Cardholder privacy is important to the University of Alabama at Birmingham (UAB).  To better protect the privacy of cardholder data, UAB provides this privacy statement explaining the security and handling practices of cardholder data in the processing of payment card transactions.  This privacy statement shall be made available at any point where personally identifiable cardholder data may be requested by a UAB PCI Entity (merchant). 

This privacy statement applies to all cardholder data collected by or submitted to a UAB PCI Entity, or on a UAB-maintained website.  UAB PCI Entities and UAB websites will only collect personally identifiable information and cardholder data voluntarily provided by cardholders and customers, and will only use that information for the specific purposes for which it was provided.  UAB will keep this information strictly confidential, and will not disclose, sell, or lease the information to third parties unless required by law, or with the written permission of the cardholder. 

As with most websites used for payment card transaction services, UAB web servers collect web session data used to analyze site trends and gather broad demographic data.  UAB reserves the right to collect certain technical information of customers such as operating system, IP address, web browser software, and URL data through the use of cookies or other technology not linked to personally identifiable information or cardholder data. 

UAB-maintained websites may have links to other third party sites used for payment card transactions.  These third party sites may collect cardholder data and personally identifiable information through the use of forms or cookies, or from the customer's web browser.  Cardholders and customers are strongly encouraged to review the privacy policies of all third party websites outside the control of UAB for their procedures for collecting, utilizing, and disclosing cardholder data. 

UAB has made significant investment in security measures employed to protect cardholder data under its control.  Access to acquired cardholder data and personally identifiable information is limited to only those personnel for whom there is an established business need to access that data. 

For questions, comments, or concerns regarding this privacy statement, or UAB procedures for securely processing, storing, or transmitting cardholder data, please contact the AskIT Help Desk at (205) 996-5555.  UAB reserves the right to amend this privacy statement at any time, and will post this privacy statement and any updates at http://main.uab.edu/Sites/it/policies/payment-card-privacy/.

UAB & National Cybersecurity Awareness Month 2012

During National Cybersecurity Awareness Month this year, UAB IT is sponsoring a series of presentations on cybersecurity topics of interest.  Please join us for any or all of the four sessions throughout the month of October.  Our hope is that you gain a better understanding and awareness of cybersecurity as it pertains to UAB, our country and the world.

The following sessions are open to all faculty, staff and students at UAB, and their invited guests.  All will begin at noon, with the exception of October 31st, which will begin at 1 p.m.

Registration is currently available for all sessions.  Please bring your lunch; cookies and soft drinks will be provided at each session. 

Date

Time

Location

Topic

Presenter

October 3, 2012 Noon Center for Teaching & Learning (EB238, room 243) Cybersecurity Law and Current Issues Jim Phillips, AUSA (retired)
October 10, 2012 Noon Hill University Center Alumni Auditorium Countering the Cyber Threat with Intelligence Analytics John Grimes, J.D., Assistant Professor, UAB
October 24, 2012 Noon West Pavillion, room D To Be Announced To Be Announced
October 31, 2012 1 p.m. Cudworth Hall (CEC) Auditorium Tales from the FBI on Cybersecurity Todd Berryman, FBI Special Agent & Cybersecurity Squad Leader
Posted on 9/20/2012 10:50:00 AM
Published in Events

What is Outlook Web App Light?

Outlook Web App (OWA) Light is designed to aid those with low vision & to support web browsers that are not compatible with the Premium version.  There are fewer features in OWA Light.  These web browsers are listed by Microsoft as compatible with Outlook Web App Premium:

Windows XP & Later

  • Internet Explorer 7 & later
  • Firefox 3.0.1 & later
  • Chrome 3.0.195.27 & later

Mac OS X 10.5 & Later

  • Safari 3.1 & later
  • Firefox 3.0.1 & later

Linux

  • Firefox 3.0.1 & later

This is what OWA Light looks like:

OWA Looks Like

The easiest way to sign in to OWA Light is to check the box to “use the light version of Outlook Web App” when signing in to https://mail.ad.uab.edu

OWS Light login

If you find yourself using Outlook Web App Light, but wish to use Outlook Web Access Premium, there are 3 things to check:

  1. Are you using a compatible browser (as listed above)?
  2. Make sure the check box beside “Use the light version of Outlook Web App” is not checked when signing in. 
  3. Uncheck “Use the blind and low vision experience by performing the following steps:
    1.  While looking at your mailbox in OWA, click the “Options” button at the top.
    2. Click Accessibility on the left side
    3. Uncheck “Use the blind and low vision experience
    4. Click Save (just above the check mark)OWA Accessibility
    5. Click “Sign out” in the top right corner
    6. Sign back in to https://mail.ad.uab.edu
Published in FAQ - Infrastructure

My Exchange mailbox has been deleted - Can I get it back?

We can retrieve your mailbox data if you make a request from the AskIT Help Desk within 21 days of the deletion.  You can keep your e-mail address as long as you have it forwarded to an outside e-mail service like Gmail, Hotmail, or Yahoo. You can recreate your mailbox once you are an active student or employee at the university.  If you have additional questions, please call 996-5555 or go to www.uab.edu/askit, where you can chat with an online agent.

