Skip to Navigation | Skip to Content

February 2013

« January 2013 | Main | March 2013 »

February 15, 2013

Connect-Direct, February 2013

Connect-Direct is a publication of NYU's Information Technology Services (ITS), offering computer-related news, security alerts, and other information of interest to people who use IT at NYU. Thank you for reading Connect-Direct!

In this issue:

NYU Classes has launched
The spring semester marks the transition of all NYU schools and global sites to NYU Classes, with the exception of the College of Dentistry, the Leonard N. Stern School of Business, and the NYU School of Law—all three of which will be coming on board this summer. Since the beginning of the semester, NYU Classes has averaged over 40,000 logins per day!

As you continue to familiarize yourself with NYU Classes, ITS would like to remind you of the wide range of training options available to you. In addition to online training and documentation, ITS offers group training sessions (basic and advanced), a weekly webinar, and one-on-one consultations to meet the needs of faculty and staff. Please see www.nyu.edu/its/classes/training for more information.

Nominate a student for an ITS Computing Prize
ITS annually sponsors two student computing prizes: the Max Goldstein Prize and the George Sadowsky Prize. Nominations—which can be made by any member of the NYU Community—are now open.

The Max Goldstein Prize of $500 is awarded to an NYU undergraduate who has applied computing in a creative and practical way to improve the academic, cultural, or social life of the NYU community. Please send nominations—including the student's full name, school and class year, your relationship to the nominee, and a description of his/her accomplishments—to william.fry@nyu.edu BY NOON ET ON MONDAY, MARCH 25.

The George Sadowsky Prize of $500 is awarded to an undergraduate or graduate student who exhibits exemplary innovation in using the Internet for community service. Please send nominations—including the student's full name, school and class year, your relationship to the nominee, and a description of his/her accomplishments (including the website address)—to keith.whiteman@nyu.edu BY 5PM ET ON WEDNESDAY, MARCH 20.

Google core vs. commercial apps: Understanding the difference
This is a reminder about NYU Google Apps, which has been active at the University since May 2011. This service allows the NYU community access to over 70 Google applications, which offer various levels and types of information sharing and privacy safeguards. It is important to note that NYU Google Apps for Education is divided into two groups: core apps and commercial apps.

Google commercial apps include all applications other than E-mail, Calendar, Drive, Sites, Groups, Contacts, and text Chat (collectively known as the "core apps"). Commercial apps are not covered under the Terms of Use for NYU Google Apps for Education. Information stored in or transmitted via any commercial app (including Blogger, YouTube, Google Voice, and many others) is not private and can be used at Google's discretion. Commercial apps often contain specific terms of use regarding privacy, security, government access, and support.

Never post information classified as Confidential, Protected, or Restricted (as defined by NYU's Data Classification Table) in any commercial service, including Google's commercial apps. In order to avoid the risk of exposing sensitive information, you are strongly encouraged to read the privacy terms and terms of service for any commercial app prior to its use. In all instances, you should think carefully about what you post on any social medium and the repercussions of it being made public. For more information, ITS has published the Guidance for Privacy and Security in NYU Google Apps for Education to help NYU community members better manage sensitive data in NYU Google Apps.

ITS and NYU Libraries training sessions
ITS training sessions and workshops (www.nyu.edu/its/training) are available on a variety of topics, including NYU Google Apps for Education, NYU Classes, NYURoam wireless, NYU Wikis, and (in collaboration with the Libraries) statistics, mapping, and survey software.

The Libraries also offer an extensive set of workshops, classes, and tours on Library resources and tools. Visit library.nyu.edu/classes for details and to register.

In addition, NYU staff and administrators can access a growing number of classes and instructional courses covering a wide range of topics via NYUiLearn. To browse and register for available courses, visit the NYUHome Work tab (home.nyu.edu/work) and click the NYUiLearn Login button. In NYUiLearn's left navigation menu, click Course Catalog to explore the available options.

