at https://news.it.ufl.edu/security/update-your-personal-info-in-myufl (UFIT News article expired and was removed October 2022).

Tagged as: , ,

Subnet Managers and Domain Information List Updates

Published:February 4th, 2016
Category:Engineering IT Workers

As mentioned a bit ago at one of our monthly IT meetings, Information Security & Compliance uses information from both the subnet managers list and the domain information database to generate the contacts for their NETIRTs and UFIRTs.  There is also some information to suggest that they also have an internal database to grab contacts from. Finally, old tickets, which already have assigned contacts, tend to get reopened.  This all adds to the confusion about who should be getting tickets/notices about your IT infrastructure.

Subnet Managers List is available at https://net-services.ufl.edu/cgi-bin/subnet-form.cgi
Domain Information is available at https://net-services.ufl.edu/cgi-bin/domain-info.cgi

Domain information contacts were added last year in an attempt to properly generate tickets when an IP is hosted by EIO.  Domain contacts are extremely out of date in many instances.

The domain administration database needs to have a single ‘Management Contact’ and a single ‘Technical Contact.’  These contacts have to be an individual and not a group/alias.  As guidelines for how to list people in these roles please use the following definitions:

  • Management Contact: DDD of unit who is assigned the domain.  Can also be considered the technical contact’s supervisor.
  • Technical Contact: Person in the trenches working with the IT infrastructure that is associated with the domain/subnet.

To update these contacts you would submit a ticket at https://my.it.ufl.edu using “Technology Services/Networking/IP Address Management, DNS, DHCP, and Host Monitoring” in the service catalog. Please clearly indicate the domain you are updating, the contacts name, and the contacts gatorlink username in the ticket.  If you have a question or need some immediate changes you can contact the following people that work with the IPAM and domain registration system:

  • Justin Taylor, justintaylor9@ufl.edu
  • Ralph Brigham, rbrigha@ufl.edu

Please review both UF’s subnet managers list and the domain information database for your subnets and domains to make sure current contacts are listed.

Thank you.

Tagged as: , ,

Email Policy (auto-forwarding vs business mailbox)

Published:October 29th, 2015
Category:Collegewide

Within IT shared services units we have been trying to address UF’s auto-forwarding policy by directing people to use UF Exchange mailboxes when we find UF official business and deliver-to addresses that are in violation to the policy. We regularly run into situations where people prefer to use third party email services instead of UF email addresses and mailboxes. It has been said that UF requires UF business to be conducted through a UF email address but is this documented anywhere? Can we actually point to something when asked “show me that in writing”?

It turns out we can’t because it isn’t actual UF policy.

Amy Hass in the General Counsel’s office has replied that:

We don’t have a current university regulation that requires UF email business be conducted on UF email. Like you guys, I strongly think we should have such a general policy for many many reasons, but 2 things are important to note here:

  1. It’s not currently a UF policy to do university email business on your @ufl.edu accounts, yet any UF records (emails, etc) created on non-UF systems (Google, etc), must still be kept for the required retention periods and are absolutely within the purview of public records laws; and
  2. The General Counsel’s offices does NOT make policy. The auto-forwarding is not a GC policy. It is a university policy regarding email forwarding.

In the UF Privacy Policy it states: “UF business-related e-mail may not be auto-forwarded or otherwise transferred to non-ufl.edu accounts, including but not limited to, e-mail services such as Gmail, Yahoo, Hotmail, etc.”

When the auto-forwarding policy was released there was a lot of discussion at various meetings about how it was poorly worded. There was supposed to be an update to the policy made at some point but it never materialized. I’ve once again suggested an update to this policy to address these exact issues. Unfortunately, at this time we do not have anything stronger in UF policy other than the prevention of auto-forwarding or otherwise transferring UF messages to non-ufl.edu accounts. If we can get something more strongly written into UF policy it will be much easier to address this issue internally between the faculty and UF IT workers.

