We believe that the possibility of a data breach or compromise is very low at this time however we recommend that all users take additional steps from an abundance of caution perspective. Those steps include 1) if you have access as an administrator to a system change your password(s) after you have verified that the vendor supporting your system has patched it appropriately, 2) increase your effort to mitigate those vulnerable systems identified on the weekly Nessus vulnerability report available at https://silo.dpo.uab.edu/vulnreport (if you need assistance please call Information Security at 205-975-0482), 3) please ensure that all systems that use SSL encryption services are fully patched, then restart the service on that system, 4) replace all SSL certificates on those systems with one provide free of charge from UAB IT from www.uab.edu/uabcrt (certificates from UAB are vetted, patched and kept up to date), 5) change all privileged account passwords immediately after vendor patches have been applied, and 6) be aware that many network devices and printers have embedded SSL based encrypted web based access portals which should be updated with vendor patches to mitigate this vulnerability.
We also recommend that all users with privileged access change their BlazerID passwords immediately as a precaution to mitigate any possible exfiltration of sensitive data by the OpenSSL vulnerability. And we also recommend that users change their personal passwords which they may use to access personal non-UAB web sites such as on-line banking and others to assist in reducing the possibility of becoming a cybercrime victim.
If you need additional assistance, please call AskIT at (205) 996-5555.
Individuals wishing to donate toys should place them in the designated collection boxes or bring them to the UAB Administration Building lobby by noon on December 10th. Toy collection boxes are located in buildings throughout campus, including the Administration Building, Campbell Hall, CH19, Cudworth Hall, FAB, Kaul Building, Heritage Hall, Hoehn, Lister Hill Library, School of Nursing, and the UAB Police Department just to name a few. Sterne Library is also participating again this year, and library fines not exceeding $25 will be waived when you bring in the overdue books and a new, unwrapped toy (applied to current overdue books and fines only).
For more information about the 20th annual UAB Holiday Toy Drive, contact Eric Thompson at 975-0250 or firstname.lastname@example.org.
About the scam:
Support Desk Scams are perpetrated through a phone call. Typically, the scammer will have a thick foreign accent and claim to be from some company’s (e.g. Microsoft, Apple) Support Services in the Technical Department. The scammer will tell you something along the lines of “Your computer is seriously infected and has been causing a lot of trouble on the internet” or that “Your machine is at serious risk for infection”. Some scammers even offer you the opportunity to verify their ID by typing a specific command into your computer but this is not a legitimate method of verification. Once the scam caller feels they have your trust, they will ask you to take one of the following actions:
- visit a website that will allow them complete access to your machine
- download something they claim will help but is actually a virus
- purchase an item that will protect your machine but will do more harm than good and require you provide them will personal information.
What you should look for and know:
- Microsoft will never call you and say you’re machine is at risk/compromised or that you have been causing problems on the internet.
- Always ask for a call back number and say you’ll call them back. Google the phone number they give you. It is likely someone else has posted complaints about scammer online.
- Never purchase and/or download something blindly from the internet based on the suggestion of an untrusted source.
- Never give anyone access to your machine that you do not know and explicitly trust.
Remember, it is very simple to avoid being a victim by using caution. If you ever have legitimacy concerns about a phone call or an email, contact UAB AskIT @ AskIT@uab.edu or 205-996-5555.
Connecting an Android device to UABSecure
Qualtrics Research Suite (Surveys)
|UAB has an agreement in place with Qualtrics that provides a survey tool to the UAB campus community at a discounted price to what is available to individual users and schools direclty from Qualtrics. School-level subscriptions include faculty, staff, and students. All other subscription levels include only employees (faculty/staff). The licensing is for campus only and does not include the UAB Hospital. If your school or department previously had a subscription directly with Qualtrics, those subscriptions are now included under the discounted campus agreement. Contact AskIT for information on migrating your surveys to the new subscription.|
Computer systems running vendor-unsupported or end-of-life operating systems are potential security threats to the UAB campus network. Vendors do not provide security patches for unsupported systems, and these unpatched systems can be exploited by attackers. Such exploitations can result in disrupted experiments, corrupted research data and/or completely compromised systems. UABIT reserves the right to disconnect these computers from the campus network to mitigate this data breach risk (see UAB’s Acceptable Use of Computer and Network Resources policy). UAB system administrators are responsible for maintaining the security of all information systems, per the campus Data Protection and Security Policy, which includes updating applications and operating systems.
Any operating system prior to Windows Vista, Server 2008, and Mac OS X 10.8 should be considered unsupported.
The information in this guidance statement applies to all constituents internal to UAB.
We recommend that systems running legacy, unsupported operating systems should not be used. They should be disconnected from the network because of the significant security risk to the university’s network and environment. If the device is critical and cannot be turned off or disconnected, the device should be physically isolated from the university network. If disconnection and/or isolation are not possible, then an exemption and risk acceptance form will need to be completed, signed by the appropriate dean or vice president, and filed with Enterprise Information Security.
Unsupported legacy operating systems:
Windows XP as of April 2014
Windows 2000 server
Windows Server 2003 as of July 2015
Mac OS X Family
Mac OS X 10.7 (Lion)
Mac OS X 10.6 (Snow Leopard)
OS X 10.5 (Leopard)
OS X 10.4 (Tiger)
OS X 10.3 (Panther)
OS X 10.2 (Jaguar)
Mac OS 9.x
Ubuntu 11.04 and Prior
Ubuntu 10.04.4 LTS and Prior
Debian 5.0 (lenny)
Debian 4.0 (etch)
Debian 3.1 (sarge)
Debian 3.0 (woody) and Prior
Red Hat Enterprise Linux 6.5 after Nov. 30, 2015
Red Hat Enterprise Linux 6.4 and Prior
Red Hat Enterprise Linux 5.9 and Prior
Red Hat Enterprise Linux 4.7 and Prior
Oracle Linux 4.4 and Prior
Other Unix OS
AIX prior to 6.1
Solaris prior to 9 (SunOS 5.9)
FreeBSD 8.4 and Prior (as of Aug. 1, 2015)
Questions can be directed to email@example.com or, by calling (205) 975-0842.