Colleagues,

We have received questions about the change in the password policy, which takes effect today, June 9.

Please note that you will not be required to change your password until your current expiration is reached.  Information Technology Services (ITS) will send  automated email reminders 14 days and 7 days prior to your password expiration.

Remember: ITS will never ask for your password.  When in doubt, please contact the ITS Service Desk at 901-678-8888.

Thank you,

Ellen

As a part of our ongoing examination of campus processes, the University is implementing a policy change to enhance the overall strength and security of account passwords.  These changes address both the frequency and complexity of password changes.

Beginning June 9, 2014, all University of Memphis students, faculty and staff will be required to change their UofM UUID password every 180 days.  This policy change will take effect with all passwords changed on or after June 9, 2014.

In addition to the change in frequency, changes are also being implemented in the minimum requirements for passwords.  These changes will provide additional security by increasing password strength and making passwords more resistant to attack.  The new minimum requirements for passwords are:

Must be at least twelve (12) characters in length.

Must contain characters from at least three of the following categories:

• lowercase letter (e.g. a, b, c),
• uppercase letter (e.g. A, B, C),
• number (e.g. 1, 2, 3), and
• special character (e.g. _ ! $ % ^ * + – ).

Remember:  ITS will never ask you for your password.  When in doubt, send suspicious emails to abuse@memphis.edu.

If you have any questions about the change in policy or need further assistance, please contact the ITS Service Desk at 901-678-8888.

Thank you,

Ellen

Colleagues,

As a matter of information security, the Internet Crime Complaint Center (IC3) has made the University aware of multiple scams targeting universities, university employees, and students across the nation. The scams range from Internet fraud to intrusions. The following are common scenarios:

• Spear phishing e-mails are being sent to university employees that appear to be from their employer. The e-mail contains a link and claims some type of issue has risen requiring them to enter their log-in credentials. Once employees provide their user name and password, the perpetrator accesses the university’s computer system to redirect the employees’ payroll allocation to another bank account. The university employees’ payroll allocations are being deposited into students’ accounts. These students were hired through online advertisements for work-at-home jobs, and provided their bank account information to the perpetrators to receive payment for the work they performed.
• Scammers are posting online advertisements soliciting college students for administrative positions in which they would receive checks via the mail or e-mail. Students are directed to deposit the checks into their accounts, and then print checks and/or wire money to an individual. Students are never asked to provide their bank account information to the perpetrators.

• Perpetrators are compromising students’ credential resulting in the rerouting of their reimbursement money to other bank accounts. The reimbursement money is from student loans and used to pay tuition, books, and living expenses.
• Perpetrators are obtaining professors’ Personally Identifiable Information (PII) and using it to file fraudulent income tax returns.
• Some universities have been victims of intrusions, resulting in the perpetrators being able to access university databases containing information on their employees and students.

If you have been a victim of one of these scams or any other Internet related scam, we encourage you to file a complaint with the IC3 at www.ic3.gov  and to notify your university police.

Please note:  the University will never ask you to provide personal information via email.

To the campus community:

By now, you may have seen reports from media and other sources announcing a new vulnerability in Microsoft’s Internet Explorer web browser.  The vulnerability could allow a malicious website to take control of a user’s computer through a flaw in the way Internet Explorer renders certain kinds of Adobe Flash code.  Microsoft has reported that this vulnerability is beginning to be used in the wild, but has not announced a date for when the vulnerability will be fixed.

ITS has taken steps to secure our campus PCs from this vulnerability.  Our network Intrusion Detection System has been updated to block attempts from outside campus to exploit this vulnerability.  Our Desktop Application Services team is continuing to research additional security measures that can be deployed to desktops to help block this flaw.

Given that a fix has still not been announced by Microsoft, it is the recommendation of ITS that all users restrict usage of Internet Explorer to trusted internal sites only.  For all other web browsing, please consider using an alternative web browser, such as Mozilla Firefox, Google Chrome, or Apple Safari until Microsoft patches Internet Explorer.

To protect your home or other personal machines running Microsoft’s Windows operating system, you may wish to consider taking some of the following actions:

• Use an alternative browser, such as Mozilla Firefox or Google Chrome, for day to day browsing until Microsoft patches Internet Explorer.
• Disable Adobe Flash within Internet Explorer. Newer versions of Windows (such as Windows 8) include Adobe Flash by default whether you install it or not.  See Microsoft’s website (http://windows.microsoft.com/en-us/internet-explorer/manage-add-ons#ie=ie-11) for further details on disabling add-ons within Internet Explorer.
• Enable Internet Explorer’s “Enhanced Protection Mode” (EPM), a feature which became available in newer versions of Internet Explorer.  While providing additional protection, this may break other legitimate add-ons and plugins.  See Microsoft’s website (http://windows.microsoft.com/en-us/internet-explorer/manage-add-ons#ie=ie-11) for further details on enabling EPM within Internet Explorer.
• If you have not already upgraded from Windows XP, do so as soon as possible.  Microsoft will not release a patch for this flaw, as they are no longer supporting the Windows XP operating system.

