UAB IT is actively working to migrate servers across campus that are using Microsoft Windows Server 2003, which will reach end of life after July 14, 2015, meaning it will be unsupported by Microsoft.

Servers that are not migrated could cause problems with compliance and compatibility as well as increase costs for maintaining aging hardware.

To facilitate this transition, the UAB Enterprise Information Security Office (EISO) is actively working with Windows Server 2003 system owners to ensure a plan is in-place and actively being worked to migrate or retire affected systems.

If your department has affected servers, you should hear from UAB IT staff soon. If you have questions or concerns, call (205) 975-0842 or email datasecurity@uab.edu.
UAB and other universities have partnered with one of the premier information security training organizations, the SANS Institute, to offer a number of discounted training opportunities.

UAB departments can purchase online security training vouchers, to be used through SANS OnDemand or Sans vLive training programs, at a significant discount.

OnDemand provides student online courseware and recorded video training so that students can study and complete hands-on labs and quizzes at a convenient time. vLive is a live, online training option; classes typically meet two evenings per week for five or six weeks.

With both options, pricing can include a certification exam attempt for that particular course. Pricing for a SANS voucher is $2,330 for the course alone or $2,959 with a bundled GIAC certification exam.

UAB IT Enterprise Information Security will be placing an order with SANS on behalf of UAB on July 30.

Any organization that wants to be included in this summer's aggregate purchase should e-mail Enterprise Information Security before this date.

A wave of phishing e-mails using false messages about mailbox size has hit UAB, mainly targeting student accounts in an attempt to steal personal information.

The emails warn that recipients’ mailboxes are “almost full” or have reached “90% of your quote,” and urge recipients to click a link to re-validate their mailboxes. UAB will never direct users to a non-UAB web site for anything regarding email or concerning your password.
Phish1Phish2
UAB IT is taking steps to block this phishing attempt, but students, faculty and staff should be on alert.

If you receive an email with a hidden link like “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads.

Look at the URL of the website you are visiting. In the case of this phish you are being redirected to www.didrihsons  .lv/wp-content/wps4/  and not uab.edu.

You should only enter your UAB credentials at UAB .edu web sites.

To report suspected spam to AskIT, please follow the instructions here

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
Some UAB students have been targets of a phone scam in which malicious callers make threats about alleged debt, similar to scams seen at universities across the country.

According to UAB IT’s Information Security division, students need to know:

  • No law enforcement body will call them and threaten to arrest them over the phone.
  • The attackers can spoof the police station phone number so the call will look like it is coming from the police station.
  • UAB has not suffered a breach that resulted in this scam.

Tips:

  • Ask to call the “officer” back, take down their number and call the number back.
  • Ask them to meet you at the police station in question.
  • When in doubt, hang up and call the UAB Police Department at 205-934-4434.
  • Do NOT provide Social Security numbers, birth dates or any other personal information.
OpenSSL released a security advisory bulletin on Thursday, March 19, detailing multiple high and moderate severity vulnerabilities in the secure sockets layer library used in Linux and Unix based systems.

The security vulnerabilities have been addressed in the most recent version of OpenSSL and should be available from the standard update channels for Linux distributions at this time. UAB IT encourages all Linux and Unix systems administrators take steps to update their systems during their planned update windows in upcoming weeks. 

More information is available at:

https://openssl.org/  and

http://www.cyberciti.biz/faq/howto-openssl-security-update-cve20150291-cve20150204-cve20150290-cve20150207-cve20150286/
Locking your computer when you leave your desk is just one of the ways to help keep your data secure, according to the March issue of the IT Risk Bulletin, a joint effort of UAB, the University of Alabama, UAB Health System and the University of Alabama-Huntsville.

In fact, “control-alt-delete before your leave your seat” is a reminder for employees to lock their PCs when they leave their desks. Mac users can lock their screens by pressing control-shift-eject at the same time.

Among other rules for security:

• Do not treat your work computer like your home computer.

• Do not use social networking sites like Facebook without proper privacy settings.

• Do not download shareware or freeware — free software — from suspicious Web sites.

• Do not allow your browser to remember passwords to secure sites like online banking or PayPal.

For more security tips and to see past issues of the bulletin, click here.

Since most people have their cell phones just about permanently attached these days, it’s easy to forget that we need to keep them secure.

The February edition of the IT Risk Bulletin, a joint effort of UAB, the University of Alabama, UAB Health System and the University of Alabama-Huntsville, provides dos and don’ts for phone and mobile device security.

Dos

• Enable security access.

• ONLY give your number out to people you know and trust.

• Use caller ID to block names and numbers of individuals you do not want to contact you.

• Delete emails that contain confidential or internal use information from your phone.

Don’ts

• Do NOT store confidential information on the phone, such as PIN numbers and credit card numbers.

• Do NOT take pictures or videos of anyone with your phone, or allow them to be taken of you, without permission.

• Never reply to text messages from people you don’t know and avoid in-person meetings with someone you know only through text messaging.

For more dos and don'ts and to see past issues of the bulletin, click here.

An e-mail sent to UAB accounts with the subject line “Your Email Account” appears to be a phishing attempt designed to steal personal information. The body of the e-mail includes the words "Security info replacement."

UAB IT is taking steps to prevent the further dissemination of e-mails from this sender, but reminds UAB employees remain vigilant to potential phishing scams.


The email asks users to click a link and enter their account information. UAB IT will never ask for account information in an e-mail.

spam
To report suspected spam to AskIT, please follow the instructions here

Follow these additional tips to avoid being a phishing victim:

• Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.

• Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.

• Verify the address. Malicious Web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).

• Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.

• If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request. 

• Don’t open attachments. They may contain viruses or malware that can infect your computer.

• Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.

• Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555.  Hospital employees can call the HSIS Help Desk at 205-934-8888.




Logging onto a public WiFi network might be convenient, but it can also be dangerous. Learn tips to protect yourself in to the latest issue of the IT Risk Bulletin.

The January issue of the bulletin, a joint effort of the of UAB, the University of Alabama, UAB Health System and the University of Alabama-Huntsville, provides dos and don'ts for joining a WiFi network.

Among the tips:

Dos
  • Before joining a network, ask an employee the official name of the business' WiFi. Be sure you are connected to the right WiFi spot and not a rogue location.
  • Select a secure WiFi network that requries a password to connect. A secure connection is indicated by an icon that looks like a lock.
  • Stay up-to-date with your antivirus software, applications and your system's security patches, especially before traveling.

Don'ts
  • Do NOT conenct to an unknown WiFi network.
  • Do NOT pay bills, access bank accounts or make purchases over public WiFi.
  • In Windows 7, do NOT select anything other than Public Network when setting a network location. Public Network blocks file and print sharing and turns off network discovery. This can be disabled in Mac OS X.

For more dos and don'ts and to see past issues of the bulletin, click here.
UAB IT will host a special collection to allow the University community to destroy old CDs, floppy disks and other digital media.

University staff and faculty can drop off digital media at the AskIT office at Cudworth Hall (CEC225) by noon on Thursday, Jan. 22.

Shred-It will be on site to dispose of the materials in a secure manner, in accordance with the UAB Records Retention Policy and Destruction of University Records Procedures.

Shred-It will be on site to collect the items after noon on Jan. 22.