ScamAlertUAB students continue to be targets of phone scammers who impersonate law enforcement officers or IRS representatives.

Students at universities across the country have been targets of similar scams, in which malicious callers make threats about alleged debt. Although the phone scammers often know personal details about students -- such as their majors -- students should know there has been NO breach of protected information at UAB. Such information is often publicly available in student directories or social media.

 According to UAB IT’s Information Security division, students need to know:
  • No law enforcement body will call them and threaten to arrest them over the phone.
  • The attackers can spoof a police station phone number or a government number so the call will look like it is coming from such an office.
  • UAB has not suffered a breach that resulted in this scam.

More information about IRS scams is available here.

Tips:
  • Do NOT provide Social Security numbers, birth dates or any other personal information.
  • Ask to call the “officer” or "IRS representative" back, take down their number and call the number back.
  • Ask them to meet you at the police station in question, if they claim to be from a police department.
  • When in doubt, hang up and call the UAB Police Department at 205-934-4434.
A new phishing email purporting to be from AskIT is targeting UAB faculty, staff and students as well as UAB Medical Center staff. 

UAB IT and HSIS are taking steps to block this phishing attempt, but students, faculty and staff should be on alert.

The email has forged the "from" address as AskIT. A sample of the latest phishing email is below.

Phishingattempt askit

Phishingattempt askitIf you receive an email with a hidden link like “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads.

Look at the URL of the website you are visiting. 

You should only enter your UAB credentials at UAB .edu web sites.

To report suspected spam to AskIT, please follow the instructions 
here.

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
The UAB IT organization is being restructured into three divisions as part of CIO Curt Carver's plan to transform UAB IT into a world-class organization. Search committees have been formed and recruitment is ongoing for three key leadership positions:

  • Chief Information Security Officer 
  • Chief Technology Officer
  • Deputy Chief Information Officer
More information about these positions can be found on the UAB Executive Search web site.
computerVirus
UAB IT has new recommendations for antivirus software for both home use by faculty, staff and students and for campus users.

Microsoft Forefront is no longer supported by Microsoft, which means there will be no new updates to guard against new viruses.

UAB IT recommends that faculty, staff and students use Microsoft Security Essentials on their home machines that have Windows 7 and Vista. Machines using Windows 8 or higher have Windows Defender built in.

Mac users should continue to use Sophos anti-virus, which faculty, staff and students can download for free through UAB IT.

Learn more about antivirus software here.
Microsoft is scheduled to release Windows 10 on July 29, 2015. Many UAB employees will want to upgrade to the new version, or will be receiving new systems with Windows 10 already installed.

While Windows 10 will add many new features, Windows 10 does not work with many applications at UAB. Most software developers have not released compatibility updates or new versions of their software for Windows 10, and many software incompatibilities are expected.

UAB IT recommendations and guidance:
Because of these issues, UAB IT recommends that Windows 10 not be installed at this time. If Windows 10 is required and is used on a touch-enabled device, UAB IT recommends you use Windows 8 "classic view."
  • UAB IT will offer only limited support for Windows 10.
  • New systems that are ordered from Dell may included Windows 10 by default in the near future, but departments/schools should consider re-imaging those decices using an approved Windows 7 image prior to deployment.
  • Upgrade support for special business cases and exceptions will be evaluated as needed.
  • Windows 7 should remain the primary operating system on university-owned computers until the issues with Windows 10 are resolved.
  • We foresee retiring Windows 7 within three years and moving to Windows 10 as the primary operating system on university-owned computers.

Compatibility Review

Results of our compatibility review of Windows 10 and UAB IT services.

Service Compatible with UAB IT services? Notes
Adobe Creative Suite No All Adobe Creative Suite products are not currently compatible with Windows 10. During installation, the applications stalls and must be ended manually.
Internet Explorer 11 Yes Internet Explorer (IE) 11 is one of two browsers available on Windows 10. The other is the new Edge browser.
Microsoft Office 2013 Yes No published issues.
Banner No Possible use of IE 11 in enterprise mode — no guidance from Banner or Microsoft.
Oracle No On Microsoft compatibility list. This does not include any UAB applications in the Oracle system.
Software Center (SCCM) No Software Center and other software management tools do not successfully install on Windows 10. (They will be available on the next update from Microsoft.)

