July 3, 2012
DoIT News Moving to myUMBC Groups
As of today, the DoIT News will be published through the DoIT Group on myUMBC, which in turn feeds the new DoIT site at doit.umbc.edu. As such, we will no longer be maintaining this Movable Type blog. However, it will remain for archive purposes.
FYI to DoIT Group members:
If you have questions, please contact the Technology Support Center (TSC) located on the first floor of the library next to the RLC or call 410.455.3838.
June 4, 2012
RT System Upgrade June 13
The UMBC Request Tracker system upgrade from version 3.8.7 to version 4.0.5 will occur on Wednesday, June 13, 2012. This will necessitate a system downtime from 5:30am until 7:30am to perform the necessary steps to achieve the upgrade. A splash page indicating the downtime will be created and in effect from 5:30am-7:30am for those who missed the message or forgot about the upgrade.
What's new for end-users:
January 17, 2012
Resolved: Slow RT (Request Tracker) Performance
DoIT staff have identified an issue with the system storage which has been fixed. Please contact DoIT if you are still experiencing the slowness identified earlier today.
DoIT has received several reports of sluggish performance of the RT (Request Tracker) ticketing system. Initial attempts to adjust the system memory resources have not been successful, so DoIT staff members are exploring possible hardware issues.
The Technology Support Center (TSC) can still be reached at 410.455.3838, but RT's current issues will affect the TSC staff's ability to update existing tickets. Meanwhile, several IT-related frequently asked questions (FAQs) are available from the myUMBC help menu or directly at www.umbc.edu/faq.
DoIT will update the campus when we know more.
September 12, 2011
Phishing Attacks: How to Spot Fake Emails
Phishing emails often pretend to be from your bank, credit card company, eBay or PayPal. However, you also get legitimate messages from these companies, so how do you tell the real ones from the fakes? Real emails often contain your name and may start “Dear John Smith”, but phishers don’t know you, so fakes have something general like “Dear customer”. If an email isn’t addressed specifically to you, you should suspect it is a fake.
Many phishing emails talk about technical problems that require you to click a link and enter your account details. Banks, eBay, PayPal, and so on, never lose your details and they don’t need to ask you for them. The links in phishing emails point to fake websites with wrong addresses, so check the status bar when the mouse hovers over a link or the URL in Internet Explorer’s address bar if you do actually find yourself on a phishing site. It is best not to click links in emails because fake addresses can be disguised.
Phishers’ response to advice not to click links in emails is to provide a bogus telephone number and ask people to ring the bank instead. An automated response asks you for your account details, which they then use to relieve you of your cash. Another common attribute of phishing scams is poor English – if an email is badly
written it is probably a fake.
The best way to avoid being caught out by phishing scams is never to click links in emails relating to sites that might hold sensitive information about you, such as credit card details. If you get a message supposedly from your bank, eBay or PayPal about a problem, just start Internet Explorer and type the usual address into your web browser. Log on and you will soon see if there really is a problem or not.
If you are in doubt about an email’s legitimacy or think you have inadvertently given away your personal details, contact your bank or the company immediately via contacts on their official websites.
March 30, 2010
DoIT Update on E-mail and Spam
During the last few weeks the campus has seen a drastic increase in Spam. We are also aware of several mail domains (e.g. Hotmail) that are rejecting or delaying e-mail originating from UMBC mail servers.
Most of the issues we are witnessing can be attributed to phishing attacks targeted at UMBC in which the criminals attempt to get UMBC users to provide their UMBC login credentials (i.e. username and password). Users at UMBC are often successfully tricked in to providing their login credentials. Unfortunately, it only takes a handful of compromised accounts to generate large volumes of Spam messages. The compromised UMBC mail accounts are then used to send out millions of Spam messages from our mail servers.
While we quickly identify the compromised accounts it is typically too late as the compromised account has sent out hundreds of thousands of Spam messages from UMBC mail servers. Some of this Spam is sent to UMBC users but much of it is directed to outside addresses at domains such as Hotmail. These large volumes of Spam then get the UMBC mail servers blocked by domains using reputation based Spam filters (e.g. Hotmail).
The most recent round of attacks used compromised accounts to access the gl.umbc.edu Linux servers to send out the Spam. The approach being used by the Spammers uses the fact that these servers were allowed to sent email through programs such as Pine, but does so in a way that they can send tremendous amounts of Spam. In order to mitigate both the Spam and the blocking of legitimate e-mails originating from UMBC we have developed the following plans.
Short-term (This Week).
