An e-mail sent to UAB accounts with the subject line “Your Email Account” appears to be a phishing attempt designed to steal personal information. The body of the e-mail includes the words "Security info replacement."

UAB IT is taking steps to prevent the further dissemination of e-mails from this sender, but reminds UAB employees remain vigilant to potential phishing scams.


The email asks users to click a link and enter their account information. UAB IT will never ask for account information in an e-mail.

spam
To report suspected spam to AskIT, please follow the instructions here

Follow these additional tips to avoid being a phishing victim:

• Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.

• Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.

• Verify the address. Malicious Web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).

• Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.

• If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request. 

• Don’t open attachments. They may contain viruses or malware that can infect your computer.

• Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.

• Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555.  Hospital employees can call the HSIS Help Desk at 205-934-8888.




Logging onto a public WiFi network might be convenient, but it can also be dangerous. Learn tips to protect yourself in to the latest issue of the IT Risk Bulletin.

The January issue of the bulletin, a joint effort of the of UAB, the University of Alabama, UAB Health System and the University of Alabama-Huntsville, provides dos and don'ts for joining a WiFi network.

Among the tips:

Dos
  • Before joining a network, ask an employee the official name of the business' WiFi. Be sure you are connected to the right WiFi spot and not a rogue location.
  • Select a secure WiFi network that requries a password to connect. A secure connection is indicated by an icon that looks like a lock.
  • Stay up-to-date with your antivirus software, applications and your system's security patches, especially before traveling.

Don'ts
  • Do NOT conenct to an unknown WiFi network.
  • Do NOT pay bills, access bank accounts or make purchases over public WiFi.
  • In Windows 7, do NOT select anything other than Public Network when setting a network location. Public Network blocks file and print sharing and turns off network discovery. This can be disabled in Mac OS X.

For more dos and don'ts and to see past issues of the bulletin, click here.
With students back on campus after a long winter break, here’s a reminder about the various services UAB IT offers.

For more information about how to get started with services, visit the Student Quicklinks and Contacts page.

BlazerID and Password

If you need to change your BlazerID password, you can visit BlazerID Central at uab.edu/blazerid. Student passwords expire after 180 days, but you will receive multiple advance notifications of a pending password expiration date. Sign up for the Identity feature at BlazerID Central so that you can reset an expired password yourself.

BlazerNet

Using your BlazerID and password, log into BlazerNet, UAB's student portal, uab.edu/blazernet. From there you will be able to link to class registration, grades, financial aid and other academic resources.

Help Desk

For support with all things IT contact AskIT, UAB's IT help desk. Many self-help articles and FAQs are available on the AskIT Web site. To access the FAQs, open a ticket or chat with an agent visit uab.edu/askit,or call AskIT at 205-996-5555Hours of operation vary and are posted on the Web site.

Wireless Networks

Stay connected on campus by accessing the UAB WiFi network using your BlazerID and password: uab.edu/it/wireless. Dorm WiFi access is maintained by Apogee ResNet, not UAB IT. For information about how to contact Apogee, click here.

mathematicaUAB students, faculty and staff now have access to Mathematica, a desktop and cloud-based software system based on symbolic mathematics.

Mathematica is available for free to UAB faculty, staff and students, thanks to funding from the College of Arts and Sciences and the School of Engineering.

To learn more about the product and how to download Mathematica, click here.

Customers have used Mathematica for everything from engineering and math to art and architecture. Mathematica 10 software, which is available for Windows, Mac and Linux, includes these featured areas:

• Mathematical structures

• Geometric computation

• Differential equation solving

• Machine learning

• Structured and semantic data

• Core language enhancements

• Geographic computation

• Time-related computation

• Random process analysis

• Visualization and graphics

• Image processing

• Engineering computation

• Software engineering

• External connectivity

An email sent to several UAB accounts purporting to be from Lister Hill Library, with the subject line, “Library Account,” appears to be a phishing attempt designed to steal personal information.

UAB IT is taking steps to prevent the further dissemination of e-mails from this particular sender, but remind UAB employees remain vigilant about potential phishing scams.
library phish


To report suspected spam to AskIT, please follow the instructions 
here

Follow these additional tips to avoid being a victim:

• Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.

• Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.

• Verify the address. Malicious Web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).

• Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.

• If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request. 

