Important information about the Heartbleed Bug

The “Heartbleed” security bug has been flooding the news this week with reports that it has affected the Canada Revenue Agency’s website and other sites around the world. The purpose of this note is to explain how we’re dealing with the issue at the U of S and what it means for you.

What is the situation?

The Heartbleed security bug has been found in one of the most widely used pieces of Internet security software used to encrypt and protect things like passwords and other information that hackers could use to enter secure websites. The software is known as OpenSSL and the vulnerability created by Heartbleed means that individuals on the Internet can decode and read previously protected sensitive information on compromised websites.

The bug affects servers, Internet-enabled devices and networking hardware that use the vulnerable version of the software, and could include home access points and firewalls, wireless phones, home networking equipment and security systems, smart TVs and Blu-ray players.

What’s happening at U of S?

The U of S is actively managing the situation. All servers managed by ICT were patched on Tuesday evening and Wednesday morning, which substantially reduces our exposure to this vulnerability.

What can you do?

You should always pay attention to cyber security and practice good password management and check with your device manufacturer to see if your devices are affected and if they will be issuing an update.

If you’re curious and would like to learn more about Heartbleed, check out the website set up by the researchers who discovered the issue.

You can also view the The Government of Canada’s information on the Heartbleed bug.

For further information, contact the ICT Help Desk.

Limited April maintenance to help with end of term: Wed. April 9, 10 pm – 3 am

With assignments due and final exams, we know April is a very busy month for you. So, as we’ve done during previous final exam periods, this month we’re forgoing our regularly scheduled maintenance of most ICT services.

This means PAWS, U of S Course Tools (Blackboard) and many other ICT services will continue to run as usual throughout this month’s scheduled maintenance.

We do, however, still need to go ahead with regular maintenance on a number of services which run on Microsoft Windows since they require essential patches and updates that cannot wait for a later date.

This reduced maintenance work will be performed during the evening of Wednesday, April 9th, from 10:00 p.m. to 3:00 a.m. the next morning.

During that time, the following services will be unavailable:

  • Email
  • File services (Cabinet, Jade, Bermuda, TangoWeb (SSAM/gsis), WinWeb (FMD), Datashare)
  • Print services (Green, CPAS)
  • Database hosting (SQLserver only)

PAWS, Sirius, Unifi, U of S Course Tools (Blackboard), etc. will remain uninterrupted during this maintenance.

For more information, contact:
ICT Help Desk 306-966-4817, help.desk@usask.ca

Microsoft XP Security Alert

For anyone running Windows XP on their computer, please note that support for Windows XP will end on April 8, 2014.

After April 8, 2014, Microsoft will no longer provide security updates or patches for Windows XP and the U of S will also cease support for Windows XP.

If you are running Windows XP, please do one of the following to prevent your computer/private data from being compromised:

  • Remove the Windows XP computer from the network.
  • Request an exception for support of special case XP computers.
  • Upgrade the operating systems to Windows 7 or Windows 8 (Colleges and departments subscribing to Microsoft Campus Agreement are fully licensed for upgrades to Windows 7 or Windows 8).
  • Purchase a new computer with Windows 7 or Windows 8.

Failure to take action can result in a compromised computer which will be removed from the campus network without warning as Windows XP computers will pose a risk to the campus network and data.

If you would like more assistance, please contact your local IT Staff or contact the ICT Help Desk at (306) 966-4817.

For more information regarding the retirement of Windows XP, please visit Microsoft’s website.

Scheduled Monthly Downtime: Wed., Mar. 12, 10 pm – 2 am

PAWS, U of S Course Tools (Blackboard), and other ICT services will be unavailable on Wed., Mar. 12, from 10:00 pm until 2:00 am the next morning.

This regularly scheduled monthly downtime allows us to install important security, performance, and stability updates.

To help ensure you always have access to the services you need when you need them the most, we do our best to schedule this essential maintenance work for off-peak hours, usually on the second or third Wednesday of the month.

And, so you know in advance when service interruptions will occur, we post all upcoming scheduled maintenance on our Information and Communications Technology (ICT) website.

Just look for the “Scheduled Maintenance” heading in the left hand column.
We also post notices about upcoming maintenance on the login pages for
PAWS and U of S Course Tools.

