News Archive

"Meltdown" and "Spectre" Security Vulnerabilities and Patches

This week, major security vulnerabilities have been revealed, named Meltdown and Spectre, which affect all modern Intel processors and many other processors, such as those from AMD and ARM (the latter of which powers all smartphones). Essentially, these are two techniques discovered by researchers that would allow an attacker to circumvent the protections built into modern processor architectures and subsequently access and expose nearly any data a computer processes. While there are not yet any major known exploits of these security holes, there are proof-of-concept exploits. As the overwhelming majority of computers in use are potentially vulnerable, it is imperative to install the following updates as soon as possible to protect your computer against future threats.

  • Windows: Microsoft has released out-of-band patches this week for Windows 7, 8.1, and 10. Please note that this is not compatible with all anti-virus (AV) software, if you are using an AV client other than Windows Defender or Windows Security Essentials. ITS recommends using Windows Defender (Windows 8.1 and 10) or Windows Security Essentials (Windows 7), however, if you decide you would prefer to use another AV client, please check with your software vendor about compatibility and make sure to install the latest version of the software that is available.
  • Mac: The already-released macOS High Sierra 10.13.2 includes patches for these vulnerabilities. The forthcoming 10.13.3 should include additional protections as well, so please be sure to install as soon as it becomes available.
  • Android: Devices with the latest security update are protected. Please install as soon as it is available for your device.
  • iOS: No known patches have been released for iOS to address these vulnerabilities, however, if and when this changes, we will alert the community.
  • Chrome and Chrome OS: Be sure to update to the latest version of Chrome, currently version 63. Chrome version 64 is due to be released on January 23 with additional protections in place. More information from Google.
  • Firefox: Update to the latest release of Firefox, version 57. More information from Mozilla.
  • IE/Edge: Patched in the latest security updates from Microsoft, listed above.

For more information on these vulnerabilities: https://meltdownattack.com/

If you have any further questions or concerns regarding these vulnerabilities and how to protect your computer, please don't hesitate to contact ITS.

December 21, 2017 NCREN Network Maintenance

On Wednesday, January 4 (rescheduled from the 3rd), 2018 from 12:01 AM until 6:00 AM, MCNC will be maintaining our uplink to the MCNC Datacenter (and then to the Internet). There will be one or more short periods during the maintenance interval where all on-campus services will be interrupted. Off-campus services will not be affected.

While any disruption is expected to be very brief, please note that the entire maintenance window is reserved.

As always, please contact ITS if you have questions or if we can be of any assistance.

December 19, 2017 NCREN Network Maintenance

On Friday, December 29, 2017 from 12:01 AM until 6:00 AM, MCNC will be maintaining our uplink to the MCNC Datacenter (and then to the Internet). There will be one or more short periods during the maintenance interval where all on-campus services will be interrupted. Off-campus services will not be affected.

While each disruption is expected to be very brief, please note that the entire maintenance window is reserved.

If you have any questions or concerns, please let ITS know.

December 14, 2017 NCREN Emergency Network Maintenance

MCNC, our ISP, has announced that they will perform some emergency maintenance to our uplink to the Internet on Friday, December 15, 2017 from 12:01 AM-6:00 AM.

This maintenance will cause one or more outages of all services during the maintenance. The number of outages and the duration and timing of each outage is unknown, but each is expected to be brief.

As always, please contact ITS if you have questions or if we can be of any assistance.

December 14, 2017 NCSSM Firewall Maintenance

On Wednesday, December 20 (postponed from Sunday, December 17), 2017 from 7:00 AM until 8:00 AM, ITS will be installing a security update to our perimeter firewall. During the required reboot, all services on campus will be unavailable and all services with the exception of Google services, will be unavailable from off campus.

While the expected disruption is expected to be less than 10 minutes, please note that the entire maintenance window is reserved.

If you have any questions or concerns, please let ITS know.

December 11, 2017 NCSSM Emergency Server Maintenance

We've had a small hardware failure on our Nutanix virtualization server, which we'll be replacing starting at 3:45PM on Wednesday, December 13, 2017.

While we expect no downtime due to this service, it's a possibility. All Nutanix-resident services are potentially affected; among them are network authentication, Focus, Booked, Central Stores, printing and the ITS wiki.

As always, please contact ITS if you have questions or if we can be of any assistance.