• Don’t open attachments. They may contain viruses or malware that can infect your computer.

• Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.

• Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555.  Hospital employees can call the HSIS Help Desk at 205-934-8888.


Phishing attempts threaten not only employees' personal information but also University resources, according to the latest issue of the IT Risk Bulletin.

The December issue of the bulletin, a joint effort of the of UAB, the University of Alabama, UAB Health System and the University of Alabama-Huntsville, provides tips on avoiding getting "phished."

• If you get an email, instant message or phone call in which you are asked for financial or personal information, do not reply or click links within the message.

• Never provide sensitive personal or financial information through email.

• Do not click links in potentially fraudulent email. A link that looks like it points to a valid Web site could be forged or cause your computer to download malware.

For more tips and to see past issues of the bulletin, click here.
“Your paycheck has been compromised.” That’s the kind of subject line you’ll see in a phishing email that’s trying to trick you into revealing personal information — like your BlazerID and password.

But if you fall for it, your paycheck — and all of your other personal information — truly could be compromised.

UAB has been under attack from scam artists and phishing e-mails. Dozens of individuals have fallen victim to the attacks and have had their e-mail accounts compromised and used for malicious purposes.

Users whose accounts are compromised will have their passwords revoked. The recommended method to reset them is through BlazerID self-service, particularly during the holidays when AskIT will have limited hours. AskIT will be closed on Thursday, Nov. 27, and Friday, Nov. 28, and will reopen at 9 a.m. Saturday.

Scam e-mails typically increase around the holidays, so take steps now to be able to recover your password by registering for BlazerID self-service.

Be extremely cautious about any e-mail message that claims to be from UAB, and NEVER provide your password in response to an e-mail communication.

Follow these additional tips to avoid being a victim:

• Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.

• Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.

• Verify the address. Malicious Web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).

• Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.

• If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.

• Don’t open attachments. They may contain viruses or malware that can infect your computer.

• Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.

• Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555.  Hospital employees can call the HSIS Help Desk at 205-934-8888.



Social media has changed the way we interact with each other, but while they have made some things easier for us, they have also made it easier for us to be a target for security risks.

The November issue of the IT Risk Bulletin, a joint publication of UAB, the University of Alabama, UAB Health System and the University of Alabama-Huntsville, offers some practical tips for staying safe online.

Among them:

• Keep private information private. Do NOT post your Social Security number, banking PIN or other personal information.

• Use the social network’s privacy and security settings to control what you post.

• Only approve friend requests from people you know.

For more tips and to access previous IT Risk Bulletins, click here.

Microsoft released a new critical security update on Nov. 18, 2014, that resolves a Windows vulnerability regarding privileges.

The vulnerability in Microsoft Windows Kerberos KDC could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator.

An attacker could, according to Microsoft, use those privileges to compromise any computer in the domain.

The update requires a restart.

For more information, visit https://technet.microsoft.com/library/security/ms14-068

UAB Information Technology reminds faculty, staff, and students that fraudulent email, internet, and phone scams tend to increase around the holidays.  Users should be vigilant to confirm that unsolicited requests for information are legitimate prior to providing sensitive information. 

A current telephone scam making its way around campus is one in which imposters claiming to be representatives of the Internal Revenue Service. 


Among the most common scams are callers who tell you that you owe money or that you have a refund coming, to try to trick you into sharing private information, according to the IRS.

The IRS, according to its latest alert, does not:

• Call or e-mail to demand payment without having first mailed you a bill.

• Demand you pay taxes without giving you the chance to appeal the amount they say you owe.

• Require you to use a specific payment method.

• Ask for credit or debit card numbers over the phone.

• Threaten to use law enforcement to have you arrested for not paying.

If you receive a phone call you believe is fraudulent, here is what you can do:

• If you know or think you owe taxes, call the IRS at 1-800-829-1040 so that IRS workers can help you with a payment issue.

• If you believe you don’t owe taxes, report the incident to the Treasury Inspector General for Tax Administration at 1-800-366-4484 or at www.tigta.gov.

• If you have been targeted by a scam, contact the Federal Trade Commission and use their “FTC Complaint Assistant” at FTC.gov. Add “IRS Telephone Scam” to the comments of the complaint.
Three months after introducing a stronger WiFi network to campus, UAB IT is reminding users that the WiFi network named "uabwifi_nac" will be discontinued on Dec. 15.

