By Brooke Eder
Information Security Awareness Week: Oct. 1 – Oct. 5
BUMC IT will be in the BUSM Lobby on Monday (10/1), Wednesday (10/3) & Friday (10/5) from 11am-2pm to provide information and answer questions about information security as well as help you properly get rid of old computer hard drives. Bring your old computer hard drives or magnetic tapes, etc. and BUMC IT will ensure your data is securely destroyed.
Even more, you can bring your whole computers or laptops and BUMC IT staff will remove the hard drive for you and make sure hard drive and computer are properly disposed of.
All BUMC faculty staff and students are invited to stop by.
Need SAS for a course but can’t download it?
Are you a student currently registered for a course that requires SAS but cannot download it? Have your professor e-mail us at bumchelp@bu.edu and confirm that you are enrolled in the class to gain access to the SAS download. More information about SAS: http://bit.ly/whT6Nk
Get Technology Training
Check out www.bu.edu/tech/training to view course descriptions and register for classroom tutorials. Some notable course options include training for Outlook 2010, Blackboard and Scientific Visualization software.
Avoid Being a Victim of Phishing!
Avoid being a victim of phishing! If you are ever unsure whether an e-mail you receive is legitimate or if you receive an e-mail messages that is abusive or harassing in nature, you can forward it to abuse@bu.edu for verification. Read the following tips to protect yourself from phishing...
Security Alert: Java Vulnerability
A new zero-day vulnerability in Java—a Poison Ivy variant—has been discovered and exploits have been found. The flaw affects all versions of Oracle’s Java 7 (version 1.7) on all supported operating systems. No patch is available at this time. Java 6 and earlier are currently unaffected (although that will possibly change soon).
If your computer is managed by IS&T using KACE or is running Blackboard, it should be running Java version 6 and is currently not affected by this issue.
Find out if your computer can be exploited: www.isjavaexploitable.com
In order for this vulnerability to be exploited, you have to visit a web page or follow a link to an infected site. If your computer has been exploited, the software can do anything with your computer that you can.
Recommendations
- If you are not using any programs that require Java, remove it from your system altogether. Java is one of the most heavily-exploited platforms in the world today due to its almost ubiquitous presence.
- If you have to have Java for a specific program, but don’t need it for the web pages you visit, disable Java for universal use on your browsers. (Links to instructions listed below.) It is safest to allow use of Java browser plug-ins on a case-by-case basis when prompted for permission by trusted programs.
- If you cannot disable Java in your browsers, confine your browsing to regular commercial sites which, while not immune from being infected, are typically more carefully maintained and monitored and represent a lower risk. This is not a reliable security approach, but it is better than nothing.
Disable Java
- Safari
- Internet Explorer
- Firefox
(For Firefox on Mac OS X, it is like Windows XP (Tools > Add-ons)) - Chrome
While in Chrome, enter this URL: chrome://plugins/ then click Disable under Java.
Read More
(See original post from TechWeb)
Prevent Laptop Theft
Prevent laptop theft by registering your laptop with the BUPD. Find out more: https://www.bu.edu/police/crime-prevention/laptop-registration-with-stop/
HOD Service Upgraded to Support Latest Java Plugin
IS&T has successfully upgraded the Host On-Demand service (used to connect to and use GALAXY) from version 10.0.1 to version 11.0.5. This update fully supports modern browsers, operating systems, and Java plugins, and it does not require any action on your part; the next time you launch HOD it should operate normally, although it may update a few files before opening. Computers that previously did not receive Java updates have been updated to reflect the change and should start receiving Java updates as normal.
Supported Browsers
Windows
- Internet Explorer 6.0 or newer
- Mozilla Firefox 1.5 through 12.0
Mac OS X
- Safari 1.2 or newer
- Mozilla Firefox 2.0 through 12.0
Supported Java 2 Plugins
- Sun, IBM, and HP Java plugins 1.5.0. Sun 1.6.0
- IBM 32-bit runtime Environment for Java 2, 1.5 and 1.6.
Though this new version of HOD will work on older browsers and Java versions, we highly recommend updating to the newest possible version of each to take advantage of important security updates. If you use any other applications that need Java, please check TechWeb for browser and Java compatibility.
