2014 Technology Services Survey (“TechQual+”) to Start Next Week

Posted on Friday, October 24th, 2014 by ITS Communications under Announcements, General.

Starting next week, Information Technology Services (ITS) will conduct its second1 TechQual+2 technology services survey. The purpose of the survey is to assess the perceived service quality of technology services at UNCG and to get feedback about which new technology programs and services should be considered.

Survey participants will be asked to provide ratings that measure desired level of service against perceived level of service. There will also be opportunities throughout the survey for participants to provide feedback in the form of free-form comments.

Invitations to participate in the survey will be sent to full time faculty and staff, all graduate students, and a random sample of undergraduate students. (Note: A student who has the “confidentiality” flag turned on in Banner, as well as faculty or staff who are taking a Fall 2014 class, will not receive a survey invitation.) Participants who complete the survey will be entered into a drawing for one of three $50 Amazon.com gift cards.

The survey will be conducted over 4 weeks, Oct 27 – Nov 21, 2014.

The survey results will be reviewed by ITS management and will be used to make decisions about how to invest resources to support the technology needs of students, faculty, and staff.

 What needs to be done next to expand or improve university technology services? Your feedback is important to us! If you receive a survey invitation, please share your ideas and experience by taking the survey.

1ITS conducted its first TechQual+ survey in Spring 2012. Evaluation of this survey’s results led to the development of ITS Action Plans that were used to address several areas. Summaries of the service changes that resulted from the survey feedback are available here: ITS Action Plans

2Tech Qual+ is a national survey instrument for higher education institutions. For more information, go to http://www.techqual.org/.

Comments Off

Latest Dangerous Phishing Attacks Targeting UNCG, 10-21-2014

Posted on Friday, October 24th, 2014 by ITS Communications under Security.
Protect Yourself from Phishing Attacks
  • Be careful when following links in emails or email attachments. Especially in emails from unknown sources.
  • Use  discretion when using your iSpartan credentials to log into sites outside of the uncg.edu domain.
  • Never reset your password on any site other than reset.uncg.edu.
  • If you have any doubts about the authenticity of an email or a web site asking for your iSpartan credentials, contact 6-TECH.

Information Technology Services (ITS) has become aware of several separate phishing attack targeting campus users. Email comes into a user’s inbox, sometimes from a UNCG employee’s compromised account and sometimes from an external email address, informing them that there is an important action that they need to take. Sometimes it is a link to a shared file, and other times it is a request to open an attachment. In these latest attacks, the user is asked to visit a website that asks them to select and log in to their email account.

The email will have a message similar to the following:

Example Subject Line: Attached File

I shared a document with you. Goto: {LINK REMOVED BY ITS} and just sign in with your email address to view the document.The file is too large so I couldn’t attach it let me know what you think and if you have questions.

The website linked to may look like the image below, in this example posing as Dropbox.com:

This phishing attack uses a web page crafted to look like Dropbox.com.

In reality, each of these links takes users to fake login pages hosted by phishing websites. After providing their email username and password, the user’s account is compromised. In these latest cases, verifying that the link takes you to a website other than dropbox.com would be sufficient evidence to prove that it is not a legitimate piece of email. Under no circumstances should you reply to the sender of this email, or to any other suspicious email you may receive.

Usually you can tell whether a link is going to the appropriate place by hovering over the link and checking to see if the text of the link is the same as the actual target of the link.

URL in status bar
When the cursor is placed over a link without clicking, most browsers show the target of the link at the bottom of the browser in the status bar.

ITS reminds users to never reset their password on any site except the official reset.uncg.edu website.