A list of other ICT-provided services which will also be unavailable during regular monthly maintenance can be viewed on our Scheduled Monthly Downtimes page.

For more information, contact:
ICT Help Desk 966-4817, help.desk@usask.ca

New Phishing Attack at the U of S

The U of S is no stranger to phishing attacks and experienced another very simple, but effective attack on Sunday, March 2, 2014.
The attack was carried out via e-mails that were sent to a targeted group of recipients urging them to click on a link to point to a reasonable facsimile of our PAWS login page.

The mimicking website – hosted in Australia – has now been blocked as well as all e-mails which originated from a university in Germany.

An example of the e-mail subjects were:
Blackboard Learn course-415
Appilication Set Up – Must Read
(Notice that Application is spelled incorrectly. Common in spam.)

If anyone at the U of S did receive an email such as the ones listed above and inadvertently clicked on the link and entered their NSID and password, they need to contact the ICT Help Desk ASAP to have their password reset.

As a reminder, phishing is a serious cyber-crime that is becoming more and more sophisticated at the U of S. Targeted individuals are contacted via email by someone posing as a legitimate institution. The emails may contain links to fake institution websites whose look and feel is identical to the legitimate one. This is all done in an effort to cheat users into providing sensitive information such as banking and credit card deals as well as passwords. This personal information is then used to access individual and institutional information.

We take all fraudulent messages and phishing attempts very seriously. Whenever suspicious messages are reported, we take immediate measures to investigate and respond.

If you believe you were targeted by this phishing attack, please contact the ICT Help Desk immediately at 306-966-4817.

Scheduled Monthly Downtime: Wed., Feb. 12, 10 pm – 2 am

PAWS, U of S Course Tools (Blackboard), and other ICT services will be unavailable on Wed., Feb. 12, from 10:00 pm until 2:00 am the next morning.

This regularly scheduled monthly downtime allows us to install important security, performance, and stability updates.

To help ensure you always have access to the services you need when you need them the most, we do our best to schedule this essential maintenance work for off-peak hours, usually on the second or third Wednesday of the month.

And, so you know in advance when service interruptions will occur, we post all upcoming scheduled maintenance on our Information and Communications Technology (ICT) website.

Just look for the “Scheduled Maintenance” heading in the left hand column.
We also post notices about upcoming maintenance on the login pages for
PAWS and U of S Course Tools.

A list of other ICT-provided services which will also be unavailable during regular monthly maintenance can be viewed on our Scheduled Monthly Downtimes page.

For more information, contact:
ICT Help Desk 306-966-4817 or help.desk@usask.ca

New Chief Information Officer and Associate Vice-President, Information and Communications Technology

The university welcomes Mark Roman as the new Chief Information Officer and Associate Vice-President, Information and Communications Technology (ICT) effective March 1, 2014.

Mark will work in collaboration with senior administration, deans, department heads, faculty, staff and students to realize the institutional vision for ICT services and infrastructure, and will oversee the operation of the units within ICT.

He is currently the Principal Consultant in his own national consulting firm as well as the Chief Information Officer at Camosun College. Prior to those positions, he was the Chief Information Officer at the University of Victoria. He has also held various positions on both provincial and national boards.

Mark obtained a B.Math from the University of Waterloo; his M.B.A. from Queen’s University; and his P.M.P. (Project Management Professional) from the Project Management Institute.

Read the full announcement.

ICT’s 2013 Year in Review

As we move full force into 2014 it’s important to take the opportunity to step back and reflect on the achievements Information and Communications Technology (ICT) at the University of Saskatchewan had in 2013. It was a busy and productive year and ICT worked to continually support the university community with evolving technologies and reliable digital infrastructure. Here are some of the highlights from 2013.

Research computing enhances university research productivity

Designed to enhance university research productivity, we created the Research Computing unit in ICT, which provides advanced computing services for researchers across all disciplines, as well as supporting specialized high-priority research areas. The unit consolidated ICT’s existing commitments to research support, including advanced computing and WestGrid, research software, grant consultation, and departmental research. The unit also hired a new team member to help address the data-centric challenges that researchers currently face.