Published in FAQ - Infrastructure

Clients & Protocols

Popular Clients:

Outlook (MAPI, HTTPS), Outlook for MAC (EWS, POP3, IMAP), Mac Mail (EWS, IMAP, POP3), Outlook Web App (HTTPS), Windows Mail (POP3, IMAP), Mozilla Thunderbird (POP3, IMAP)

Supported Protocols:

Hypertext Transfer Protocol (HTTP) is the protocol used to display Web pages but it can also be used to read e-mail with Outlook Web App (OWA). The advantage to OWA is that you can read, send, etc. e-mail from any computer with an Internet connection and a modern Web browser capable of supporting a secure connection (SSL). The Web address for OWA is https://mail.ad.uab.edu.

For any troubleshooting concerning OWA, send an e-mail to the This email address is being protected from spambots. You need JavaScript enabled to view it. ">AskIT Help Desk or call them at 205-996-5555. Microsoft also offers many tutorials and guides on their Web site.

Post Office Protocol (POP3) can be used by almost any client including Windows Mail and Mozilla Thunderbird. The difference between IMAP and POP3 is that POP typically pulls your e-mail messages off the server and stores them locally on your hard drive. This is fine unless a problem arises with your hard-drive, which may cause you to lose all messages stored on your machine. Your POP3 client will need to be capable of providing secure authentication.

Messaging Application Programming Interface (MAPI) is used by the full version Outlook client in conjunction with an Exchange mail server. MAPI is very much like IMAP but provides extended features within Outlook. This is only available in Outlook on a machine running Windows. You choose this protocol by selecting Microsoft Exchange Server within the Outlook e-mail account configuration.

The Exchange Web Services (EWS) protocol serves as the critical link in enabling secure synchronization between Microsoft Exchange Server 2010 systems and Snow Leopard-powered Macs.

Internet Message Access Protocol (IMAP) is the most common way to configure the Outlook for MAC mail clients. The benefit of using this protocol is that your e-mail messages remain on the server. When configured this way, you do not lose any e-mail messages should a problem arise with your personal computer and have the option of using Outlook Web Access when you so desire. Your IMAP client will need to be capable of providing secure authentication

Published in FAQ - Infrastructure
September 19, 2012

Spamblocker

Spamblocker Features Summary

UAB's Spamblocker service protects all users of Central Exchange and all @uab.edu email addresses. The following is a brief summary of the features provided by this service. For more information, please refer to the Spamblocker User Instructions.

The Spamblocker service classifies messages as "Adult Spam," "Definite Spam," "Possible Spam," or "Not Spam".  All users are protected from spam on a default level preset by the Information Security department.  If users choose to do so, they can select one of the three other policy settings. The Aggressive policy automatically deletes "Adult Spam" and "Definite Spam", while "Possible Spam" is sent to quarantine and "Not Spam" is sent to the user's inbox.  The Cautious Plus (same as the Default policy) policy automatically deletes "Adult Spam", while "Definite Spam" and "Possible Spam" are sent to quarantine and "Not Spam is sent to the user's inbox.  The Cautious policy sends "Adult Spam", "Definite Spam" and "Possible Spam" to quarantine, while "Not Spam" is sent to the user's inbox.  User can choose to opt out altogether, allowing all messages of any classification to be sent to their inbox.  All policies and their affect on spam are summarized in the chart below:

 

Spam Results

Policy

Adult Spam

Definite Spam

Possible Spam

Not Spam

Default*

Discarded

Discarded

Quarantined

Inbox

Aggressive

Discarded

Discarded

Quarantined

Inbox

Cautious Plus

Discarded

Quarantined

Quarantined

Inbox

Cautious

Quarantined

Quarantined

Quarantined

Inbox

None

Inbox

Inbox

Inbox

Inbox

*The "Default" policy is equivalent to the "Agressive" policy.

The following is a list of new spam blocking features, and a brief description:

Digest Email - Users will receive a daily email digest listing all emails being held in Quarantine from the previous day.  It will appear in their inbox from the address 'This email address is being protected from spambots. You need JavaScript enabled to view it. '.  If ignored, quarantined messages will be automatically deleted after 7 days.  *Note:  If the user does not wish to receive the digest daily, there is an option to turn off this feature.  The following actions can be taken from the digest email:

  • View a message that is sent to Quarantine.  The user will be prompted to log into the Spamblocker program prior to viewing the message.
  • Release a message from Quarantine and send to the user's inbox.
  • Safelist a message if a user chooses to add a sender to the Safe Senders List.  The system will then recognize the address as safe and forward any future emails from this address to the user's inbox.
  • Not Spam allows the system to recognize that the message is legitimate, and comparable messages sent in the future should not be marked as spam.
  • Request a New End User Digest allows users to receive an updated copy of their digest.
  • Request a Safe/Blocked Senders List allows users to receive a message listing email addresses and domains that are in their Safe Senders List and Blocked Senders List.
  • Manage My Account takes the user to the Spamblocker login screen where they can log in to manage their lists, profile and quarantine.

