April 14, 2014
A major Web security vulnerability named “Heartbleed” was disclosed by security researchers last Monday afternoon. It affects a large portion of websites on the Internet that use OpenSSL to encrypt Web traffic (pages that start with https), and could enable remote attackers to steal sensitive information such as passwords from a vulnerable server’s memory.
At the UW, the Weblogin servers, which handle authentication of your UW NetID passwords before you can access online services, were patched less than 24 hours after disclosure and are no longer vulnerable. Other critical servers managed by UW-IT were similarly remediated.
At this time, UW-IT staff have found no evidence that NetID passwords were successfully captured by malicious attackers. However, this is a good time to review your password habits. Here’s what you can do:
- Change your UW NetID password if you have been re-using it for other accounts. Your UW NetID password should be different from passwords you use elsewhere.
- Do not click links in unexpected emails that ask you to reset you password or otherwise disclose personal information.
Details for the UW community about Heartbleed, including FAQs and resources, are available on the UW Office of the Chief Information Security Officer (CISO) website. Please contact firstname.lastname@example.org if you have questions.
April 9, 2014
The 2013 Information Security and Privacy Annual Report by the UW Office of the Chief Information Security Officer (CISO) is now available online. Read about CISO’s work to deliver information, tools and resources about securing personal and University data, computing devices, and information systems. Check out Dubs’ Dos and Don’ts of UW Data Privacy and find out how to detect phishing threats. You also are invited to enter a privacy-themed caption contest for the cartoon on the inside front cover by May 1.
April 4, 2014
Microsoft is ending support for Windows XP on April 8, and discontinuing the automatic security updates. For links to Microsoft recommendations on how to keep your Windows XP system secure and to Microsoft support, plus recommendations for securing your computer at the UW and the UW's PASS Council page on UW policies and responsibilities, see Securing Your XP System in IT Connect.
February 24, 2014
A new centrally supported Enterprise Document Management System for the UW to digitize, store and manage electronic business documents is expected to be available by early 2015, supporting paperless workflow, increased efficiencies and cross-department collaboration, while reducing the UW’s environmental impact. The new technologies will enable secure access and improved compliance with record retention policies. A pilot phase with several collaborating departments is underway for 2014. This initiative is a partnership of Financial Management, Office of Planning & Budgeting, Office of Research, Records Management, School of Medicine, Student Life, UW Bothell and UW-IT.
January 21, 2014
Get tips on how to safeguard your mobile devices and UW institutional information in a 10-minute online video, Mobile Devices and University Data: Risks, Threats and Best Practices, from the UW Office of the Chief Information Security Officer (CISO). This training is geared toward anyone who uses mobile devices to access University data, systems or networks—so this probably includes you.
December 26, 2013
Protect your new laptop or mobile device by registering your personal electronic equipment with UW Police to help in theft recovery, and by reading their crime prevention safety tips. The UW Office of Risk Management also provides loss control advice for laptops and mobile devices. University departments can buy low-cost coverage for owned, leased, or borrowed equipment (computer, office, audio-visual, and lab) used for UW work through Risk Management’s Equipment Insurance program.
October 7, 2013
A live demonstration showing how a malware attack works will be presented by Chester Wisniewski, Senior Security Advisor at Sophos, on Monday, October 28 from 1:00 p.m. to 4:00 p.m. in the UW Tower Auditorium. This event is sponsored by the UW Office of the Chief Information Security Officer Security Officer (CISO) as part of Cybersecurity Awareness Month. Find out more and RSVP.
August 9, 2013
The 23,000 staff and affiliates who use the UW Medicine Learning Management System now all sign in the same way, using their familiar UW NetID and the UW’s Shibboleth Identity Provider that works with the Weblogin service for Web authentication. This is one of the larger applications to move to these centrally funded services, and underscores a positive trend toward the widening use of standards-based protocols at the UW that enable single sign-on for better user experience and satisfaction while reducing cost and complexity, and providing for cross-institutional collaboration when it’s needed. Other UW units interested in making a similar change can get information online about UW NetID and Authentication services provided by UW-IT.
July 5, 2013
Learn how to handle and safeguard personal and UW institutional information in Security and Privacy 101, a short, engaging, information-filled video from the UW Office of the Chief Information Security Officer (CISO). Threats to our data are real, so find out what you are responsible for, what is valuable to cybercriminals, and what you can do to protect your devices. Browse other useful online security-related training and information from CISO.