Skip to Navigation | Skip to Content

ITS News

search the news

October 28, 2014

Prototyping Showcase, GIS, and More in Connect

The latest articles in Connect: Information Technology at NYU include a look at innovative creations by students at the NYU Polytechnic Prototyping Fund Showcase, Instructional Video Module Production, Global Learning Innovation, and mapping data with Global Information Systems.

Click the links below to read one of the latest articles, or visit Connect to see all our most recent articles as well as an archive of previous articles and issues.

  • Innovation at the NYU Poly Prototyping Fund Showcase
    "NYU's Polytechnic School of Engineering (SoE) Prototyping Fund Showcase is a collaborative program offered by the Greenhouse at NYU Polytechnic SoE (sponsored by a VentureWell grant) and the NYU Entrepreneurial Institute. It's one of an increasing number of innovation showcases occurring across the University. Each semester, ten teams of students receive up to $500 to build a hardware or software prototype."
  • Connecting a Student's Academic Career with Learning Portfolio
    "As part of an ongoing effort to provide a more manageable, consistent experience for NYU students and faculty around the world, the University has recently launched an initiative called Global Arch. The effort currently includes three projects aimed at supporting student and faculty activities across the University's many campuses. Among these projects is the Learning Portfolio."
  • Geographic Information Systems: Mapping Data
    "The availability of "big data," allows us to capture and contextualize information, and then draw conclusions in ways that were never available in the past. We now have the tools to combine and analyze large, disparate data sets in order to make the data more useful. One very effective and popular way to do this is through Geographic Information Systems (GIS)."
  • Global Learning Innovation Brings Technology to Classrooms
    "The advent of educational technology has brought with it an onslaught of new resources and studies evaluating their effectiveness. For those professors who want to incorporate technology and media into their lessons, figuring how to do that and which forms of media and/or technology to use can be quite daunting for someone whose expertise is in a completely different field of study."
  • Augmented Reality Links Real and Virtual Worlds
    "Imagine watching a televised football game and seeing the first down line marking the field. This virtual object that appears on the playing surface (sports scores during a TV match is another example) is, in fact, augmented reality in action. But the use of augmented reality (also known as AR) isn't just limited to the world of sports. Augmented reality - the modification of a user's view using computer graphics, sounds, video, and other data - is used every day to insert digital and virtual information into your real-world environment."
  • Digital Studio Instructional Video Module Production to Faculty
    "During the Fall 2014 semester, NYU IT, in coordination with the NYU Libraries, launched a new service that supports faculty in the production of instructional video modules (short, self paced media vignettes faculty create to meet learning objectives)."
October 01, 2014

A Note On Illegal Downloading

Marilyn McMillan, Vice President, Information Technology & Chief Information Technology Officer

A large percentage of people who use the Internet have downloaded music or movies. And most of the individuals who download these files—through paid services, file-sharing applications, or peer-to-peer networks—by now are aware of how prominent the issue of illegal downloading has become.

The University's stance on this issue is simple: using your computer to download or distribute copyrighted material illegally is impermissible, and you should not do it. Be aware: some applications for downloading music, movies and other files actually turn your computer into a server, allowing it to be used for distributing copyrighted material. If you are doing illegal downloads or distributions now or have done so, you should stop.

The music industry thus far has principally targeted those whose computers distribute illegally downloaded music, rather those who simply download. The Recording Industry Association of America (RIAA) is using the legal tools provided by the U. S. Digital Millennium Copyright Act (DMCA) of 1998. When a copyright complaint is received, the student responsible for the network address listed in the complaint is notified by email and sent a copy of the complaint. The student is asked to review NYU's policies, and to confirm in writing that s/he will abide by them. If the student does not respond, his/her network connection is blocked. If there are repeated incidents, the matter then is referred to the student judicial process. A range of penalties is available within the judicial process; the specific penalty depends upon the result of that process and may include suspension of account privileges. If the RIAA believes you are involved in illegal downloads or distribution of copyrighted materials and submits a valid subpoena to NYU seeking your identity, the University will comply with the subpoena and furnish your name and contact information to the RIAA's lawyers.

