Skip to Navigation | Skip to Content

ITS News

April 09, 2014

Important New Web (OpenSSL) Vulnerability

As many of you may have read or heard, a flaw has been discovered in one of the Internet's security methods—a flaw that could enable hackers to access user names, passwords, or other sensitive data.

A fix for this flaw, which was announced this week, is available and NYU is now working quickly to patch all of the University's systems that need patching. The flaw is associated with a widely-used technology known as OpenSSL, which is used to secure server transactions, and it is known as the "Heartbleed" vulnerability. OpenSSL is used by Internet service providers, system administrators, and universities around the world, including NYU.

What NYU is doing:
Technology Security Services (TSS) at NYU is reviewing our centrally provided systems and servers that need to be patched are being patched. TSS has been in touch with the NYU system administrators group (system administrators across campus) to alert them to the issue and the recommended fix. The CIO Council (IT leads at the schools) has also been alerted to this issue for any locally maintained and housed servers.

What should you do:
First of all, don't panic. Not all systems use OpenSSL, some that do are not vulnerable, and many websites are already installing patches on their systems.

If you are an administrator of any system, you should immediately upgrade your system to the latest version of OpenSSL. For more guidance, NYU system administrators should contact the IT Security Group at security@nyu.edu. Administrators of systems outside of NYU (e.g., cloud services) should contact the service provider or refer to the links below.

For users of NYU systems: ITS and other service owners across NYU are working quickly to patch systems as necessary. As examples, NYU Google Apps, NYU Classes, Albert/SIS, NYUHome, www.nyu.edu, NYU Login, PeopleSync, and all core NYU systems have either been patched, or are not vulnerable to this bug.

For users of non-NYU systems: If you don't know if the server you are connecting to has been patched, the most prudent thing to do is refrain from logging into non-NYU sites that contain sensitive data for a few days while those non-NYU servers are patched. If there is no information from the system owners after that time, you should contact the site to confirm that the patch is in place. If you are curious as to whether a page may be affected by the flaw, you can visit this Heartbleed test site and put in the name of the website you are concerned about to see whether it is vulnerable. However, not all sites can be tested in this way.

What the Internet is doing: Internet providers and server administrators around the world are doing assessments of their systems in order to patch their version of OpenSSL.

References:

March 31, 2014

"NYU WARNING!!!" phishing scam

There are new reports about a phishing message that purports to come from "Nyu Helpdesk" The phishing message claims "This is an automated message to notify you that a valid password was used to login your Nyu account from an unrecognized device, Today Monday, March 31th, 2014 at 03:00(UTC+02), in Baghdad, Iraq (IP=37.77.52.17) as a result of that your account has been temporarily suspended.," and instructs the recipient to click on a web link. An adjacent URL takes victims to a malicious website that requests, amongst other things, the NetID and password. This message is a forgery and should be deleted immediately.

Continue reading ""NYU WARNING!!!" phishing scam" »

March 24, 2014

"Notification" phishing scam

There are new reports about a phishing message that purports to come from "nyuadminform" The phishing message claims " you may not send or receive new mail until to re-validate your nyu.edu mailbox," and instructs the recipient to click on a web link. An adjacent URL takes victims to a malicious website that requests, amongst other things, the NetID and password. This message is a forgery and should be deleted immediately.

Continue reading ""Notification" phishing scam" »

March 10, 2014

Connect-Direct: March 2014

Connect-Direct is a publication of NYU's Information Technology Services (ITS), offering computer-related news, security alerts, and other information of interest to people who use IT at NYU. Thank you for reading!

This issue:

NEWS

Upgrade to the new NYU VPN software

The NYU Virtual Private Network (VPN) service was recently upgraded to support the newer Cisco AnyConnect software client. If you've used NYU VPN in the past, this change will require you to install new software. However, you'll be able to establish a secure remote connection to NYU web resources from a wider range of mobile devices and operating systems, including Android devices. Visit the ServiceLink knowledge base for instructions on how to download and configure the new AnyConnect software.

Important: Please upgrade your software client as soon as possible, as support for the legacy software client is being discontinued by the vendor. For additional support with VPN, contact the IT Service Desk.

lynda.com training resources now available to global NYU community

NYU recently licensed lynda.com's online training library of instructional videos, courses, and tutorials for use by most of the global NYU community. This new service can be accessed via the NYUHome Academics and Work tabs, at www.nyu.edu/lynda, and through the lynda.com mobile apps.

Visit the ServiceLink knowledge base for more information. The IT Service Desk is available to assist with questions about logging into lynda.com, and support for using the service is available directly from lynda.com: www.lynda.com/support.

Save time and paper with the NYU Print Service

The NYU Print Service is an easy-to-use, two-step process that broadens your printing options and conserves resources. Students, faculty, and staff can submit their print jobs to the service's centralized print queue (where they will be held for up to 24 hours), then release the jobs at a convenient time from any of the service's printers. NYU community members who use the NYU Print Service help to eliminate abandoned print jobs, reduce waste, and promote community awareness about the conservation of natural resources.

Currently, the NYU Print Service supports over 60 printers throughout the Washington Square campus, and has approximately 120,000 active users. In addition, the service will be rolled out at NYU Berlin, Washington, DC, Sydney, Prague, Florence, and London over the coming year. For more information about how to submit and pick up print jobs using the NYU Print Service, view this instructional video or visit www.nyu.edu/its/print.

New in Connect: IT at NYU

Several new articles are now available in Connect, NYU's online magazine covering IT-related news, events, and research. "Embracing Open Space Technology at 2014 IT UnMeeting" is a look at the recent TorchTech event, discussing new and emerging ways of investigating technology; "Create a Better NYU Hackathon" highlights NYU's first such event and the web applications created by students; and "lynda.com Online Training Library" is an overview of the University's recently launched lynda.com service (see above news item). Additional information about NYU's VPN service is available in "Download the Upgraded NYU VPN and Connect Securely."

You can read these and previous Connect articles at: www.nyu.edu/its/connect. We also welcome the entire community's ideas for future articles. Please send story ideas to its.pubs@nyu.edu.

Spring 2014 ITS and Libraries training schedule

All members of the NYU community are welcome to sign up for ITS and NYU Libraries classes and workshops throughout the academic year. There is no charge for the sessions, but participants should bring a valid NYUCard to in-person classes and workshops. You can view the most up-to-date training schedules by clicking the links below:

February 26, 2014

Nominate a Student for a 2014 ITS Computing Prize

ITS annually sponsors two student computing prizes: the Max Goldstein Prize and the George Sadowsky Prize. Nominations are open until the dates specified below, and can be submitted by any NYU community member.

The Max Goldstein Prize of $500 is awarded to an NYU undergraduate who has applied computing in a creative and practical way to improve the academic, cultural, or social life of the NYU community. Please send nominations — including the student's full name, school and class year, your relationship to the nominee, and a brief description of his/her accomplishments — to maxgoldsteinprize-group@nyu.edu by noon on Monday, March 24.

The George Sadowsky Prize of $500 is awarded to an undergraduate or graduate student who exhibits exemplary innovation in using the Internet for community service. Please send nominations — including the student's full name, school and class year, your relationship to the nominee, and a brief description of his/her accomplishments (including the website address) — to sadowskyaward-group@nyu.edu by noon on Monday, March 31.