For assistance updating your browser and Java plugins, contact the IT Help Center online, via e-mail at ithelp@bu.edu, or by phone at (617)353-HELP (4357). If your computer is managed by IS&T’s Desktop Services, the appropriate updates will be pushed to your computer during the next change window. If your school or department has dedicated IT support, contact them for help installing updates.
Get Discounted Microsoft Software from BU
BU licenses a broad range of software through a Microsoft Enterprise Agreement, offering eligible employees access to Microsoft Windows and the Office suites for BU-owned PCs and Macs; and providing students with access to purchase software at significantly reduced cost. Learn more at www.bu.edu/tech/microsoft
How Can I Protect Myself from Phishing?
- If an e-mail asks for your password, it is a scam. Delete it!
A popular phishing technique asks you to reply to a message and send your password. As an example, you could receive a message claiming to be from some seemingly official (but non-existent) entity, e.g., “The BU.EDU Upgrade Team,” saying that the mail system is being upgraded and your account will be deleted unless you respond immediately and provide your password. Please keep in mind that Boston University will never ask for your login and password information. - Don’t follow links, and never provide personal information.
You should never follow links offered to you in unsolicited mail or provide any personal or financial information, just as you wouldn’t when you receive an unsolicited phone call. This should be your guideline no matter how tempting, frightening, or persuasive the mail seems. Remember that, given an awareness of the problem of phishing, legitimate companies won’t use this method of approaching you. If you do feel compelled to respond or that you must check out something sent to you in an e-mail, don’t use a link in the e-mail message to do that. Use your browser to go to the known and trusted website (PayPal, for example) by typing in the URL/web address yourself and log in there.You can tell where a link is going by hovering over it with your mouse. Don’t click. Hover. As a general rule, if the e-mail message is lying to you about where the link wants to send you, it is a scam. - Don’t open attachments that you weren’t expecting.
Many viruses are designed to send out spoofed e-mail messages. This message could be originating from any infected PC in the world which happens to have your address in a file (e.g., the address book) or which happens to have auto-generated your address in some fashion. Some, although not all, of these messages will come with an attachment designed to spread the virus to you. Viewing such an attachment puts your computer at risk. - Filter out spam.
Spam is always annoying, and it can be dangerous too: spam e-mail often contains virus, spyware, or phishing exploits. You can protect yourself from many of these hazards by filtering spam. - When in doubt…
If you are unsure whether an e-mail is real or if you receive an e-mail messages that is abusive or harassing in nature, report it to abuse@bu.edu. If possible, it is helpful to include full headers when forwarding a message. If you have questions, contact the Service Desk at (617) 638-5914.
If it’s too late…
If you responded to a suspicious e-mail message and provided your password, you should immediately change your password and scan your computer for spyware and viruses. Depending on what information you provided, you may also need to take steps to protect your credit card and bank information.
Contact the BUMC IT Service Desk if you believe you have been a victim of phishing at (617) 638-5914 or bumchelp@bu.edu.
LEARN MORE ABOUT PHISHING:
- Phishing IQ Test: http://www.sonicwall.com/furl/phishing/index.php
- Phishing Awareness: http://www.youtube.com/watch?v=H0yWWqX0L4g
- "Phishing" Internet Security PSA: http://www.youtube.com/watch?v=pPCPU5UpPG4&NR=1
Remember, Boston University will never ask for your login and password information via e-mail.
FreezerPro Software Now Available to the BUMC Community
Boston University Medical Campus is pleased to announce a fully supported, enterprise class biospecimen repository management system, FreezerPro 2012 Enterprise. FreezerPro is a web-based system that will be run on campus by BUMC IT. It will have full technical support including data and system backups.
FreezerPro allows users to track their frozen samples through an intuitive, fast, reliable and secure Web-based application. Features include automatic alerts of low number of sample aliquots, sample expiration date, sample volume or freeze-thaw count along with reporting.
FreezerPro has been independently validated and certified to be fully compliant with HIPAA and the FDAs current GLP/GMP requirements.
More information about FreezerPro 2012 Enterprise can be found at:
http://www.ruro.com/software/freezerpro/freezerpro-2012-enterprise
The centrally subsidized cost will be $199 per user per year, a fraction of an individual license.
If you would like to sign up for a license or would like more information about FreezerPro, please call the BUMC IT Service Desk at (617) 638-5914 or submit a ticket asking for a license at http://www.bumc.bu.edu/it/support/bumc-it/request/.