Federal copyright law itself includes a range of penalties, from $750-$130,000 per infringed work, or as much as $150,000 per work, if the infringement is deemed "willful". See Copyright Law of the United States of America (www.copyright.gov/title17/92chap5.html). A claim of "fair use" can be used as a defense against a claim of infringement, see Limitations on exclusive rights: Fair use (www.copyright.gov/title17/92chap1.pdf), the NYU guide to copyright law as it relates to academic research, teaching, and publication (library.nyu.edu/copyright/), NYU's Copyright and Fair Use resource (www.nyu.edu/footer/copyright-and-fair-use.html), and NYU's Statement of Policy and Guidelines on Educational and Research Uses of Copyrighted Materials (www.nyu.edu/content/dam/nyu/compliance/documents/
CopyrightedMaterials.1.6.14.pdf
). There may also be criminal penalties for willful copying of a work for profit or financial gain, or if the work has a value of more than $1,000. Penalties can include a one-year jail sentence plus fines. If the value is more than $2,500, you may be sentenced to five years in jail plus fines. Criminal penalties generally apply to large-scale commercial piracy.

We know that illegal downloading of music is a widespread practice. It has become an international phenomenon, one that is hardly confined to college campuses. Its allure is clear: why would you pay for something—a song to load on your MP3 player or a movie to load on your laptop—when you can get it for free with a little exploration and few keystrokes? And why would you not share something for free with friends?

In answering those questions, the University appeals to what Abraham Lincoln once called "the better angels" of your nature and to your commitment to the culture of scholarship.

As communities of scholars and learners, research universities—such as NYU—have two primary missions: to educate students and to create knowledge. This latter mission involves the production of original scholarship and research. Accordingly it is accompanied by an enormous respect for proper recognition being given to the creator of those ideas and knowledge. In higher education, it is considered a grave act to take another's work without permission or attribution. At NYU, which also has large and renowned programs in the arts, this respect extends to the creation of new art.

Few in this community would uphold shoplifting CDs from a record store. And few would be content to see their own work—a paper, for instance, or a journal article, or a term project in a course—taken by someone else and used without permission.

Yet, in reality, that is what you do when you download copyrighted files illegally. However you may feel about the music or film industry or about their responses to piracy, when you download copyrighted files without permission, you are stealing the work of a director or a producer or an artist. It is not only wrong; it puts you at legal risk.

The Internet has brought unimaginable access to information and extraordinary flexibility and opportunities for exploration and communication. NYU wants you to take advantage of all that. But, just as you abide by certain standards of behavior for scholarship and for University life, so, too, should you abide by high standards when it comes to the intellectual property of others on the Internet.

Originally posted: March 2007. Updated: August 2014.

Editor's Note: For more information about peer-to-peer file sharing, including NYU's policies and procedures regarding the practice, see www.nyu.edu/its/p2p/.

September 25, 2014

Active exploitation of recent Bash vulnerability

SUMMARY

TSS is aware of active exploitation of the recently announced Bash vulnerability. There is no action for end users at this time.

TSS strongly recommends all system administrators prioritize patching their systems as soon as possible. Patches are available for every major Unix distribution.

DETAILS

There is a vulnerability in Bash, a commonly used Unix shell, which in some cases may allow for remote code execution. It is difficult to reliably identify vulnerable systems so TSS is advising administrators of all Unix systems and Unix-based systems, including Mac OS X, to update their systems immediately.

From the National Vulnerability Database CVE entry:

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.

A good summary writeup of the vulnerability can be found here:

http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html

Technical details can be found here:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6271

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

http://blog.erratasec.com/2014/09/bash-shellshock-scan-of-internet.html#.VCQlR_ldVuM

NEXT STEPS

As mentioned, all system administrators should update their systems immediately. NYU ITS Technology Security Services will be monitoring the situation for any further developments and update this page as appropriate. As always, questions can be sent to security@nyu.edu.

August 07, 2014

Russian Crime Ring Data Breach

NYU IT Technology Security Services is aware of the NY Times Article that was published on August 6th, 2014 regarding the large number of records supposedly breached by a Russian cybercrime group. We have not yet received any indication that NYU was affected, and the company that put out the story has not been forthcoming with specific details to back up the report. That being said, NYU takes all potential breaches seriously, thus we will continue to monitor the situation and will take appropriate responsive action, including notifying any affected members of the NYU Community should we discover their accounts were affected. Please feel free to contact security@nyu.edu with any questions.

Continue reading "Russian Crime Ring Data Breach" »

July 31, 2014

New on Connect: Student Groups & Data Access

A new article has been posted to Connect: Information Technology:

"As a result of the rise of smartphones, tablets, WiFi connectivity, and other advances in mobile computing and communication, the field of mobile web applications has become one of huge growth and interest. For NYU's student developers, however, writing code is not always the most challenging part; it is getting access to the large amount of data that a successful app requires."

Read the full article here.