I will continue to represent the idea that the current auto-forwarding policy does not go far enough in protecting UF communication and should be amended. It has been stated that this issue will be taken to the COO for further consideration.

Tagged as: , ,

Crestron AirMedia and Heartbleed

Published:October 14th, 2015
Category:Collegewide, Engineering IT Workers

For those of you running Crestron AirMedia devices that are generating Heartbleed vulnerability notices Randy Switt found a pre-release firmware that directly addresses this situation.  You can find it at:

http://support.crestron.com/app/answers/detail/a_id/5538

Tagged as: , , ,

Info regarding vulnerability notices for ‘SSL Certificate Signed Using SHA-1 Algorithm’

Published:October 5th, 2015
Category:Collegewide, Engineering IT Workers

Starting last week we saw a new vulnerability notice for ‘SSL Certificate Signed Using SHA-1 Algorithm’.  The entire college is getting hit by this one A LOT.  After doing some investigation into this it turns out that most, if not all, Windows machines with remote desktop services turned on will be generating this notice because of the SHA-1 certificates in use by Microsoft and UFAD.

From what I can tell there is nothing that we can do for this particular vulnerability notice until Microsoft releases new SHA-2 certificates and patches their products.  As such, I reached out to Information Security & Compliance for guidance. They have stated that they will try to create an exception for RDP/SHA-1 certificate discovery.

Hopefully an exception will be possible and it will lessen the noise we see from this particular notice.

The intent of this notice is to make us aware of website SSL certificates that we can upgrade to SHA-2 encryption.  If you do find something that has a SHA-1 SSL certificate generate a new CSR and send the request to certificates@eng.ufl.edu so we can generate a new certificate for you.  Please follow the directions listed at:

https://connect.ufl.edu/eng/admin/eng-net-mgrs/Wiki/SSL%20Certificate%20Requests.aspx (no longer valid)

Tagged as: ,

VoIP Handsets Being Installed for EG-ADM

Published:September 30th, 2015
Category:EG-ADM

Early this morning we were surprised to find that UFIT Network Services began deploying CISCO VoIP handsets (the new phones) to Engineering Administration (EG-ADM).  The work began with offices on the 2nd floor of Weil Hall (Safety, Facilities, Student Affairs, Processing, etc). Network Services intent was to deploy in select areas on the 3rd floor of Weil tomorrow (avoiding the Dean’s Office suite (Weil 300/310/312) and Development Office (Weil 330/339/350)) and finish the deployment to those remaining areas this Sunday.

We are requesting that Network Services push this back and deploy entirely during the Sunday maintenance window or later.  We want Network Services to avoid deployments tomorrow because of the event planned for Thursday.

Deployment of the new handsets does not mean that we are migrating at this time.  You will simply have an additional handset on your desk.  The old phone system will continue to operate as it normally has.

New handsets are deployed so that you can familiarizing yourself with the features and operation of these devices before the actual migration.  A training class will also be scheduled soon to teach you how to use them.  At a later date, after the training, a migration date will be scheduled.  After migration the VoIP handsets will take over and the old phones will be pulled from your desks.  In other words, your old extensions will be gone and be replaced by the phone numbers associated with the VoIP handsets.

You can find some additional instructional and informational guides on Telecommunications website at https://it.ufl.edu/ict/documentation/telecommunications/instructional–informational-guides/.

If you have questions about this process please email mis@eng.ufl.edu or call 392-9217.

-MIS

PS: The VoIP handsets being deployed now still have some programming left to be completed. For instance, we know that auto-attendents are not recorded and voicemail is not configured.  Additionally, placeholder phone numbers are on some handsets in order to leave your published phone numbers in the old phone system.

Tagged as: ,

UFIT Proposed Service: GitHUB

Published:September 2nd, 2015
Category:Collegewide, Engineering IT Workers

I know we have a number of GIT installations around the College.  If campus was to set one up centrally and open it up to all of UF (for no charge backs) for your use would you use it for your projects?  There’s a bigger question here:

  • If you run your own, would you transition/migrate to a UFIT GitHUB installation?
  • If you don’t currently run GitHUB (but some other version control / source code management system), would you switch to UFIT GitHUB install?
  • What would be your barriers to entry of a UFIT GitHUB install?