ITS also reminds users to be extremely careful which websites they provide their UNCG password to. Most UNCG websites will be located at URLs that contain “.uncg.edu” directly before the first forward slash. For example, if you look at the URL when you log in to your UNCG iSpartan email account, it will appear as https://gafe.uncg.edu/login.jsp. Seeing “uncg.edu” appear directly before the first forward slash will prove it is a trusted website. For other examples like this, look at the URL when you are logging into other campus services like Canvas, Box, Qualtrics, Office365, and Blackboard. They will appear as “idp.uncg.edu/idp/Authn/UserPassword”, which contains “.uncg.edu” before the first forward slash.

In some specific cases, official UNCG services are provided at other URLs that may not contain “uncg.edu” before the first forward slash. In those situations, if you are suspicious or confused as to whether it is a trusted website, contact the UNCG office providing that service, before entering your username and password.

If you have questions, please contact 6-TECH at (336) 256-TECH (8324) or 6-TECH@uncg.edu.

Comments Off

Scheduled Maintenance for ListProc Web Interface | Friday, October 24 | 5:30am – 7:30am

Posted on Thursday, October 23rd, 2014 by ITS Communications under Scheduled Maintenance.

Who: Faculty, staff, and students who use the ListProc web interface http://listproc.uncg.edu

What: Changes to listproc.uncg.edu so that it uses SSL encryption (SSL 3.0 will be disabled)

When: Friday, October 24 | 5:30AM – 7:30 AM

Why: To increase the security of the ListProc web interface

There will not be interruptions in the sending and receiving of ListProc mail.  It is only the web interface for ListProc that will experience interruptions.

If you have questions or need more information, please contact 6-TECH at (336) 256-TECH (8324) or 6-TECH@uncg.edu.

Comments Off

Scheduled Maintenance of www.uncg.edu | Thursday, October 23 | 5:30am – 7:30am

Posted on Wednesday, October 22nd, 2014 by ITS Communications under Scheduled Maintenance.

As part of addressing the POODLE/SSL 3.0 vulnerability, Information Technology Services (ITS) is switching to a patched web server for www.uncg.edu on Thursday, October 23, 5:30am – 7:30am.

No downtime is involved. However after this change, you may experience problems if you try to access secure content at https://www.uncg.edu using older, unsupported web browsers. Please report any errors accessing content to 6-TECH at (336) 256-TECH (8324) or 6-TECH@uncg.edu.

Note: Access to the regular UNCG website “www.uncg.edu” will not be affected.

If you have questions, please contact 6-TECH at (336) 256-TECH (8324) or 6-TECH@uncg.edu.

Comments Off

SSL 3.0 POODLE Vulnerability

Posted on Monday, October 20th, 2014 by ITS Communications under General, Security.

A serious vulnerability (nicknamed “POODLE”, or Padding Oracle On Downgraded Legacy Encryption) has been discovered in the communication encryption protocol SSL 3.0. Google released details of the vulnerability on Tuesday, October 14, 2014.

SSL 3.0 is an old (by technology standards) encryption protocol used to provide communication security over the internet. It has largely been replaced by more modern, stronger, encryption standards (TLS); however SSL 3.0 is still commonly supported as a fallback by Web servers and browsers, if more modern encryption protocols fail.

To address this vulnerability, UNCG Information Technology Services (ITS) is patching centrally managed servers that provide web-based content so that they stop using SSL 3.0.

If you are an administrator of a server that provides web-based content, you should take action to mitigate the POODLE vulnerability:

  • If you are using an older, unsupported browser, such as IE 6, you will have issues after ITS completes the server patching to address POODLE. You will need to upgrade to the latest version of your browser (see browser update links under Additional Information below).
  • Current, supported browsers should not be affected by the patching changes, as these will default to using the modern (TLS) protocol.
  • You should configure your server(s) to not use SSL 3.0. If you are unsure if your web service uses SSL 3.0 or if you need assistance to perform this work, please contact 6-TECH (see contact information below) to request a consultation with the ITS Web Services group.

If you have questions or need more information, please contact 6-TECH at (336) 256-TECH (8324) or 6-TECH@uncg.edu.

Additional Information

Browser update links

Technical articles

Comments Off