Research unit

The launch of Research Computing will help to bolster the university’s position as a member of the U15, the country’s 15 leading research-intensive universities. Strengthening the university’s overall research culture through this initiative also supports the university’s priorities as stated in the Third Integrated Plan, particularly that of fostering knowledge creation.

New PAWS interface enhances the ease of accessing information

In July, the university’s web portal launched a dramatically different layout that has changed how the U of S community accesses information and completes online tasks. Not only is the new user interface cleaner and less cluttered, it’s a much more intuitive site and presents a completely different approach to how we deliver content.

All content is accessible from the new PAWS homepage. Task-based channels such as registration and employee vacation time reporting are a click away. Timely content appears in a prominent centre column, making it easier to see announcements, bulletins and news feeds. One-time tasks like voting or Aboriginal self-declaration show up at the top of that centre column and remain there until either completed or dismissed.

PAWS Year

The changes were largely the result of a survey response from PAWS users in 2012. Common themes that came from staff and students were that they wanted things easier to find; cleaner and more streamlined. The PAWS team within ICT succeeded in delivering relevant, timely and useful content that works on a variety of different formats, from desktop to hand-held devices. The team effort, along with help from ICT Help Desk and ICT Training Services was a success both aesthetically and functionally.

iUsask named top app in Canada for navigating universities

In the fall we received the exciting news that our very own mobile app, iUsask had been given top honours by Connected Rogers, a Canadian technology and lifestyle digital magazine.

iusask

Named as the number one app for navigating Canadian universities, the digital magazine said, “If schools were ranked based on the quality of their mobile apps, the University of Saskatchewan would hold top slot. It’s clear that iUsask is still leading the pack when it comes to cutting-edge mobile technology.” The iUsask app was ranked number one over apps from the University of Toronto, Carleton University, UBC and Athabasca University.

mobile number1

iUsask offers an easy-to-use interface that enables students to get more information, quickly and easily and in real-time. The app that is available on iOS devices and Android is interactive and features library hours, class locations, school-related news and options such as viewing grades confidentially, checking available computers in a lab and viewing live webcam feeds of the campus.

Having iUsask ranked as the top app proved that mobile development has and continues to be a top priority area of ICT and an area that we are exceling in.

Significant enhancements to services in support of teaching and learning

The enhancements to services made in 2013 include the expanded use of web conferencing, in particular to provide better support for the School of Public Health’s Masters of Health Program. ICT also supported the use of Collaborate, which greatly enhanced the productivity of research team meetings within the Global Institute for Water Security, the Global Institute for Food Security, Fibromyalgia and Systemic Research. Both areas contribute support for distributed learning and research activities.

Improvements were made to the Optical Mark Recognition software including replacing old optical scanners with new digital scanners, which now sees 98% of clients on the new system. This has allowed ICT to introduce remote scanning of exams/evaluations, which is well suited to distributed-learning programs.

Throughout the summer, ICT was busy implementing a cross-campus service upgrade to the TurningPoint Clicker infrastructure, to accommodate upgrading to the latest release of the TurningPoint software suite. The result of this is ResponseWare for smartphones now being used (currently piloted in the College of Pharmacy and Nutrition).

To coincide with the upgrade and implementation of new infrastructure, ICT – in partnership with Turning Technologies Canada – hosted a successful learning forum for faculty on clickers with Dr. Melinda Micheletto, Turning Technologies distinguished educator, as the guest speaker.

Improving overall cyber security practices

ICT continued to improve overall cyber security practices and put rigour into raising awareness in the area of cyber security. As part of this awareness we developed a month-long campaign that coincided with Cyber Security Awareness Month.

Cyber security awareness month

Throughout October we:

Cyber-crime continues to become more sophisticated, especially at post-secondary institutions and ICT took leaps and bounds in 2013 improving our overall security practices and further developing processes for security incident responses.

Free and unlimited access to Lynda.com

To round out the year nicely, Lynda.com – a valuable online training resource – was negotiated to be free and unlimited to the U of S community. Faculty, staff and students now have the opportunity to fully access thousands of unlimited, free tutorials, seven days a week, day and night.