For additional technical information regarding this vulnerability, please see:

1. https://technet.microsoft.com/en-US/library/security/2963983
2. http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html

We appreciate your help, and we are committed to protecting campus systems.

Thank you,

Ellen

Dear Students, Faculty, and Staff,

Information Technology Services (ITS) is participating in the annual Techqual+ survey to assess the quality of technology services on campus,  and we need your help.  Your input is critical in helping us to gather information so that we can identify and plan appropriately to provide the best technology services possible.

Participants may enter a drawing for a $50 gift card.  Four winners will be selected!

Your participation in this survey is completely optional and your responses are anonymous. No personally identifiable information about you will be collected during the survey.  You will be given an opportunity to participate in this year’s gift card drawing at the end of the survey and, if you choose to participate, you will be redirected to a separate website to provide your email address.  The email address you provide for the gift card drawing will not be associated with your survey responses.  Gift card winners employed by the University of Memphis are subject to appropriate IRS tax withholding and reporting.

To participate in the survey, click the following link:

https://survey.techqual.org/dl.aspx?g=e9ea1b17-217e-4511-b0bf-12c0f42957e2

Your feedback is important because it helps us develop action plans that assist in continual improvement. The survey closes May 9, 2014 at 4:30 p.m.  I sincerely appreciate your taking the time to participate in this process. If you have any questions about the survey please feel free to contact me.

Regards,

Ellen

Dear Colleagues,

The Heartbleed Bug is a vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing of the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet which can include the names, passwords, and actual content of secure information.

​As of April 10, 2014, all ITS managed services have been patched to mitigate this threat.  Additionally, our campus intrusion prevention and detection system has been updated to block external attempts from malicious actors.  After review, we do not believe there is any need to change your UofM campus UUID password at this time.

If you have any questions or concerns, please contact the Help Desk 24/7 at 678-8888.

Thank you,

Ellen

Dear University of Memphis Undergraduates,

How are you using technology?  Do you own a desktop computer, notebook, tablet, or smartphone?  Ever heard of MOOC’s?  What about e-textbooks or e-portfolios?  Are you using social media? These are examples of questions the national ECAR survey on Student Technology Experiences helps us answer and the survey is now open. The survey helps us understand how you are using technology compared to participants from other universities.

We are interested in improving student experiences with information technology, and your response is very important to us. Your participation in the study is voluntary, and your responses will be completely confidential.

It will take approximately 15 minutes to complete the survey and your participation would be greatly appreciated. The survey will remain open until April 11, 2014. Please click this link to complete the survey:

https://www.surveygizmo.com/s3/1524684/ECAR-Student-Study-2014?eid=9257&us=y

Thank you in advance for your participation.  If you have any questions, please feel free to contact Dr. Robert Jackson at rjax@memphis.edu.

Ellen

Colleagues,

ITS has received some questions regarding extension of XP support, and we are actively exploring this possibility with Microsoft. Although we are continuing discussions with Microsoft, our latest information indicates that such an agreement would be costly for the University and may not be the best use of financial resources.

We encourage everyone to continue efforts to upgrade to a supported operating system to remain in compliance with University policies.

Thank you,

Ellen

Colleagues,

Microsoft’s support of Windows XP and Office 2003 will end on April 8, 2014. After this date, there will be no new security updates, non-security fixes or technical content updates from Microsoft.

Please note the risks associated with maintaining an unsupported machine, and take steps to minimize your risk.

• Security Risks: Unsupported and unpatched environments are vulnerable to security risks and cyber-attacks.
• Software Vendor & Hardware Manufacturer’s support – Software vendors are unlikely to support new versions of applications on Windows XP.  Research also notes that most PC hardware manufacturers will stop supporting Windows XP on the majority of their new PC models.
• Windows XP is not supported for Office 2013: Office 2013 requires that the client operating system be Windows 7 or later.

Actions to Consider:

• Get current with Windows and Office: Newer versions of Microsoft Windows and Office increase PC security and management, and user abilities. Upgrade your personal device to a supported version of Microsoft Windows and Microsoft Office. Windows XP and Office 2003 will no longer be installed on university-owned systems.
• Isolate Systems: in compliance with University policies UM1566 and UM1691, unpatched, insecure, and outdated operating systems will not be allowed on the network.
• Review impact:  Ensure that unsupported systems do not contain sensitive data.

If you have additional questions or concerns regarding Microsoft XP or Office 2003, please contact the Service Desk at Extension 8888.

Thank you,

Ellen

Dear Colleagues,

Information Technology Services (ITS) initiates discussions annually throughout the University to inform the continual improvement of the ITS Strategic Plan.  Historically, these planning sessions were scheduled for the December – January timeframe and were aligned with the March deadline for budget presentations.

ITS is shifting our strategic planning cycle to late summer/early fall in response to the new budgeting approach, Responsibility Centered Management (RCM), which is scheduled to begin FY2015 and will require budget presentations in the October/November timeframe.  Additionally, this move will allow us to capitalize on recommendations from the Redefining the University Library Committee.

Regards,

Ellen