Users whose devices are still logged into uabwifi_nac will need to configure their devices one of two new WiFi networks, UABStartHere or UABSecure.

For users with a BlazerID and password, UABSecure is the preferred network because it provides encryption for sensitive data. UABStartHere is a completely open network, which means it provides no encryption and users will not need to enter a WEP key as they have in the past.

WiFi users who want to connect to UAB’s WiFi network can begin by choosing the UABStartHere network from their device. Upon opening a web browser, users are  automatically directed to a Web site where they can choose whether to configure their device for the UABSecure network, log on to the UABStartHere network or to register as a guest user.

Guests on campus are no longer be required to get sponsor access to use the campus WiFi network. They can simply log on to UABStartHere using a valid e-mail address to get 24 hours of access to the WiFi network.

Unencrypted, sensitive data should NOT be transmitted through the UABStartHere network unless protected by other means, such as a virtual private network (VPN) session. 

If your WiFi device can support the UABSecure network, we highly suggest taking the time to walk through configuring your device using QuickConnect. Click here for instructions.
toysfortotsUAB's 21st annual Toy Drive, benefitting Toys for Tots, is under way.

UAB IT will again organize the drive, with the department's own Eric Thompson leading the effort for the second year.

Boxes for toy donations will be located at 19 buildings across campus. UAB is the largest contributor to the local Toys for Tots effort.

New, unwrapped toys are needed for the toy drive, Thompson said, who is in his fourth year of being involved in the effort.

"I enjoy being able to offer Christmas for children who wouldn't otherwise be able to have Christmas," Thompson said.

Toys will be picked up the morning of Friday, Dec. 5.
UAB IT is aware of a critical vulnerability — called “POODLE” — on Web browsers and is taking steps to ensure that all enterprise systems and applications have been protected from this vulnerability.

Security researchers have identified POODLE — “Padding Oracle on Downgrade Legacy Encryption” — in an old but still commonly used version of SSL, the technology used to encrypt HTTP and other web traffic. Any server that supports SSL version 3 (SSLv3) can be exploited so that an attacker can decrypt secure sessions, potentially revealing passwords and other private information.

Web browsers will be updating their technology over the next few weeks to automatically disable SSLv3 on the client (browser) side, eliminating the POODLE vulnerability. If you utilize an older computer, please ensure that you have updated modern web browser such as Firefox 33, Chrome 38, Safari 7, Internet Explorer 10 or 11. There are platform-specific settings available for most browsers to disable SSLv3 at runtime for those who do not want to wait. Most users can simply ensure they get automatic browser updates and wait for the official update.

The safest and simplest solution is to disable SSLv3 support on all software, and instead use more recent versions of SSL: TLS version 1, 1.1, or 1.2. (Confusingly, more recent versions of SSL use the name TLS, for Transport Layer Security, rather than SSL, and the numbering scheme was reset to 1. So SSLv3 is older than TLSv1. TLS version 1.2 is the most recent version of SSL/TLS.)

Server administrators should take immediate action to disable SSLv3. Simply enabling other versions and leaving SSLv3 enabled is insufficient, as protocol downgrade attacks are possible. Disabling SSLv3 on a server may create compatibility problems for ancient client software — most notably, Internet Explorer 6 will be blocked from using SSL. Protocol configuration is platform-specific, so please refer to your official documentation for instructions. Some unofficial guides and methods of checking your server are available in in the references below.

Web clients other than browsers, such as web services, may need reconfiguration to communicate over TLS. Administrators and developers responsible for non-browser clients should check their official documentation. 

Cyberspace is a shared resource, and its security is the responsibility of all American citizens, businesses, groups and governmental agencies. Cyber security begins with the awareness of our individual internet usage habits and changing them to practices that can help safeguard our digital lives.  cybersecurityawareness logo

When in doubt remember staysafeonline.org’s motto: STOP. THINK. CONNECT.

STOP: Before you use the Internet, take time to understand the risks and learn how to spot potential problems.

THINK: Take a moment to be certain the path ahead is clear. Watch for warning signs and consider how your actions online could impact your safety, or your family’s. 