Lynda.com is an online training library that contains thousands of professional grade Windows and Mac tutorials accessed through streaming video. In these videos members of the university community can find information that covers many software titles, scripting languages, design and web development platforms as well as popular online sites.

Having the use of this incredible training service allows members of the community to fully embrace learning new software that supports their professional and personal goals.

lynda

The future looks bright

These, among other achievements all serve as a reminder that ICT continues to deliver quality and enormously beneficial services and resources to the U of S community.

ICT is well positioned to support the university community’s continued success as a proud member of the U15, Canada’s top research universities, and we will continue to work to support its larger goal of being one of the most distinguished universities in Canada.

Lawrence Dobranski making a huge impact in the field of cyber security

Congratulations to Lawrence Dobranski, Director of Security, Information and Communications Technology at the U of S who is making a huge impact in the field of cyber security. He was recently featured on the University of Fairfax’s homepage where he is a doctoral candidate on track to receive his degree in March.

flex_Lawrence-Dobranski

Lawrence was recently quoted in the prestigious cybersecurity journal, Infosecurity Professional.  The article was entitled: “Laying Down the BYOD Law.”  BYOD (Bring Your Own Device) is an increasingly important topic facing the field of cybersecurity.  Some companies are demanding that prior to employees departing, they turn in their personal phones as many as two weeks prior to leaving so that the IT department can examine it for trade secrets.

“That’s fine as long as BYOD is an option the employer is extending to employees as a privilege, however, things may change once organizations start to require employees to provide their own devices at their own expense,” he said, “especially since technology is changing faster than the law can keep up.”

“Securing data is a realistic issue for IT to address. Employee training is a basic part of mobile security policy; IT needs to educate people about security and how it works.”

In light of the recently passed annual Data Privacy Day on January 28, 2014, cyber security is an ever increasing issue at large institutions and Lawrence’s leadership in this area is a great asset to the university.

Read the full article on the University of Fairfax website.

Today is Data Privacy Day – think before you click

Data privacy

Today Canada, along with many countries around the world, is celebrating Data Privacy Day – an international effort to empower and educate people on the impact technology has on our privacy rights and the importance of controlling our digital footprint and protecting personal information.

What does this mean for you as part of the U of S community? Data flows freely in today’s online world and it is your responsibility as a faculty member, student or employee to protect yours and other people’s personal information under the university’s Freedom of Information and Protection of Privacy policy and the Saskatchewan Local Authority Freedom of Information and Protection of Privacy Act, and the Data Management, Data Access and Data Use policy.

As we move into an era where the smartphone rules, the loss of mobile devices and data is a major concern for the university. Anyone in the community who stores or accesses personal or confidential information or research data on their mobile devices should ensure that adequate protection is in place, including:

  • Securing your devices with a long, strong and unique password and other privacy features.
  • Securing your accounts by enabling security software and updating operating systems and apps.
  • Encrypting your device to add an extra level of security that protects your identity.
  • Thinking before you app to ensure you understand what information the app accesses.
  • Backing it up. Storing digital copies of your work, music and photos on an external drive or cloud.

Further university-recommended best practices and guides for your mobile devices and technology can be found on ICT’s mobile device security webpage.

So, what can you do to get involved in Data Privacy Day? Show your support through social media.

  • #DPD14. Promote Data Privacy Day on social networks with messages promoting privacy and data stewardship using the hashtag #DPD14 on Facebook, Twitter, LinkedIn, Google+ and more.
  • Make Data Privacy Day visible on your profiles. Download DPD profile images for Facebook, Twitter, Google+ and LinkedIn.
  •  Follow & Like Data Privacy Day. Join us on TwitterFacebook and LinkedIn to stay current on all the latest DPD initiatives and resources, as well as privacy news throughout the year.

If you have questions or concerns regarding privacy, contact the university’s Access and Privacy Officer, Rayelle Johnston at 8596 or privacy@usask.ca. For questions about ICT security and risk management, contact the Director of ICT Security, Lawrence Dobranski at 7177 or lawrence.dobranski@usask.ca.

For assistance enabling passwords or encrypting data contact your college or unit’s IT support or the ICT Help Desk at 4817.

Remember to show your commitment to privacy today by educating yourself on your responsibility to keep your data safe.