1. We will disallow email from our Gl.umbc.edu (Linux1, Linux2, Linux3) machines. Over the last months we have seen 120 UMBC legitimate account holders use these systems to send email. This will impact a few faculty/staff but should greatly impede the way the spammers operate. We will be directly contacting the 120 UMBC account holders with information on an alternate approach they can use for email. These changes will be implemented on Thursday morning (April 1, 2010).
Mid-term changes coming between now and fall.
2. UMBC is working with the Attorney General's office on a contract with Google. Once the Google contract is approved and signed by the attorney generals office we plan to leverage Google's commercial anti-spam service called Google message security (previously called Postini) for faculty and staff. This service won't involve moving faculty and staff mail accounts to Google but instead it will augment, or possibly replace, our open-source anti-spam filtering solution. The Google message security solution is much better than our open source solution and should help cut-down on the spam that faculty and staff get in their inbox.
3. As planned and discussed with campus groups, over the summer we will move the student email from UMBC's servers to the Google Gmail service. Students will see a number of benefits to their email, including Google's basic spam filtering services they provide for GMAIL users.
FastCompany magazine recently had a very interesting piece (March 24, 2010) that featured an amazing infographic on the SPAM industry from NewScientist magazine, http://www.fastcompany.com/1595958/infographic-of-the-day-the-spam-industry. The article highlights our challenges. In a recent attack that was discovered a group sent out 35 million spam emails with a link in them (this was one of many attacks that day), 10,500 (.03%) clicked the link, 28 bought products (.00008%). This criminal group made millions over the course of the year.
UMBC receives approximately six Spam emails for every legitimate email (about 1.2 million SPAM emails a day). We are seeing over 2 million many days in the last month. Our current tools have not kept pace with the changes and if just a small fraction get through it can mean dozens of SPAM emails in your inbox. This is why we are anxious to move faculty and staff to a commercial solution for SPAM filtering. We feel the only way to keep pace in this race is to leverage better technology.
March 3, 2010
DoIT Adopts Turning Technologies Clickers Starting SU2010
The Division of Information Technology (DoIT) has decided to adopt the Turning Technologies Student Response System (SRS) or “clickers,” starting in Summer 2010. This means Turning Technologies (TT) will be the only clicker sold at the UMBC Bookstore, supported on instructor stations in UMBC lecture halls, and enabled for online class registration in all Blackboard courses.
The decision to change clickers is a difficult one because of the additional cost to students who have already purchased lifetime use of the Classroom Performance System (CPS) “clickers” from eInstruction.com. However, after a review of current clicker issues and support last year, including a Spring 2009 survey of active clicker faculty and students, and a TT pilot in Fall 2009, DoIT concluded the TT clickers were a better fit for achieving the pedagogical benefits of using clickers in the classroom.
To be clear, this was not an exhaustive review of the still maturing use of clickers among colleges and universities. To do so would have required even more time than DoIT is currently expending to support two clickers (one in pilot mode), and likely could have led to a decision to eliminate support of clickers altogether. However, building on Karin Readel's experience using TT clickers in her 100 student SCI100 class for several years, DoIT asked Phil Sokolove to pilot TT's newest clicker with Readel last fall. They presented their "lessons learned" during a Nov. 9 clicker faculty meeting. DoIT has also been consulting with Sunaina Khandelwal, a senator representing the Student Government Association (SGA), and has presented several updates to the Faculty Senate Computer Policy Committee (CPC), which approved the decision to adopt TT during its December 11 meeting, following an update about the FA2009 pilot.
|TT clicker to be sold
in the UMBC Bookstore.
Finally, for faculty who allow use of laptops and web-enabled cell phones in the classroom, TT provides students with the ResponseWare (software only) solution for an annual license of $16. A four-year license is $32 and the software can be downloaded for a free, 30-day trial. There is no additional registration cost for use of any TT clickers (hardware or software solutions) each semester, which was a vocal concern among students responding the Spring 2009 survey, and in recent discussions with the SGA.
Again, to be clear, DoIT is not urging faculty to allow students to use laptops or cell phones in classrooms, if they don’t now. Nor is DoIT promising students that all faculty will support this option. However, given the costs that students may have expended on lifetime use of CPS clickers already, the TT “software only” solution could be a less expensive way for the University to get through a transitional year or two.
DoIT will continue to provide updates on this transition between clickers, including training this summer when faculty can receive a free TT clicker and receiver, which can be used on their laptops (DoIT will install the TT software on all lecture halls this summer). For more information, visit www.umbc.edu/clickers.