Welcome back and Happy New Year! We hope you had a relaxing break and that you're refreshed and ready for an outstanding spring semester.
As you return, please make sure that you do your operating system and software updates if you are responsible for your own systems -- no need to end a nice relaxing break cleaning up your machine after a break-in or compromise. (It is also a good time to make sure you've updated all your personal machines and mobile devices.)
We'd also like to take the opportunity to remind you to have strong passwords or
Computer researchers have recently revealed that the main chip inside most modern computers and other electronic devices --- the CPU --- has a hardware design flaw, or bug. This flaw creates two serious security issues dubbed “Meltdown” and “Spectre”.
The design flaw in CPUs has been there since 1995 and affects most CPUs, regardless of manufacturer. While the scope of the problem is not yet well understood, it is believed to affect nearly every modern computer and device with a CPU.
At this time, we know it affects the hardware that runs Microsoft
The Holidays are upon us! The university will be closed next week, with only skeleton crews working when and where needed.
Of course IT needs to keep running, so some of our OIT staff will be either working or on call. We appreciate the hard work and dedication of all OIT employees, including those working over the breaks.
Unless you've been told otherwise by your system administrators or TSCs, please remember to turn off your computers and printers over the break. Not only will this save money and electricity, but it helps prevent attacks
If you own a Mac, you have probably heard by now that Apple introduced a serious bug into High Sierra by which anybody could log into a Mac using 'root' as the username and no password, and get full access to the system.
If your Mac is under CNS-OIT management, then a workaround has been applied: a root password has been set on your machine. Additionally, owners of managed machines will receive an email reminding them to apply as soon as possible the security patch that fixes the root vulnerability.
As always, if you have questions or need help, please don'
If you own a Mac, you have probably heard by now that Apple introduced a serious bug into High Sierra by which anybody could log into a Mac using 'root' as the username and no password, and get full access to the system. You may have also heard that Apple released a patch to fix this vulnerability. But have you heard that the bug 'silently' reappears on systems that are subsequently upgraded from 10.13.0 to 10.13.1?
As of Friday, 17 November 2017, UT Austin's Two-Factor Authentication service (2FA) Duo has stopped reporting possible security issues to its push clients when they authenticate.
What does that mean? The Duo App, from 20 July 2017 until last week reported, based only on release date of the software on the device, that the system was insecure and in need of updates. This confused many users, or just plain infuriated them in that their phones were reporting to be insecure.
Security tools like 2FA via Duo are essential in this age of
On 1 November 2017, the Information Security Office announced that it would "soon begin a controlled phishing assessment in an effort to continue to improve security awareness around this particular attack vector. All faculty and staff are potential recipients."
According to the announcement, "you may receive fake phishing emails designed to look like ones that bad guys are sending. However, instead of harming you, these emails will provide the ISO with data and teach you how to identify these scams and protect yourself. The ISO will send at least three rounds of emails