Keep your data and identity safe with strong passwords
As a security precaution, all members of the University community are required to create a new NetID password every year. While this doesn't necessarily occur at the beginning of the calendar year, it's always a good time to reevaluate the strength of the passwords you use. For some tips on selecting a secure password, as well as information about the latest University-wide password requirements, see the Ask ITS knowledgebase. When you change your NetID password, you should also be aware of which services are affected.

The Data Service Studio is now Data Services
Data Services (formerly called the Data Service Studio) is a joint service of NYU's Division of Libraries and Information Technology Services that supports quantitative, qualitative, and geographical research at NYU. We recently changed our name to more accurately reflect the broad portfolio of services we offer in support of all stages of the data and research lifecycle. These services—which have not changed—include training, consultation, and support on a wide range of software packages and data resources, as well as access to specialty software in our lab, located on the 5th floor of Bobst Library.

For more information, please visit the Data Services website at library.nyu.edu/dataservices.

Copyright infringement & the risks of illegal file sharing
NYU is firmly opposed to illegal downloading and sharing of copyrighted materials. It is important for members of the NYU community to be mindful of their personal responsibilities and possible penalties and repercussions. For more information, see A Note on Illegal Downloading on the ITS website.

February 14, 2013

Active exploits against Acrobat, PDF Reader (2/14/13)

There are various reports from multiple trusted sources about an active exploit affecting Adobe Acrobat and Adobe Acrobat Reader. At this time there is no security patch available to protect against this attack, however, enabling "Protected Mode" or "Protected View" in Adobe Acrobat Reader X/XI and Acrobat X/XI may mitigate a compromise.

There are various reports from multiple trusted sources about an active exploit affecting Adobe Acrobat and Adobe Acrobat Reader. At this time there is no security patch available to protect against this attack, however, enabling "Protected Mode" or "Protected View" in Adobe Acrobat Reader X/XI and Acrobat X/XI may mitigate a compromise.

Note: These features are not available in older versions of Adobe Reader or Acrobat.

Affected Operating Systems:

  1. Windows XP
  2. Windows Vista
  3. Windows 7
  4. Windows 8


Adobe Acrobat Reader X / XI - Windows (free version):
While Reader X/Xi run in "Protected Mode" by default, you may wish to verify that the feature is enabled. To check the status, do the following:

Choose File > Properties > Advanced > Protected Mode

To turn on protected mode:

  1. Choose Edit > Preferences
  2. In the Categories list on the left, select General
  3. Select Enable Protected Mode at startup


Adobe Acrobat X / XI - Windows (paid version):
In the full paid version of Adobe Acrobat, "Protected View" is not enabled by default. For more information on how to enable "Protected View" in Acrobat X/XI see:

https://blogs.adobe.com/pdfitmatters/2011/06/protected-view-in-acrobat-x-version-10-1.html

Enabling "Protected View" may disable or break certain functionality so it is imperative you test this feature against your standard application usage and business processes.


Adobe Acrobat X / XI and Reader X / XI Updates:
Adobe Acrobat X/XI and Reader X/XI are set to check for security updates regularly. When prompted to install these security updates, you should click "Yes" and follow the on-screen instructions. In certain cases, a restart of your computer may be required.

To manually check for updates, do the following:

  1. Open the Adobe application
  2. Click on the Help option along the top menu bar
  3. Click on Check for updates now (or Updates)
  4. Follow the on-screen instructions.


If you need assistance with any of the aforementioned, contact your local Systems Administrator or the IT Service Desk, open 24x7x365. In New York, call 212-998-3333; in Abu Dhabi call 02-628-8888. For full contact information at all NYU global sites, see www.nyu.edu/its/askits/helpdesk

Sources:
[1] http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html
[2] https://www.adobe.com/support/security/advisories/apsa13-02.html
[3] https://blogs.adobe.com/pdfitmatters/2011/06/protected-view-in-acrobat-x-version-10-1.html
[4] https://krebsonsecurity.com/2012/11/experts-warn-of-zero-day-exploit-for-adobe-reader/