December 7, 2017 NCREN Power Maintenance

On Sunday, January 7, 2018 from 12:01 AM until 6:00 AM, NCREN will be maintaining the emergency power systems at their data center. All of our servers and our Internet connection are housed at this data center, with the exception of our Google services. While no interruption in services is anticipated, the possibility exists. In the event of a service interruption, all services on campus will be unavailable, and all services with the exception of Google services will be unavailable from off campus.

Such services include Focus, network authentication, Booked, Central Stores, printing and the ITS wiki.

Please note that the entire maintenance window is reserved.

If you have any questions or concerns, please let ITS know.

December 6, 2017 Mecklenburg County, NC Servers Held for Ransom

Yesterday, according to WBTV (in their article at http://www.wbtv.com/story/36998493/ua-push), Mecklenburg County officials report that their servers were compromised and the information on them is being held for ransom. The attackers apparently gained their entry when a county employee opened an attachment sent in an email. As a result, all computer systems in the county government are unavailable and employees are conducting all business with paper.

County IT employees have brought in an expert and are considering paying the 2 bitcoin (approximately $30,000) ransom.

NCSSM ITS reminds all staff, parents, and students to be very suspicious of all email, especially those containing links and attachments. While ITS will be happy to assist, NCSSM does not, as a matter of policy, pay ransom.

We further suggest that you review the relevant sections of Securing the Human should you have any questions about recognizing phishing attacks or the importance of avoiding compromise. And as always, please contact ITS if we can be of any assistance.

November 28, 2017 Server Maintenance Cancelled

The Nutanix server maintenance scheduled for Wednesday, December 20, 2017 from 9:00 AM until 1:00 PM has been cancelled.

If you have any questions or concerns, please let ITS know.

October 20, 2017 New Google Calendar

Google has announced a new version of Google Calendar which you can now enable for your own NCSSM calendar. This new version of Calendar has a much cleaner and more modern new interface, enables rich formatting and links in calendar invitations, allows for managing multiple calendars side-by-side, and much more. For more details on this new version of Calendar, please review Google's announcement.

To enable the new Calendar for yourself, please use the following instructions:

  • Navigate to your Google Calendar (if you also have a personal Google account, please make sure that you are signed into your NCSSM account by checking your account icon at the top-right).
  • Click the blue button at the top-right that says Use new Calendar.
  • Click Upgrade now when prompted.
  • Click Got it.

If you need to revert back to the classic version of Google Calendar for any reason, you can do so at any time by clicking the gear icon at the top-right and clicking Back to classic Calendar.

These instructions can also be found on the ITS Wiki.

Presently, ITS tentatively plans on migrating everyone to the new version of Google Calendar over winter break. If you have any questions or concerns with regard to the new Google Calendar, please don't hesitate to let ITS know.

October 6, 2017 Google Drive File Stream now available

Google has officially released a new application that replaces the Google Drive syncing application for PC and Mac, called Drive File Stream.

This new application is a much faster and more reliable way to access Google Drive locally on your Windows-based PC or Mac, while also using far less of your computer's local storage. It also enables local access to any Team Drives for which you are a member.

Google lists the following benefits of Drive File Stream:

  • Quickly see all your Google Drive files in Finder/Explorer (including Team Drives).
  • Browse and organize Google Drive files without downloading all of them to your computer.
  • Choose which files or folders you'd like to make available offline.
  • Open files in common apps like Microsoft Office and Adobe Photoshop.

To download and install the Drive File Stream application, please use these instructions.

If you have any questions or concerns about this new software or would like any assistance with its installation, please let ITS know.

September 29, 2017 New Focus feature eases emailing student support teams

ITS is pleased to announce a new feature in Focus which enables all staff and parents to contact a students' support team without having to remember or look up email addresses.

The new feature is available under each student's General Info section in Focus, titled Email support team. Clicking this link will generate a new blank email with the To: field pre-populated with the student's parents, counselor, SLI, academic advisor, work service supervisor, and current teachers. The Subject: is pre-populated with the student's name.

Senders should carefully consider whether and how to edit the recipient list and subject line, in addition to composing a thoughtful message body. Since this email will be a public record, please ensure that the right people are receiving the right message.

Also consider whether a face-to-face meeting might be more productive than sending an email (although this feature is useful in arranging such a meeting).