CONNECT: Enjoy the Internet with greater confidence, knowing you’ve taken the right steps to safeguard yourself and your computer.


Cybersecurity is daily issue that will affect the rest of your life.  Therefore, every individual should place the cybersecurity motto “STOP. THINK. CONNECT.” at the same level of importance as “Stop, drop and roll” and “Look both ways before crossing.”

This year, the UAB Enterprise Information Security department will focus on the campus community through classroom and homecoming event presence. The classroom presence involves an intuitive presentation to the CAS 112 – Success in College class. The CAS 112 course prepares students for a successful collegiate career in any field of study.

The UAB Enterprise Information Security department’s homecoming presence will be at a booth in the Occupational Health and Safety Vendor Fair from 11 a.m. to 2 p.m. on Friday, Oct. 10. The OHS Vendor Fair will be located between Rast Hall and the Campus Green.  Come and visit our booth so that we can chat about cyber security.  You will leave our booth with more cyber security awareness knowledge — and a few treats.

Additional cyber security resources:

National Cyber Security Alliance

Password Security

Phishing Scams

Physical security tips







AskIT is changing its phone support hours slightly to better serve UAB students, faculty and staff.

The AskIT help desk will now be open from 7 a.m. to 9 p.m. Monday through Friday; from 9 a.m. to 6 p.m. Saturdays; and from 1 to 6 p.m. on Sundays. The change goes into effect Monday, Oct. 5.

AskIT professionals offer support for all of UAB’s central applications and services, as well as enhanced support for Desktop customers.

Help desk professionals are also available for walk-up support at the Center for Teaching and Learning (ETS 238, Education Building) from 8 a.m. to 8:30 p.m. Monday through Friday; from 10 a.m. to 5:30 p.m. Saturdays; and from 1 to 5:30 p.m. on Sundays.

You can live chat with a professional from 8 a.m. to 5 p.m. Monday through Friday by clicking on the “Live Chat” button at uab.edu/askit.

You can also submit a ticket at any time by clicking on the “Submit a Ticket” button at uab.edu/askit.
UAB IT is urging all university employees to be aware of a possible e-mail phishing scam with the subject line “Your Nex Salary Notification.”

The e-mail claims to be communication from UAB Human Resources and asks users to click a link which takes them to a fraudulent site.

UAB IT officials are taking steps to prevent the further dissemination of e-mails from this particular sender, but remind UAB employees remain vigilant about potential phishing scams.

To report suspected spam to AskIT, please follow the instructions here.

Some tips to help users avoid phishing scams include:

Be wary of unsolicited email. Phishing scams try to convey a sense of urgency and try to pressure you into clicking a link. They might claim that unusual activity regarding your account has been flagged, or you must reconfirm your password by clicking on a link in the e-mail. If you receive such a message, be very skeptical and do not click on any links. Send an email to AskIT@uab.edu to report the suspicious email.

Check for misspellings or grammatical errors. Phishers often make such mistakes when writing the subject matter line or when writing the body of the email.

Think before you click. Both the sender’s email address and any suspicious links in the message body can help identify a fraudulent email. First, hover your cursor over the sender’s email address and check the domain name (the part of the address that comes after the “@”; for example, @school.edu). Now hover your cursor over the suspicious link (be sure not to click on it!) to view the web site address of the link (for example, school.com). There’s likely a problem if those two don’t match (for example, an email address of ITadmin@school.edu and a web site address of passwordchange.school.com).

Verify the address. Be aware that cyber-criminals will try to trick you into thinking a web site address is real by making it look similar to the real thing. For example, UAB web sites end in the domain name “uab.edu.” A phishing e-mail might ask you to click on a malicious web site link with the domain name “uab.edu.com.”

Avoid opening attachments. Many phishing emails include attached documents that contain malware that can infect your computer. Never download and open these attachments.

Protect your password. Remember, information security and IT officials at both UAB Hospital and the university will never ask users for passwords or any other sensitive information.

Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555.  Hospital employees can call the HSIS Help Desk at 205-934-8888.

Wondering if your photos, data and other information are securely stored in the cloud after the leak of celebrity photos over the Labor Day weekend?

UAB IT security professionals say the incident is a good reminder to the rest of us to take precautions with our own data.

Since most of us aren’t celebrities, our photos probably won’t be worth hackers’ time — but personal information can be.

