Dear Students,

Information Technology Services (ITS) welcomes you to the University of Memphis, and wishes you a successful academic year.  We understand this is a hectic time for everyone as the semester begins. However, we wanted to take a brief moment to provide you with these important reminders.

We encourage you to review tips for protecting your personal information by clicking this link: http://www.memphis.edu/itd/security/personal-information-security.php.  Additional security information is accessible by clicking links on the right-hand side of that page.  If you receive any suspicious email, you may forward it to abuse@memphis.edu for analysis.

Please continue using the Service Desk to request technical assistance. For your convenience, you may use http://umhelpdesk.memphis.edu to submit your requests on-line or you may call the helpdesk at 901.678.8888. Once your helpdesk ticket is submitted, someone will follow-up with you as soon as possible.

If you have any questions or concerns, please don’t hesitate to contact me!

Regards,

Ellen Watson

Chief Information Officer and Vice Provost for  Information Technology Services

The Center for Teaching and Learning in IT Services recently published a newsletter with valuable information on tools, resources and workshops to provide students and faculty with the latest teaching technology.

Read all about these exciting opportunities here.

IT Services is committed to providing these tools to make things easier for you!

If you need help, please contact the IT Service Desk at 678-8888.

Have a great semester!

Ellen

The University has been made aware of phishing attempts that target university employees.  These malicious activities are usually carried out via email messages that may contain enticing subjects such as mailbox warnings, offers of salary increases, etc.  The email messages may contain links that trick employees into visiting fake websites. These websites appear very similar to the institution’s real web sites and solicit information such as user names and passwords.  The goal, of course, is to trick victims into thinking they are logging into authentic websites.

Employees are urged to use caution when visiting any website that solicits your University of Memphis user name and/or password. University employees should visit the following website for additional information regarding email scams and related security topics: http://www.memphis.edu/its/security/e-mail-scams.php.

Employees who receive suspicious email may forward it to abuse@memphis.edu to confirm whether it is legitimate.

Regards,

Ellen

On Sunday, August 10, there was an unexpected outage on the eCourseware  (Design2Learn or D2L) system from approximately 2:00 p.m. to 11:30 p.m.  This prevented access for many users.  According to D2L, the cause was due to a power outage at their hosting facility.  Once power was restored, application and storage servers were verified and reconnected.

D2L is a third-party, cloud-based vendor that provides eCourseware to the University.  As such, ITS can work with them on expediting solutions, but unfortunately, cannot prevent such emergencies.

D2L is also contracted through the Tennessee Board of Regents, which limits our ability to affect service improvements.  However, there is currently a TBR committee exploring alternative course management providers through a formal request for proposal process.

Please note that the UofM MyMemphis portal does have a channel available in which ITS posts notices about potential service impacts.  You can also check here for service status “reminders”.

We regret any inconvenience that this may have caused users, and will continue to monitor service levels with D2L.  Thank you for your patience.

Ellen

Since 2010, the University of Memphis has collaborated in discussions with City of Memphis leaders to bring Google Fiber to our region.   Google Fiber, provides high-speed Internet connections that are faster than average broadband speeds.  Google is once again expanding its fiber network

Those wishing to advocate for consideration of Memphis as a site for Google Fiber may visit http://www.choose901.com/bring-google-fiber-memphis/.

We will continue to be engaged with city leaders on this issue and we are committed to further dialog.

Thank you,

Ellen

On February 4, 2014, President David Rudd issued invitations to members of the Redefining the University Library Committee, with the charge:

“Today’s University Libraries must face a rapidly evolving landscape from the changes surrounding information and technology that have occurred over recent decades. Managing the migration to digital information systems raises numerous challenges, and considerations requiring the collected wisdom of various constituents. The library’s traditional role as a repository for physical books and periodicals is changing, with important implications for space utilization, resource acquisition, and deployment of staffing.”

The purpose of the Redefining the University Library Committee was to propose a plan for how the University Library will flourish on that new landscape, and how to best position future directions for the programs, services and physical configuration of the University libraries. The committee’s recommendations for the library of the 21st century has considered best practices for serving the University community and for meeting both ideal configuration and realistic support models.

The committee’s substantive and visionary recommendations may be seen here in the final report presented to the President on May 30, 2014.

As chair of the committee, I would like to thank all of the committee members for their diligence, research, and thoughtfulness in the preparation of this report.  The members included:

Colleagues,

We have received questions about the change in the password policy, which takes effect today, June 9.

Please note that you will not be required to change your password until your current expiration is reached.  Information Technology Services (ITS) will send  automated email reminders 14 days and 7 days prior to your password expiration.

Remember: ITS will never ask for your password.  When in doubt, please contact the ITS Service Desk at 901-678-8888.

Thank you,

Ellen

As a part of our ongoing examination of campus processes, the University is implementing a policy change to enhance the overall strength and security of account passwords.  These changes address both the frequency and complexity of password changes.