UAB IT will continue to test the subsequent releases of Windows 10 with the various services and most frequently used software titles. Once we have confirmed that Windows 10 is compatible with most, if not all, services and software that the product is ready for mainstream distribution, this section will be updated with information on how to obtain the new operating system.

If your school or department IT professionals are interested and available to participate in any evaluation and testing related to Windows 10, please contact Sterling Griffin.

Anticipated hardware requirements
Recommended minimum hardware requirements for Windows 10:
  • Processor: 1.5 Ghz (gigahertz) dual core or better
  • RAM: 8 GB (gigabytes) or more
  • Free hard disk space: 30 GB or more
  • Graphics card: Microsoft Direct X 9 graphics deveice with WDDM driver or better
Adobe FormsCentral is retiring July 28, but UAB IT can help in the transition. UAB IT offers Adobe Acrobat for download at a discount.

After July 28, users of Adobe FormsCentral will no longer be able to create new forms or collect responses using FormsCentral. Adobe recommends that users immediately export responses to a file type of your choice — and convert your FormsCentral forms to PDFs, if desired. You will NOT be able to do so once FormsCentral expires.

Adobe Acrobat can be used to collect form data automatically and compile it in a table format. Data can be exported to a spreadsheet for further analysis or to create charts for summary reports.

Adobe Acrobat is offered through UAB IT. Learn more here.

To learn more about the retirement of Adobe FormsCentral, please read the Forms Central FAQ or Adobe Forums.
Microsoft on Monday released a critical patch outside of its normal patching cycle. 

The update fixes a vulnerability in Windows that could allow an attacker to execute code on a system if they can convince the user to open a specially crafted document, or have them visit an untrusted webpage that contains embedded OpenType fonts. 

The update, which requires a system reboot, was released to all UAB IT Desktop-supported machines at 4 p.m. Monday. Users have 72 hours to let the patch install and reboot the system. Users should get a notification bubble pop up at the system tray. After 72 hours, if a user has not allowed the patch to install, it will install automatically and the system will be forced to reboot.

UAB IT urges users to find an opportune time to let the patch install and allow the reboot occur to help protect UAB systems and information.
Excellence, service, security and shared governance are among the hallmarks of a new set of strategic imperatives UAB IT is committed to meeting, Vice President for Information Technology and CIO Curt Carver said.

The strategic imperatives enhance Carver’s vision for UAB IT.

“My vision for UAB IT is a world-class IT organization that effectively balances cost efficiency, agility and innovation,” he said. “Our relationships with our customers, business partners and vendors are long-term relationships that allow us to move at the speed of trust. This vision does not depend on one person but instead on a dedicated team where everyone is an agent of innovation and aligned to support the University of Alabama at Birmingham.”

The department’s strategic imperatives include:
  • Create a secure computing environment for all UAB members through appropriate policy, training and technology.
  • Build an IT shared governance structure with particular focus on partnership with the Health System.
  • Create a world-class IT organization so that if our customers could choose any provider, they would choose UAB IT.
  • Generate business value though reduced costs, process innovation or revenue generation.
  • Innovate UAB through partnerships with institutional business owners, with a focus on academic and research operations.
  • Foster an institutional data-driven decision-making culture that allows UAB to make informed and optimal decisions.
  • Enhance the community of information technology excellence for the economic, social and cultural benefit of Birmingham and beyond. 
At the same time, UAB IT is striving to be more transparent in its interaction with UAB customers and IT professionals across campus. The SPARK initiative invites faculty, staff and students to share their technology ideas and vote on the ideas of others. The reThink Project will change how UAB IT interacts with its customers, and IT professionals in other departments and schools will be invited to participate in the project. And the UAB IT Financial Transparency and Accountability Project will give IT customers a better understanding of their IT costs.
UAB IT is actively working to migrate servers across campus that are using Microsoft Windows Server 2003, which will reach end of life after July 14, 2015, meaning it will be unsupported by Microsoft.

Servers that are not migrated could cause problems with compliance and compatibility as well as increase costs for maintaining aging hardware.

To facilitate this transition, the UAB Enterprise Information Security Office (EISO) is actively working with Windows Server 2003 system owners to ensure a plan is in-place and actively being worked to migrate or retire affected systems.

If your department has affected servers, you should hear from UAB IT staff soon. If you have questions or concerns, call (205) 975-0842 or email datasecurity@uab.edu.