Does this interest any of you at all? If not interested, and you run a local install of GIT, why not?

I believe this will be an open topic of conversation at the next IT@UF meeting.  Would you be willing/wanting to attend to add your perspective to this project?

 

Tagged as: ,

Tropical Storm Erika Update

Published:August 27th, 2015
Category:Collegewide, Engineering IT Workers

The below is something from UF’s Emergency Operations Team (EOT) that I thought would be good to forward to you all to get you thinking about things and reviewing your internal procedures related to a tropical storm/hurricane event for your unit.  Florida has gone about 10 years without a hurricane making landfall that impacts the state so we don’t have recent practice regarding action to take.

Fortunately, at this time it looks like we may just get some rain Monday night / Tuesday  from a category 1 hurricane sitting off the coast.  Things can always change; especially since the forecast track for north central Florida is 4-5 days out and subject to a lot of error.

I will most likely be getting additional updates each morning.  If this is something you’d like me to continue to forward let me know.  I have no plans on continuing to send the updates unless things change significantly and UF looks to be impacted more by this storm.

From: “Allen, Kenneth”
Date: Thursday, August 27, 2015 at 8:52 AM
To: “Allen, Kenneth”
Subject: EOT/Policy Group – Erika Update #2, Thursday AM (8/27)

Emergency Operations Team, Policy Group and Others – good morning. Much uncertainly remains regarding Tropical Storm Erika, especially as it relates to Florida. The computer models have generally shifted their tracks westward over the last several runs and the National Hurricane Center official forecast is now slightly east of Florida. Below are notes from the morning forecasts and attached are current graphics.

Erika Forecast

  • As of 8am, Tropical Storm Erika was poorly organized and located approximately 85 miles west of Guadeloupe (1,543 miles southeast of the UF Campus) with maximum sustained winds of 50 mph.
  • While Erika has strengthened overnight, conditions remain unfavorable for significant strengthening over the next 48 hours. If the storm survives these next 48 hours, it will encounter more favorable conditions for development.
  • Models remain in disagreement on Erika’s track beyond 2-3 days.
  • The official forecast moves turns the storm west-northwest today and continues this general path taking Erika near the Virgin Islands (later today), Puerto Rico (tonight) and Dominican Republic (Friday).
  • By Monday and Tuesday, the official forecast track has the center of Erika located approximately 85 miles off of the Florida East Coast as a category 1 hurricane.

UF Actions

  • With all of the Florida Peninsula now within the forecast error cone, UF units should monitor Erika for forecast changes and review their tropical weather plans.
  • The forecast track and strength of Erika is still too uncertain in the 3-5 day range to know if or to what extend impacts will be experienced within the state. Certainly an increasing threat for heavy rainfall at a minimum is a possibility.
  • Time frame for any potential impacts, if they were to occur, would begin in South Florida Sunday through Monday, moving northward. The Southeast Florida coast has a 30%-40% chance of experiencing tropical storm force winds on this morning’s forecast.
  • Information for the UF community is being regularly posted at http://www.ufl.edu/advisories/, which is prominently linked from the homepage. (This link is only active when required by a UF emergency.)
  • Current forecast updates are available from WRUF-TV’s live stream at 20 and 50 minutes past each hour: http://ufweather.org/watch (link is now invalid).
  • UF Emergency Management will be participating in briefings with local and state officials throughout the day.

If you have any questions or concerns, please let me know.

Thanks

-Kenneth

Kenneth Allen
University of Florida| Emergency Manager
Division of Public Safety| Department of Emergency Management
352-273-2100|kfallen@ufl.edu
www.emergency.ufl.edu

Tagged as: ,

<< Newer   Older >>