Beginning June 9, 2014, all University of Memphis students, faculty and staff will be required to change their UofM UUID password every 180 days.  This policy change will take effect with all passwords changed on or after June 9, 2014.

In addition to the change in frequency, changes are also being implemented in the minimum requirements for passwords.  These changes will provide additional security by increasing password strength and making passwords more resistant to attack.  The new minimum requirements for passwords are:

Must be at least twelve (12) characters in length.

Must contain characters from at least three of the following categories:

• lowercase letter (e.g. a, b, c),
• uppercase letter (e.g. A, B, C),
• number (e.g. 1, 2, 3), and
• special character (e.g. _ ! $ % ^ * + – ).

Remember:  ITS will never ask you for your password.  When in doubt, send suspicious emails to abuse@memphis.edu.

If you have any questions about the change in policy or need further assistance, please contact the ITS Service Desk at 901-678-8888.

Thank you,

Ellen

Colleagues,

As a matter of information security, the Internet Crime Complaint Center (IC3) has made the University aware of multiple scams targeting universities, university employees, and students across the nation. The scams range from Internet fraud to intrusions. The following are common scenarios:

• Spear phishing e-mails are being sent to university employees that appear to be from their employer. The e-mail contains a link and claims some type of issue has risen requiring them to enter their log-in credentials. Once employees provide their user name and password, the perpetrator accesses the university’s computer system to redirect the employees’ payroll allocation to another bank account. The university employees’ payroll allocations are being deposited into students’ accounts. These students were hired through online advertisements for work-at-home jobs, and provided their bank account information to the perpetrators to receive payment for the work they performed.
• Scammers are posting online advertisements soliciting college students for administrative positions in which they would receive checks via the mail or e-mail. Students are directed to deposit the checks into their accounts, and then print checks and/or wire money to an individual. Students are never asked to provide their bank account information to the perpetrators.

• Perpetrators are compromising students’ credential resulting in the rerouting of their reimbursement money to other bank accounts. The reimbursement money is from student loans and used to pay tuition, books, and living expenses.
• Perpetrators are obtaining professors’ Personally Identifiable Information (PII) and using it to file fraudulent income tax returns.
• Some universities have been victims of intrusions, resulting in the perpetrators being able to access university databases containing information on their employees and students.

If you have been a victim of one of these scams or any other Internet related scam, we encourage you to file a complaint with the IC3 at www.ic3.gov  and to notify your university police.

Please note:  the University will never ask you to provide personal information via email.

To the campus community:

By now, you may have seen reports from media and other sources announcing a new vulnerability in Microsoft’s Internet Explorer web browser.  The vulnerability could allow a malicious website to take control of a user’s computer through a flaw in the way Internet Explorer renders certain kinds of Adobe Flash code.  Microsoft has reported that this vulnerability is beginning to be used in the wild, but has not announced a date for when the vulnerability will be fixed.

ITS has taken steps to secure our campus PCs from this vulnerability.  Our network Intrusion Detection System has been updated to block attempts from outside campus to exploit this vulnerability.  Our Desktop Application Services team is continuing to research additional security measures that can be deployed to desktops to help block this flaw.

Given that a fix has still not been announced by Microsoft, it is the recommendation of ITS that all users restrict usage of Internet Explorer to trusted internal sites only.  For all other web browsing, please consider using an alternative web browser, such as Mozilla Firefox, Google Chrome, or Apple Safari until Microsoft patches Internet Explorer.

To protect your home or other personal machines running Microsoft’s Windows operating system, you may wish to consider taking some of the following actions:

• Use an alternative browser, such as Mozilla Firefox or Google Chrome, for day to day browsing until Microsoft patches Internet Explorer.
• Disable Adobe Flash within Internet Explorer. Newer versions of Windows (such as Windows 8) include Adobe Flash by default whether you install it or not.  See Microsoft’s website (http://windows.microsoft.com/en-us/internet-explorer/manage-add-ons#ie=ie-11) for further details on disabling add-ons within Internet Explorer.
• Enable Internet Explorer’s “Enhanced Protection Mode” (EPM), a feature which became available in newer versions of Internet Explorer.  While providing additional protection, this may break other legitimate add-ons and plugins.  See Microsoft’s website (http://windows.microsoft.com/en-us/internet-explorer/manage-add-ons#ie=ie-11) for further details on enabling EPM within Internet Explorer.
• If you have not already upgraded from Windows XP, do so as soon as possible.  Microsoft will not release a patch for this flaw, as they are no longer supporting the Windows XP operating system.

For additional technical information regarding this vulnerability, please see:

1. https://technet.microsoft.com/en-US/library/security/2963983
2. http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html

We appreciate your help, and we are committed to protecting campus systems.

Thank you,

Ellen