Three months after introducing a stronger WiFi network to campus, UAB IT is reminding users that the WiFi network named "uabwifi_nac" will be discontinued on Dec. 15.

Users whose devices are still logged into uabwifi_nac will need to configure their devices one of two new WiFi networks, UABStartHere or UABSecure.

For users with a BlazerID and password, UABSecure is the preferred network because it provides encryption for sensitive data. UABStartHere is a completely open network, which means it provides no encryption and users will not need to enter a WEP key as they have in the past.

WiFi users who want to connect to UAB’s WiFi network can begin by choosing the UABStartHere network from their device. Upon opening a web browser, users are  automatically directed to a Web site where they can choose whether to configure their device for the UABSecure network, log on to the UABStartHere network or to register as a guest user.

Guests on campus are no longer be required to get sponsor access to use the campus WiFi network. They can simply log on to UABStartHere using a valid e-mail address to get 24 hours of access to the WiFi network.

Unencrypted, sensitive data should NOT be transmitted through the UABStartHere network unless protected by other means, such as a virtual private network (VPN) session. 

If your WiFi device can support the UABSecure network, we highly suggest taking the time to walk through configuring your device using QuickConnect. Click here for instructions.
toysfortotsUAB's 21st annual Toy Drive, benefitting Toys for Tots, is under way.

UAB IT will again organize the drive, with the department's own Eric Thompson leading the effort for the second year.

Boxes for toy donations will be located at 19 buildings across campus. UAB is the largest contributor to the local Toys for Tots effort.

New, unwrapped toys are needed for the toy drive, Thompson said, who is in his fourth year of being involved in the effort.

"I enjoy being able to offer Christmas for children who wouldn't otherwise be able to have Christmas," Thompson said.

Toys will be picked up the morning of Friday, Dec. 5.
UAB IT is aware of a critical vulnerability — called “POODLE” — on Web browsers and is taking steps to ensure that all enterprise systems and applications have been protected from this vulnerability.

Security researchers have identified POODLE — “Padding Oracle on Downgrade Legacy Encryption” — in an old but still commonly used version of SSL, the technology used to encrypt HTTP and other web traffic. Any server that supports SSL version 3 (SSLv3) can be exploited so that an attacker can decrypt secure sessions, potentially revealing passwords and other private information.

Web browsers will be updating their technology over the next few weeks to automatically disable SSLv3 on the client (browser) side, eliminating the POODLE vulnerability. If you utilize an older computer, please ensure that you have updated modern web browser such as Firefox 33, Chrome 38, Safari 7, Internet Explorer 10 or 11. There are platform-specific settings available for most browsers to disable SSLv3 at runtime for those who do not want to wait. Most users can simply ensure they get automatic browser updates and wait for the official update.

The safest and simplest solution is to disable SSLv3 support on all software, and instead use more recent versions of SSL: TLS version 1, 1.1, or 1.2. (Confusingly, more recent versions of SSL use the name TLS, for Transport Layer Security, rather than SSL, and the numbering scheme was reset to 1. So SSLv3 is older than TLSv1. TLS version 1.2 is the most recent version of SSL/TLS.)

Server administrators should take immediate action to disable SSLv3. Simply enabling other versions and leaving SSLv3 enabled is insufficient, as protocol downgrade attacks are possible. Disabling SSLv3 on a server may create compatibility problems for ancient client software — most notably, Internet Explorer 6 will be blocked from using SSL. Protocol configuration is platform-specific, so please refer to your official documentation for instructions. Some unofficial guides and methods of checking your server are available in in the references below.

Web clients other than browsers, such as web services, may need reconfiguration to communicate over TLS. Administrators and developers responsible for non-browser clients should check their official documentation. 

In an effort to emphasize the risks of using cloud services to store University data, UAB IT is releasing interim guidance on the use of cloud services for the UAB campus.

The guidance is for members of the UAB campus community who wish to use cloud applications and services available on the Web, including file storage, Web conferencing and content hosting.

While recognizing that cloud services can fill a need in certain areas, UAB IT reminds all UAB employees to use appropriate due diligence when entering into agreements, especially with cloud providers. UAB employees should not store sensitive/restricted information in a cloud service without University-approved agreements in place.

UAB employees cannot subscribe to cloud services to store sensitive or classified data (see UAB Data Protection and Security Policy for what UAB defines as sensitive data) without an appropriate agreement directly with UAB — and employees cannot be reimbursed for such cloud subscriptions without an affirming statement that the data stored is not sensitive.

“We want to make people aware of how risky it is to use such sites for sensitive data,” said David Yother, director of enterprise technology services for UAB IT. “The safest method is to keep it here at UAB, unless a specific business reason exists and appropriate management approvals have been received.”

Over the coming months, additional information will be released, including guidelines for specific cloud services.

More information about the cloud guidance can be found here.

UAB Hospital employees should refer to guidance from HSIS with regard to using cloud services.



Page 2 of 5