Lists - From this section, users can view and manage their Safe Senders List and Blocked Senders List.  Lists give the user the additional functionality of managing email from specific email addresses.  To view either of the lists, click the link in the left side navigation bar on the User Account screen.  From both the Safe Senders List and Blocked Senders List, the user can take the following actions:

  • Logout - Logs users out of their Spamblocker account.
  • New - Allows users to enter an address to be added to a list.
  • Edit - Allows users to edit a selected sender's email address.
  • Delete - Allows users to delete the selected email addresses from a list.
  • Lists - Helpful functions that allow users to Select All of the email addresses, Unselect All of the email address, Request Digest be emailed to them or Refresh the Quarantine list view.

Profiles (Spam Blocking Policies) - From this section, users can edit their Settings and Account.  To view either of these, click the link in the left side navigation bar on the User Account screen. 

  • Settings allows users to change functions in Spamblocker that will effect what email is blocked and the receipt of a daily digest.  *Note:  Users only need to take action if they wish to change their default settings.  Users may perform the following functions:
  1. Send digest with new messages in my Spamblocker - End User Digest - The default setting is that users will receive an End User Digest daily each morning.  If the user does not wish to receive the digest, they should deselect this option and select Save to finalize.
  2. Send digest even when I have no messges in my Spamblocker - End User Digest - By default, users will not receive an End User Digest if no emails have been classified as spam during the previous day.  If the user wishes to receive a digest even though there are no new spam emails, they should choose this option and select Save to finalize.
  3. Preferred Language - The default language is English.  If the user wants to change the language, they should choose the appropriate language and select Save to finalize.
  4. What type of spam detection do you want?  Please select a policy from the list below. - Users are initially set to the Default policy.  Users do have the option to switch policies.  If users change the current policy, they must select Save to finalize.
  • Account allows users to see which of their email aliases are being protected by Spamblocker.  If you have an account that is not listed, please contact AskIT by email, or phone at 205-996-5555.  The user may perform the following functions: 
  1. Logout - Logs users out of their Spamblocker account.
  2. Lists - Helpful functions that allow users to Request Digest be emailed to them, or Refresh the displayed list.

To make changes to your new SpamBlocker profile, please go to https://spamblocker.ad.uab.edu:10020/.

Please feel free to contact us with any questions through our help desk, This email address is being protected from spambots. You need JavaScript enabled to view it. ">AskIT, by email or phone at 205-996-5555.

What types of files are blocked by the UAB email system?

Blocked Extensions

Below is a list of blocked file extensions.  Please note that any compressed file (such as .zip or .rar) containing files with blocked extensions will be blocked.  If you need to send a file with one of these extensions, please use the UAB Drop Box.

*.001

*.002

*.386

*.3GR

*.acm

*.adt

*.app

*.arc

*.arj

*.art

*.asd

*.asp

*.ax?

*.bat

*.bin

*.bo?

*.cab

*.cbt

*.chm

*.cla

*.cmd

*.cnv

*.com

*.cpl

*.cpt

*.csc

*.d?b

*.dev

*.dif

*.dl?

*.drv

*.exe

*.fo?

*.gms

*.gz?

*.hlp

*.ice

*.im?

*.inf

*.ini

*.job

*.js?

*.lib

*.lzh

*.mb?

*.mod

*.mpd

*.mpt

*.mrc

*.ms?

*.msg

*.mso

*.obd

*.obj

*.obt

*.ocx

*.olb

*.ole

*.otm

*.ov?

*.pci

*.pdr

*.pif

*.prc

*.qlb

*.rar

*.reg

*.scr

*.shb

*.shs

*.sis

*.smm

*.sys

*.tdo

*.tlb

*.tsp

*.vbe

*.vbs

*.vbx

*.vwp

*.vxd

*.wbk

*.wiz

*.wpc

*.ws?

*.xlb

*.xsl

*.xtp

Published in FAQ - Infrastructure

Why does the login page want to know if I'm on a public or private computer?

The network wants to know if someone could access your email account (and any personal information located there) and the security measures it needs to take to protect it. In OWA 2010, your information will be stored in a cookie, not in the browser. This means that your login information will be cleared when you log out of OWA - there is no "Remember my password" option.

Secondly, your session will expire (and you will have to login again) if the account is inactive for a period of time. If you are on a public or shared computer, timeout occurs after fifteen minutes of inactivity. You will have more time on your private computer. When timeout does occur, the page will remain the same until you try to perform another action. At this point, you will be prompted to log on again.

These measures help to protect your privacy, but they are not a replacement for the personal security measures you should already be taking:

  1. Never walk away from a public computer without logging off completely.
  2. Always log off of OWA and close the browser before you move on to a website that might not be secure. In OWA 2010, the Log Off button is located in Navigation pane, on the right-hand side. You will be prompted to close the browser window.
  3. Never disclose your password to anyone. With your BlazerID and password, they will have access more than just your email.
  4. The Internet Privacy setting ( Tools>Internet Options>Privacy ) should be at Medium or higher.

Even if you are on your personal computer, think of everyone who could have access to it (colleagues and roommates included).

Published in FAQ - Infrastructure