So what can you do to keep your personal cloud accounts safe?

• Enable two-factor authentication on your cloud accounts. That way, if you — or someone else — tries to log into your account from a device that is not registered, you’ll have to log in using a verification code sent to one of your devices. It’s an extra step that helps secure your information.

Microsoft’s OneDrive — a cloud storage application available free for UAB students — uses two-factor identification and allows users to add security information to their account. Learn more here.

• Make sure you have a strong password. Ideally, you should use a passphrase you can remember. For example, choose “goblazers,” but replace some of the letters with numbers or symbols and include capital letters. The example, then, could become g0b!azers — easy to remember, harder to hack.

Change your password often to keep your data secure. That’s why UAB requires employees and students to change their BlazerID passwords frequently, and to make sure they contain the kind of character combinations that make them much less vulnerable to attacks.

• Consider using a password manager or password vault such as LastPass or KeePass. Such tools — which vary in price — can help manage your different logins while keeping them secure.

UAB employees should also be very cautious about cloud storage in regards to University information.

“UAB employees should not use cloud products for UAB business data without approval,” said Scott Fendley, information security operations manager for UAB IT. “UAB IT reviews the contracts and ensures that the cloud products meet our requirements.”

This month’s Tech Talk on Sept. 25 will feature a discussion of cloud computing at UAB. 

Forgot your BlazerID password? You don’t have to contact AskIT.

Did you know there is a quick and easy way to reset it through BlazerID Central?

If you have a phone number registered for B-Alert/e-Notify, you can use the automated password reset. Just register a new or existing phone number for “Identity” in the e-Notify signup here. You’ll get a text or voice message with a code to reset your password.

And if your password has expired, you can still log in to BlazerID Central with your old password to reset to a new password.

UAB’s password/passphrase policy, effective Jan. 1, 2014, requires faculty and staff to change their passwords every 90 days, and students to change their passwords every 180 days.

UAB IT has changed its notification schedule for changing your BlazerID password. Users now receive notices 15 days before their passwords expire, as well as seven days, three days, two days and one day prior to expiration.

Remember: E-mailed password change notices from UAB IT will NOT include clickable links, due to ongoing phishing attempts. All updates to your BlazerID password should be managed through BlazerID Central.

You’re shopping for dorm room decorations, signing up for classes and buying books.

But don’t forget to get your computer ready for UAB’s campus, too.

UAB IT has a handy guide to preparing your computer for use on our network, including instructions for installing antivirus applications for both Windows and Mac operating systems, downloading software and accessing the network.

Click here for all the instructions. 

The Campaign for UAB has reached its halfCampUAB Tag 4c-700way mark less than a year after its launch – and fundraisers will soon have a new tool to help reach their ultimate goal, thanks to UAB IT employees.

The Advancement Performance tool will help fundraisers with detailed reports about donors and potential donors, said Marylyn Crane, senior director of advancement information services and analytics for the University’s Advancement Services.

For the past year, UAB IT employees from the Enterprise Applications and Solutions department have been verifying the data in the Advancement Performance tool from vendor Ellucian to make sure the data is accurate for the use in fundraising.

“The main benefit to Advancement Performance is our ability to put data in the hands of our leadership, advancement staff and development officers,” Crane said. “Our goal is for them to be more accurately and actively guided through the decision-making process for our initiatives, key measures and fundraising efforts.”

UAB IT already runs data reports on a regular basis for the Advancement Services team, but the new tool will give fundraisers the opportunity to create their own reports. But creating and verifying the database has been a detailed, painstaking process for the UAB IT team, said Ramsey Scott, assistant director of administrative computing services and leader of the technical team responsible for this project.

In fact, UAB IT employee Ryan Teel created a validation tool – a Web application – that Ellucian will include in its next version of the software, Scott said.

“We have been validating the data for the better part of a year,” Scott said, making sure that the data for Advancement Performance matches what is already in the Banner system.

The new tool will go live in August.

“We want our data to tell a story so we can reach the right people for the right reasons during our current campaign and into the future,” Crane said.

“This project is an example of how UAB IT partners with units across campus to support the mission of the university,” said Phillip Borden, assistant vice president of information technology. “Our employees are proud of the role they play in important strategic initiatives such as The Campaign for UAB.”