Feed on
Posts
Comments

This is our first posting and a welcome message to the UTPA community.  Keep in touch and we will keep you informed about emerging threats, offer you tips on how to keep your computer safe, and tell you about the different information security initiatives at the University.  We welcome suggestions and opinions; please feel free to post comments.

Recently, there was a very significant security vulnerability known as Heartbleed.  Please read the information below to better inform yourself about the risks and how to protect yourself.

 

What is the Heartbleed vulnerability?

It is a weakness that was discovered on April 7th, 2014, that affects some web services that use SSL to encrypt communications.  In the time window between the vulnerability was discovered and remediated, a hacker might have taken advantage of this weakness to steal sensitive information from vulnerable servers.

Did this vulnerability affect UTPA servers?

Some web servers were affected by this vulnerability and we immediately responded to the threat.  None of our systems hosting student or employee data were at risk.

Why should I be concerned?

  • There could be web services that you are using from your computer or mobile device that may be or may have been vulnerable.
  • There are also phishing attempts from people taking advantage of the circumstances to attempt to steal your username and password.

What can I do to protect myself?

  • Change your passwords on the websites that you know were vulnerable and have dealt with the vulnerability.  Reference the related article below for resources that could help you identify sites that were or are still vulnerable.
  • Do not click on hyperlinks inside email messages telling you to click to change your username and password because of this vulnerability.
  • Use a different password for each website registration, use strong passwords and enable two-step verification for websites that support it.

 

Related Articles

Sans OUCH!  Heartbleed – Why Do I Care?

http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-2014-special_en.pdf

Below is a summary of the combined security bulletins for the month of April 2014. Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, April, at 11:00pm. If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically.

How to update your PC

How to update your Mac

Important notice to computers joined to the UTPA domain: The update distribution process has recently changed. On the day that the updates are distributed, your computer will present you with a notification (see screenshot below) giving you the choice to update your computer before the deadline of 11:00pm. This will allow people to be familiar with the updates that are being installed and it will also give the opportunity for installing the updates at your convenience (this way your machine is not forcefully restarted during the evening).

Software Update Installation Notification

 

 

Starting on April 8, 2014, Microsoft will cease to support the Windows XP operating system.  That means that they will no longer be creating security patches to remove software vulnerabilities, making the operating system a perfect victim for hackers.  The same applies to the Office 2003 product suite.

For University computers:

Please support our ongoing initiative to upgrade or replace computers running Windows XP.  If you have a University resource running Windows XP that is not managed by IT, please contact us to help you upgrade.  Account Managers – please contact us at the numbers below to schedule the upgrades for your assigned devices.

To schedule your upgrade, please contact Jose Diaz at 665-3593 or jadiaz1@utpa.edu.  If there is a reason why you are unable to upgrade your computer running Windows XP, please contact the OCISO at 665-7823 to request an exception.

For personally-owned computers:

If you have any computers at home running Windows XP, we recommend that you upgrade as soon as possible to a supported operating system like Windows 7 or 8. 

If for any reason you are unable to upgrade your home computer, here are some considerations:

  • Avoid connecting the computer to the Internet if it is not needed.
  • Avoid using Internet Explorer and instead use a web browser like Mozilla Firefox or Google Chrome.
  • Avoid using built-in applications in Windows XP which open files from the Internet, such as Windows Media Player, the FTP client, etc.  Instead use separate applications that are continuously updated by the vendor.
  • Make sure your computer firewall is enabled and properly configured.
  • Avoid using your computer for processing or storage of sensitive information, and for online shopping.
  • Plan to upgrade or replace the computer as soon as possible.

 

Related Articles

Sans OUCH! The End of Windows XP

http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201403_en.pdf

 

Below is a summary of the combined security bulletins for the month of March 2014. Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, March 20th, at 11:00pm. If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically.

How to update your PC

How to update your Mac

Important notice to computers joined to the UTPA domain: The update distribution process has recently changed. On the day that the updates are distributed, your computer will present you with a notification (see screenshot below) giving you the choice to update your computer before the deadline of 11:00pm. This will allow people to be familiar with the updates that are being installed and it will also give the opportunity for installing the updates at your convenience (this way your machine is not forcefully restarted during the evening).

Software Update Installation Notification

 

 

Below is a summary of the combined security bulletins for the month of February 2014. Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, February 20th, at 11:00pm. If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically.

How to update your PC

How to update your Mac

Important notice to computers joined to the UTPA domain: The update distribution process has recently changed. On the day that the updates are distributed, your computer will present you with a notification (see screenshot below) giving you the choice to update your computer before the deadline of 11:00pm. This will allow people to be familiar with the updates that are being installed and it will also give the opportunity for installing the updates at your convenience (this way your machine is not forcefully restarted during the evening).

Software Update Installation Notification

 

 

Below is a summary of the combined security bulletins for the month of January 2014. Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, January 23rd, at 11:00pm. If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically.

How to update your PC

How to update your Mac

Important notice to computers joined to the UTPA domain: The update distribution process has recently changed. On the day that the updates are distributed, your computer will present you with a notification (see screenshot below) giving you the choice to update your computer before the deadline of 11:00pm. This will allow people to be familiar with the updates that are being installed and it will also give the opportunity for installing the updates at your convenience (this way your machine is not forcefully restarted during the evening).

Software Update Installation Notification

 

 

Below is a summary of the combined security bulletins for the month of December 2013. Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, December 19th, at 11:00pm. If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically.

How to update your PC

How to update your Mac

Important notice to computers joined to the UTPA domain: The update distribution process has recently changed. On the day that the updates are distributed, your computer will present you with a notification (see screenshot below) giving you the choice to update your computer before the deadline of 11:00pm. This will allow people to be familiar with the updates that are being installed and it will also give the opportunity for installing the updates at your convenience (this way your machine is not forcefully restarted during the evening).

Software Update Installation Notification

 

 

Below is a summary of the combined security bulletins for the month of November 2013. Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, November 21st, at 11:00pm. If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically.

How to update your PC

How to update your Mac

Important notice to computers joined to the UTPA domain: The update distribution process has recently changed. On the day that the updates are distributed, your computer will present you with a notification (see screenshot below) giving you the choice to update your computer before the deadline of 11:00pm. This will allow people to be familiar with the updates that are being installed and it will also give the opportunity for installing the updates at your convenience (this way your machine is not forcefully restarted during the evening).

Software Update Installation Notification

 

Below is a summary of the combined security bulletins for the month of October 2013. Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, October 17th, at 11:00pm. If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically.

How to update your PC

How to update your Mac

Important notice to computers joined to the UTPA domain: The update distribution process has recently changed. On the day that the updates are distributed, your computer will present you with a notification (see screenshot below) giving you the choice to update your computer before the deadline of 11:00pm. This will allow people to be familiar with the updates that are being installed and it will also give the opportunity for installing the updates at your convenience (this way your machine is not forcefully restarted during the evening).

Software Update Installation Notification

 

Below is a summary of the combined security bulletins for the month of September 2013. Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, September 19, at 11:00pm. If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically.

How to update your PC

How to update your Mac

Important notice to computers joined to the UTPA domain: The update distribution process has recently changed. On the day that the updates are distributed, your computer will present you with a notification (see screenshot below) giving you the choice to update your computer before the deadline of 11:00pm. This will allow people to be familiar with the updates that are being installed and it will also give the opportunity for installing the updates at your convenience (this way your machine is not forcefully restarted during the evening).

Software Update Installation Notification

 

 

Older Posts »