Blog

UT Box Sync

If you are a Windows or Mac user who is a heavy user of UT Box, and if you are only using it via the web interface, then you are probably not being as productive as you could be.

There are various tools to make using UT Box more productive on your Windows or Mac desktop and laptop machines1.  Today, we will discuss one of these tools: Box Sync2.

Box Sync allows you to mirror some (or all) of your data stored on UT Box to your desktop's or laptop's hard drive3. You can then navigate and modify content stored on the UT

Read more about UT Box Sync

Welcome Back, Happy New Year!

Welcome back and Happy New Year! We hope you had a relaxing break and that you're refreshed and ready for an outstanding spring semester.

As you return, please make sure that you do your operating system and software updates if you are responsible for your own systems -- no need to end a nice relaxing break cleaning up your machine after a break-in or compromise.  (It is also a good time to make sure you've updated all your personal machines and mobile devices.)

We'd also like to take the opportunity to remind you to have strong passwords or

Read more about Welcome Back, Happy New Year!

Meltdown and Spectre

Computer researchers have recently revealed that the main chip inside most modern computers and other electronic devices --- the CPU --- has a hardware design flaw, or bug. This flaw creates two serious security issues dubbed “Meltdown” and “Spectre”.

The design flaw in CPUs has been there since 1995 and affects most CPUs, regardless of manufacturer.  While the scope of the problem is not yet well understood, it is believed to affect nearly every modern computer and device with a CPU.

At this time, we know it affects the hardware that runs Microsoft

Read more about Meltdown and Spectre

Holiday Break

The Holidays are upon us! The university will be closed next week, with only skeleton crews working when and where needed.

Of course IT needs to keep running, so some of our OIT staff will be either working or on call. We appreciate the hard work and dedication of all OIT employees, including those working over the breaks.

Unless you've been told otherwise by your system administrators or TSCs, please remember to turn off your computers and printers over the break.  Not only will this save money and electricity, but it helps prevent attacks

Read more about Holiday Break

High Sierra Root Vulnerability Macs Under CNS-OIT Management

If you own a Mac, you have probably heard by now that Apple introduced a serious bug into High Sierra by which anybody could log into a Mac using 'root' as the username and no password, and get full access to the system.

If your Mac is under CNS-OIT management, then a workaround has been applied: a root password has been set on your machine. Additionally, owners of managed machines will receive an email reminding them to apply as soon as possible the security patch that fixes the root vulnerability.

As always, if you have questions or need help, please don'

Read more about High Sierra Root Vulnerability Macs Under CNS-OIT Management

High Sierra Root Vulnerability: Known Issue Migrating From 10.13.0 to 10.13.1

If you own a Mac, you have probably heard by now that Apple introduced a serious bug into High Sierra by which anybody could log into a Mac using 'root' as the username and no password, and get full access to the system. You may have also heard that Apple released a patch to fix this vulnerability. But have you heard that the bug 'silently' reappears on systems that are subsequently upgraded from 10.13.0 to 10.13.1?

If you apply the security patch to

Read more about High Sierra Root Vulnerability: Known Issue Migrating From 10.13.0 to 10.13.1

Changes to Duo Two Factor Authentication

As of Friday, 17 November 2017, UT Austin's Two-Factor Authentication service (2FA) Duo has stopped reporting possible security issues to its push clients when they authenticate. 

What does that mean?  The Duo App, from 20 July 2017 until last week reported, based only on release date of the software on the device, that the system was insecure and in need of updates.  This confused many users, or just plain infuriated them in that their phones were reporting to be insecure. 

Security tools like 2FA via Duo are essential in this age of

Read more about Changes to Duo Two Factor Authentication

Controlled Phishing Campaign by ISO

On 1 November 2017, the Information Security Office announced that it would "soon begin a controlled phishing assessment in an effort to continue to improve security awareness around this particular attack vector. All faculty and staff are potential recipients."

According to the announcement, "you may receive fake phishing emails designed to look like ones that bad guys are sending. However, instead of harming you, these emails will provide the ISO with data and teach you how to identify these scams and protect yourself. The ISO will send at least three rounds of emails

Read more about Controlled Phishing Campaign by ISO

Speed up your Old iPhone

If you have an older iPhone or iPad that you've been using for a while and that has been through several iOS upgrades, chances are you've noticed its running ever slower.  This happens for two reasons:

  1. Each new OS release has more features, meant to take advantage of the latest, fastest new iPhones' and iPads' hardware.  Hence, each new release runs slower on older devices.
  2. Over time, use and upgrades cause the system to slow down due to a variety of reasons.

The first cause can be fixed only by buying a newer

Read more about Speed up your Old iPhone

Illicit Keyloggers

Recently, several machines in the College of Natural Sciences have been found to be infected with a variant of Elite Keylogger. 

Keyloggers can be hardware or software, and are designed to capture all keystrokes a user makes on a machine.

This variant of Elite Keylogger is illicit software that sends logs of captured keystrokes to machines on the Internet, where these logs are parsed.

The people responsible for deploying the keylogger are usually looking for keystrokes that are username/password combinations that will gain them

Read more about Illicit Keyloggers