Please also be aware that before using this feature, you should make sure that your NCSSM Google account is set up as your default mail handler. To do so, please follow these directions from the ITS Wiki based on your browser(s) of choice.

If you experience any issues with this feature, please be sure to contact ITS using a ticket to let us know.

September 14, 2017 New Version of the NCSSM Calendar

New version of the NCSSM Calendar

Over the past 2 years we have tried to show all of the various events we have happening on campus. Employees, parents, and students all need separate event information so we had separate Google calendars for Academic events and Activities on campus. Now, all official NCSSM Google calendars are synced with the new NCSSM calendar and users may select which they want to view. It is accessible in My NCSSM in the right side menu for employees, parents, and students.

To find the NCSSM Calendar:

Select Academic Calendar on the right side menu of My NCSSM.

To view the calendar:

Check or uncheck the checkboxes to turn on/off the calendars.

To subscribe to calendars:

Select one of the subscription links in the right sidebar subscribe to a calendar. You must have a Google Account to subscribe.

See the NCSSM Calendar at https://www.ncssm.edu/calendar/

See instructions in the ITS Wiki.

September 11, 2017 Equifax Breach Recommendations

Given Equifax's admission last week of a breach of approximately 143 million Americans' personal and financial data, including names, Social Security numbers (SSNs), addresses, birth dates, and more, ITS would like to make some recommendations for protecting your identity and credit. We are providing these recommendations as a courtesy to the NCSSM community following our own research into the breach as well as correspondence with IT departments at other educational institutions, however, these recommendations do not officially represent the views of NCSSM.

First, ITS recommends freezing your credit via all three credit bureaus. Here are links to help get started:

Note that freezing your credit will require action on your part a few days before you apply for credit or a loan, and in some cases, apply for a job. You'll then have to re-freeze your credit after the event.

Second, we also recommend reviewing a free credit report via AnnualCreditReport.com. Reviewing this report is a great way to see if there’s any unusual activity that you do not recognize. You should consider reviewing your credit report annually and when contemplating major financial transactions, such as a house purchase.

Every month, you should closely monitor your credit card and bank statements for unauthorized activity. Note that debit cards give you less protection against fraud than credit cards, so consider not keeping large balances in your debit card.

Longer term, you should file your taxes as soon as is possible every year. That way, if you have been breached, you make it harder for a scammer to file a return in your name. Respond immediately to any letters from the IRS or the NC Department of Revenue.

At this time, we're not recommending that you use the Equifax site www.equifaxsecurity2017.com, which was set up to determine whether your information is part of the breach. The site asks for your last name and the last six digits of your SSN. Although Equifax has stated that they do not retain this information subsequent to your query, the site seems to have been hastily put together and may have its own security issues. Moreover, reports we've received indicate that the site often asks that you return at a specified date to determine whether you've been breached and/or to sign up for the year of free credit monitoring Equifax is offering.

These suggestions are mostly in line with the Federal Trade Commission's recommendations (https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do). This article also has additional suggestions and information.

If you have any further concerns, we recommend talking to your bank or financial professional, and visiting identitytheft.gov/databreach.

August 4, 2017 Reminder: complete ITS training

This is a friendly reminder to complete your Securing the Human Training for the 2017-2018 school year. In order to protect our network, accounts, and data against numerous threats, ITS requires annual network security training using the Securing the Human tool, which includes short videos and quizzes covering a range of important network security topics and best practices.

Even though Securing the Human training videos may have been watched in previous school years, that it will be required once again this year for all students, faculty, and staff. We are asking all employees to please complete this annual training before the start of the school year, and we will also require students to complete this training before Move-In Day.

This year's training videos have been updated with new and improved content and advice for better security practices, and ITS has shortened the number of mandatory videos so that the total required training is between 21-23 minutes for faculty and non-faculty staff, or about 10 minutes less than last school year. Additionally, the quizzes following each video are still shortened to just 1 question apiece.

In addition to these training videos, ITS will also be conducting in-person training sessions with departments and other groups as requested. ITS also found that last year's phishing drill was very instructive and we will possibly schedule one or more similar drills depending on whether or not we are still being victimized by successful phishing attempts.

If you have any questions or concerns regarding the Securing the Human training or the content of the videos or quizzes, please do not hesitate to send ITS a ticket to let us know, and we will get back to you as quickly as possible. -- Justin Fleming