Emerson Freshmen Hantzley Audate interviewed Frankie Frain, the Director of Networking and Telecommunications, about the recent Heartbleed bug for a Journalism class assignment (JR103).
Your Support Requests
IT Blog Posts
Some subtle but amazing graphical changes are now available in Canvas. Marking conversations as read or unread and sharing feedback with students have been given some tender love and care.
We’ve blogged about this before, and it was still a common question going into this semester: How do students find the feedback professors make in SpeedGrader? Before, it was a small, unlabeled icon that resembled a magnifying glass and a piece of paper. However, as you can see in the screen shot below, it’s now labeled in a way that will be much clearer to students. Since not all documents allow for instructors to make annotations using Crocodoc, sometimes the button will simply say “Preview”, but it will lead students to all the comments associated with the assignment.
If there was something that faculty have been making known to us, it’s that Canvas Conversations should be more like email. With this latest addition, it’s one step closer to acting like an email client. Not only can multiple messages be selected, but they now can be marked as either “Read” or “Unread”. This will help keep the blue dots in the Inbox more manageable!
If you want to know more about the latest updates in more detail, check out the release notes on Instructure’s website. As always, please email or call ITG if you have any questions about how to integrate technology into your course. We can be reached at 617-824-8090, or by emailing firstname.lastname@example.org.
Yesterday, a massive security flaw (nicknamed “Heartbleed”) was uncovered which compromises secure computer systems across the Internet: at least 66% of websites as well as mail servers and other systems.
OpenSSL, a library of security and cryptographic algorithms, was discovered to have a vulnerability that’s been present as far back as two years. Many websites and apps that you use every day are affected by this, and they are scrambling to fix the issue. Most notable software using OpenSSL are the open source web servers like Apache and nginx. The combined market share of just those two out of the active sites on the Internet was over 66% according to Netcraft’s April 2014 Web Server Survey.
How was Emerson impacted?
Some of Emerson’s secure websites relied on potentially-exploitable OpenSSL libraries. We have patched these sites with an update fixing the vulnerability, and have replaced their security certificates. This means that there should be no way for anyone to exploit these websites, or decrypt traffic coming to and from them, even if they had been compromised.
How does this exploit work?
This vulnerability may have allowed malicious hackers to capture small bits of data on secured systems, including user account information, such as passwords, as well as the systems’ security keys themselves. This could allow unencrypted eavesdropping even after the vulnerability is closed, if the system’s security keys haven’t been changed. Unfortunately, there’s no way to know if anything actually was compromised, as the exploit leaves no trace. It’s that bad.
At this point, many affected websites across the Internet are applying the patch and getting new security certificates. You can think of this as replacing the deadbolt and rekeying the lock. Some websites you use may ask you to change your password in the coming days as an additional precaution. Make sure you do not click links in emails. Make sure you go to the website directly, and only if you have been prompted.
There is nothing to suggest that Emerson usernames or passwords were compromised, but to be safe, we strongly recommend you change your Emerson password as soon as possible. Please visit http://password.emerson.edu/ to do so.
You can read more about the Heartbleed bug as well as the internet’s response at TechCrunch.
If you have any questions or concerns, please feel free to contact us by phone at 617-824-8080 or online at it.emerson.edu/help.
At Emerson IT, we’re always looking to improve the way we do things. Most recently, we’ve been looking at our email template. This is the visual style of the emails that you receive from us, either as IT announcements or tickets. It’s hard to miss, with a large purple banner at the top!
Our goal was always to have a distinctive look to our messages to help you recognize them, and more importantly, to help you recognize messages that aren’t from us. Phishing emails are always a big problem, but the template can help you recognize when an email is not legitimate and should not be trusted. However, we received feedback that the email in its current form obscured the content of the message with a huge banner. This is typically referred to as “the fold,” the point at which people must scroll in order to read anything else, and most people find it pretty inconvenient!
In response to your feedback, here’s our new version:
It’s cleaner, easier to read, and the content starts almost immediately. From now on, this email will take over for all IT announcements and ticket emails, so make sure you look for this template. We hope you like this new version and it makes a difference!