You can request an exception by filling out the Exception Request Form and submitting to AskIT.
UAB IT took advantage of an unexpected service interruption earlier this month to upgrade the servers that support several campus systems, including eLAS and LMS.

This upgrade improved system performance and strengthened security.

These technical changes did result in a new URL for several services, so users may need to update their bookmarks. Affected systems included eLAS (the Electronic Leave Accrual System for monthly employees); the LMS (the learning system for faculty and staff); Sponsored Access to Accounting Systems (SASS); Benevolent Fund; and State Transparency (UAB Expenditure Transactions).

UAB IT recommends that users bookmark the Administrative Systems page to ensure seamless log in to key systems and to receive alerts and messages.

UAB systems including eLAS and the LMS are back online. 

Systems that were affected by the outage included: the Electronic Leave Accrual System (eLAS), the web application in which monthly employees track time off; the faculty and staff Learning System (LMS); Sponsored Access; STREP; Benevolent Fund; and Temp Services.

Users with bookmarks to those apps will need to update those bookmarks on their browsers. Applications can be accessed from the UAB IT home page or the Administrative Systems page.
A wave of phishing e-mails using false messages about mailbox size has hit UAB, mainly targeting student accounts in an attempt to steal personal information.

The emails warn that recipients’ mailboxes are “almost full” or have reached “90% of your quote,” and urge recipients to click a link to re-validate their mailboxes. UAB will never direct users to a non-UAB web site for anything regarding email or concerning your password.
Phish1Phish2
UAB IT is taking steps to block this phishing attempt, but students, faculty and staff should be on alert.

If you receive an email with a hidden link like “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads.

Look at the URL of the website you are visiting. In the case of this phish you are being redirected to www.didrihsons  .lv/wp-content/wps4/  and not uab.edu.

You should only enter your UAB credentials at UAB .edu web sites.

To report suspected spam to AskIT, please follow the instructions here

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
UAB IT wants to crowdsource innovation.

SPARK, a new platform through which UAB faculty, staff and students can submit ideas about technology and vote on the ideas of others, launches this week. The platform, accessed via BlazerID, will allow the UAB community to propose new bold technology projects, as well as suggest efficiencies, enhancements or improvements in existing projects.

“Our intent is to create a voice for you,” said Dr. Curt Carver, UAB chief information officer and vice president of information technology. “We’re looking for 100 IT ‘wins’ over the next year, and we want to leverage the ideas of the UAB community to make our University stronger. This is an opportunity for you to share your ideas, and for us to align those ideas with the needs of a world-class organization.”

Here’s how the new platform works: When you log in to the SPARK site with your BlazerID, you can explore the ideas already submitted and vote on whether you think they are needed for UAB, or you can submit your own idea for one of four campaigns: cost savings and efficiency, existing service enhancements, bold new ideas or revenue generation.

Ideas can be large or small, and those that attract the most support are more likely to be adopted.

To learn more about SPARK and watch a brief video about it, click here.

To enter the SPARK site and submit an idea or vote on others, click here.
Some UAB students have been targets of a phone scam in which malicious callers make threats about alleged debt, similar to scams seen at universities across the country.

According to UAB IT’s Information Security division, students need to know:

  • No law enforcement body will call them and threaten to arrest them over the phone.
  • The attackers can spoof the police station phone number so the call will look like it is coming from the police station.
  • UAB has not suffered a breach that resulted in this scam.

Tips:

  • Ask to call the “officer” back, take down their number and call the number back.
  • Ask them to meet you at the police station in question.
  • When in doubt, hang up and call the UAB Police Department at 205-934-4434.
  • Do NOT provide Social Security numbers, birth dates or any other personal information.
kurt carver webCurtis A. Carver Jr., Ph.D., has been named the next vice president of Information Technology/chief information officer of the University of Alabama at Birmingham. Carver comes to UAB from the Board of Regents of the University System of Georgia, where he served as vice chancellor and chief information officer.

In his new role, Carver will serve as the senior IT leader at UAB, provide the strategic management and vision to guide the future direction of IT in support of the administrative, academic and research missions of UAB, and oversee the central IT organization in collaboration with the Health System Information Systems unit.

The VP IT/CIO reports directly to UAB President Ray L. Watts.