In an effort to increase transparency and accountability, we’ve worked hard over the last year to expand and document our evolving policies. We recently published the first round of these new policies, which you can read here: http://it.emerson.edu/policies/
Policies like Data Protection and Mobile Device Security serve to highlight the measures we take to keep your data private and secure. Other policies, like Software Installation and Temporary Workspace Lab Storage, are meant to clarify exactly what we support in the spaces we manage. These new policies, in conjunction with our Defined Services & Support page, are meant to provide a comprehensive view of how IT works at Emerson College.
We will continually update and add new policies as our procedures and technologies change. As always, if you have any feedback, please do not hesitate to send it our way.
From September 1st to March 6th IT had 3246 requests for help… and that doesn’t even count the requests for new projects and time spent working on projects already in progress.
We have gotten your feedback on 19% of those requests, and it is overwhelmingly positive!
Average responses from 617 surveys:
We get an average of 333 requests for help per week! The busiest week was the first week of school (589 requests), and the quietest was during winter break (3 requests).
Every time we resolve a request (also called a ticket), the user has about a 50% chance of getting a survey asking if they are satisfied. (You will not get a survey if you’ve gotten one in the last 5 days).
Thank you for all your feedback!
This is a post especially for those of you who live on Emerson’s Boston campus. No, it is not about Saint Patrick’s Day, HempFest, or the Red Sox. It’s about DHCP. Some on-campus-dwelling, Boston-based Emersonians experienced an interruption in wired network service on Monday, March 10th. This happened because a rogue (read: unauthorized) DHCP server was intercepting traffic on our network and preventing users from connecting to the internet.
DHC-whaaaaa? DHCP: Dynamic Host Configuration Protocol. DHCP is what computers use to join a network, and to obtain the information they need in order to connect to the internet. It is a protocol, a system of rules by which computers communicate with one another. It’s not a language, but a conversation.
What’s being said?
- If it’s the first time your computer has ever been plugged in to a network, it broadcasts a discover message.
- DHCP servers connected to the network see this message and recognize that a device is looking for information. They respond with an offer, which includes important information needed to join a network: an IP address (so you can send and receive packets), the domain’s nameservers (so you can type google.com into your address bar instead of 18.104.22.168), the time servers (so your computer knows what time it is), and more.
- The computer then requests to use the IP address and other information included in the DHCP server’s response.
- Finally, the DHCP server can either acknowledge or deny this request. If the request is acknowledged, the computer is connected to the internet! If the request is denied, the whole conversation starts over again.
Any DHCP server plugged in to a network can start offering IP addresses to requesting clients. There are lots of devices that can function as DHCP servers. This Apple AirPort Extreme, for example. If someone plugs the WAN port on one of these babies into our student wired network, it starts behaving like a DHCP server right alongside our own. What it doesn’t have is any of the correct information: it provides computers with invalid IP addresses, blank nameserver IPs, etcetera, which make it impossible for the computer to connect to the internet. So it’s handing out BS to students’ computers and stopping them from gaining access to the internet. This is what we experienced on Monday.
The networking team located the rogue device in a dorm room, disabled the ports it was connected to, and forwarded the necessary information to Housing and Residence Life so they could contact the student and take action. Now is a good time to remind everyone using Emerson’s network, wired or wireless, of our Electronic Information Policy. Item three in the list of Guidelines for Ethical Behavior reads:
Network services and wiring may not be extended beyond the port provided. Retransmission or propagation of network services is prohibited without explicit permission. This includes the installation of hubs, switches and wireless equipment.
Please remember that any unauthorized networking equipment you bring to your dorm room, in addition to violating policies you agreed to abide by, impacts the quality of service we can provide you and students living around you. If you are experiencing issues with connectivity or wireless signal strength, contact the Help Desk at (617) 824-8080 or put in a ticket at it.emerson.edu/help.
Need help? Call us!
Help Desk Hours:
See complete hours in our calendar »
Systems Currently Reporting Problems
Data from What's Up? »
See more in our calendar »
Current Public IT Projects
Project list powered by Basecamp »
Send us Feedback
Through our feedback form »