“Dr. Carver has a terrific background and reputation, and we are thrilled that he will be joining UAB,” Watts said. “This position is vitally important because IT touches all areas of the institution, and I want to thank the search committee that worked diligently to lead a national search and identify fantastic candidates. Dr. Carver is a great fit for UAB.”

Carver, who will lead development of a transparent, high-performing central IT organization with a culture of providing first-rate customer service and implementing reliable, state-of-the art technologies, is looking forward to moving to his transition.

Click here to learn more about Carver.
OpenSSL released a security advisory bulletin on Thursday, March 19, detailing multiple high and moderate severity vulnerabilities in the secure sockets layer library used in Linux and Unix based systems.

The security vulnerabilities have been addressed in the most recent version of OpenSSL and should be available from the standard update channels for Linux distributions at this time. UAB IT encourages all Linux and Unix systems administrators take steps to update their systems during their planned update windows in upcoming weeks. 

More information is available at:

https://openssl.org/  and

http://www.cyberciti.biz/faq/howto-openssl-security-update-cve20150291-cve20150204-cve20150290-cve20150207-cve20150286/
Locking your computer when you leave your desk is just one of the ways to help keep your data secure, according to the March issue of the IT Risk Bulletin, a joint effort of UAB, the University of Alabama, UAB Health System and the University of Alabama-Huntsville.

In fact, “control-alt-delete before your leave your seat” is a reminder for employees to lock their PCs when they leave their desks. Mac users can lock their screens by pressing control-shift-eject at the same time.

Among other rules for security:

• Do not treat your work computer like your home computer.

• Do not use social networking sites like Facebook without proper privacy settings.

• Do not download shareware or freeware — free software — from suspicious Web sites.

• Do not allow your browser to remember passwords to secure sites like online banking or PayPal.

For more security tips and to see past issues of the bulletin, click here.

Since most people have their cell phones just about permanently attached these days, it’s easy to forget that we need to keep them secure.

The February edition of the IT Risk Bulletin, a joint effort of UAB, the University of Alabama, UAB Health System and the University of Alabama-Huntsville, provides dos and don’ts for phone and mobile device security.

Dos

• Enable security access.

• ONLY give your number out to people you know and trust.

• Use caller ID to block names and numbers of individuals you do not want to contact you.

• Delete emails that contain confidential or internal use information from your phone.

Don’ts

• Do NOT store confidential information on the phone, such as PIN numbers and credit card numbers.

• Do NOT take pictures or videos of anyone with your phone, or allow them to be taken of you, without permission.

• Never reply to text messages from people you don’t know and avoid in-person meetings with someone you know only through text messaging.

For more dos and don'ts and to see past issues of the bulletin, click here.

Work to repair telephone cables damaged during installation of a manhole last week is complete.

The damage caused an interruption of service to the Burleson Building and Building 912.

Crews worked after hours over the weekend to repair the damage.
Interested in a subscription to Adobe Creative Cloud software but need some lessons in how best to use the applications?

Adobe Creative Cloud subscriptions are available at a discounted rate through UAB IT. UAB’s Organizational Learning and Development office is offering several classes beginning this month to teach everything from the basics to more advanced techniques in Adobe Photoshop, InDesign, Illustrator and Acrobat.

The Adobe Creative Cloud course descriptions can be found in the Computer Skills Course Catalog. Just click on the “Adobe Creative Cloud Classes” link in the Table of Contents.

The training will give users a chance to learn about existing features and new ways to use them, as well as learn about new features now available in Creative Cloud.

“This is a new, more comprehensive curriculum to match the software for new and experienced users alike,” said Michael Maner, manager of computer skills training for UAB Organizational Learning and Development.

To find the class schedule, search for “Adobe” in the online class schedule.

The courses are free for all UAB employees and UAB affiliates, who can sign up for courses through the Faculty and Staff Learning System.

Courses currently available include:

• What You Need to Know to Get Started with Adobe Photoshop CC; Beyond the Basics in Adobe Photoshop CC; Create Professional Layouts with Adobe InDesign CC; Creating Visually Compelling and Flexible Graphics Using Adobe Illustrator CC; and Create and Modify PDF Documents in Adobe Acrobat XI.

Classes available in the near future are Adobe InDesign CC Advanced Layout Techniques and Beyond the Basics in Adobe Illustrator CC.

Courses are for UAB employees only.