News & Notes
Recent Feb 2005 ; Apr 2005 ; May 2005 ; Aug 2005 : Sep 2005 : Oct 2005 ; Feb 2006 ; Jan 2007

• March 2007

NEWS:
PASSWORDS

ALL NetID passwords MUST be changed by 8:00AM Tuesday May 29, 2007. ITS feels compelled to take this action for "Industry Best Practice" reasons. The new password must comply with the following requirements. All passwords must be 8-14 characters long AND contain at least two numerical characters. This is a relatively painless task, just go to http://www.yale.edu/its/accounts/password_NetID.html and follow the directions there.

NOTES:
MS Office 2004 (Macintosh)

Many users are experiencing less than stellar performance of Office on the new Intel™ based Macintosh computers. In particular PowerPoint presentations take an extremely long time to load and present in addition, embedding QuickTime™ movies don't run properly. Most likely cause for the trouble is the fact that Microsoft has yet to release a 'Universal' version of the Office Suite for the Macintosh community. This means that the Office applications run via Rosetta, Apple's emulation package that allows applications written for the PowerPC™ chip to run on Intel™ based Macintosh computers. There is little that can be done to 'fix' these problems. These problems are more evident when the presentation is large, say >20MB. If it is possible to edit down the size of your PowerPoint file that may help. In the meantime we must wait and hope Microsoft will come to their senses and release a new version of MS Office for the Mac community.

VISTA

For those of you considering upgrading your computer to VISTA I strongly encourage you to read this page: http://blogs.yale.edu/roller/page/ITS?entry=windows_vista_is_released Pay close attention to the application support and computer age issues noted there. Also note that at present ITS support staff is not yet ready to provide assistance with VISTA troubles. The expectation is that by July '07 some staff will be prepared to help with machines running VISTA.

• January 2007

NEWS:
Vista and Internet Explorer v.7

Yale ITS is still recommending that users NOT deploy either of these packages on machines running on the Yale network, see: http://its.med.yale.edu/announcements/announce.php?id=733 for more information regarding Vista and http://www.yale.edu/its/software/win/ie7.html for information regarding IE v7.

Classesv2 and OS X

If you haven't already switched your class web site to Classesv2 you will have to by Fall 2007. Macintosh users must upgrade their machines to OS X 10.4.x (aka Tiger) to obtain full WebDAV capabilities. This allows the instructor to mount the course's Resources folder as a disk drive on their local desktop to facilitate the upload of documents for use by students. Contact Greg Fitzgerald for more details.

More information regarding Classesv2 is here.

NOTES:

SPAM and in particular Phishing continues to be a problem on the Internet. Do Not reply to messages asking you to update personal information or to 'click here' to access your account. If you have an electronic account with a bank, credit card company or other service provider it is recommended that you initiate the contact with the institution's main web page to do business such as pay bills rather than clicking on links within email messages. It is trivial for criminals to establish a proper looking web site with all of the correct logos and graphics.

More information is here regarding SPAM including Phishing at Yale.

• February 2006

NEWS:
Macintosh Vulnerability Issues

Mac users now must be a vigilant as their Windows counterparts. There are real exploits that could do harm to an OS X system.

What to do?
1. Keep you SAV virus definitions up to date, probably not a bad idea to run Live Update once a week.
2. For the time being switch to FireFox v1.5 as your default browser. Obtain it FREE here.

New Tivoli Backup Client for OS X

Yale ITS is now recommending users switch to version 5.3.2.1 of the TSM client for proper backup function on OS X Macintosh machines. Use the link to the left to go to the Yale TSM - Macintosh web page for a link to the new version of the client software.

NOTE: before installing the user must do the following to remove all vestiges of the previous installation:

In order to upgrade TSM, you need to wipe out the old program entirely.
1. Delete Tivoli Storage Manager from Applications
2. Delete the folder /Library/Application Support/tivoli
3. Delete the folder /Library/Preferences/Tivoli Storage Manager
4. Restart the computer.
5. Empty the trash (this will make sure all of the active processes are gone before you start the new install).

All email users

Yale email traffic has increased dramatically since late 2005. As a result Yale ITS has implemented a 33% increase in capacity. Most interruptions you may have experienced during the past two to three months should be alleviated by this improvement.

• October 2005

NEWS:
Acrobat Pro v.7.0 available

For Faculty in the Arts & Sciences ONLY. Go to the Yale Software Library. Mac users will receive the key code via email while Windows users will not require one to install the software. Users are limited to ONE installer download. If additional copies are required you are encouraged to go to GovConnection via the Yale ePortal to purchase them.

• September 2005

NEWS:
Browser Vulnerabilities !

Firefox, Mozilla and Netscape have buffer/heap overflows
(which can cause crashes or code execution and compromise)
if they process URLs with bad DNS domain names (e.g. as
found in specially crafted malicious web pages).

Until new versions of the browsers come out (hopefully early
next week) users should be careful when browsing untrusted
websites.

All Firefox browser versions apparently are affected (including
the beta 1.5 released today) and Netscape versions 7 & 8.

The vulnerability is in all operating system platform versions of
these browsers apparently.

- Yale ITS InfoSec

Updates available from:

Firefox
Netscape

• August 2005

NEWS:
Yet another WORM outbreak!!
This most recent 'Zotob' worm outbreak (Windows only) serves to remind all of us to be vigilant with BOTH Windows Updates as well as virus definition updates. Users MUST set their anti-virus software to obtain updates DAILY!! Also, Windows Update should be run at least once a week and ALL security related updates should be installed.

Unfortunately this is the nature of the current Windows world. Vulnerabilities are being probed continuously and when found it's only a matter of hours or days before a 'nasty' is released on the Internet. MCDB had only a few hits this time, a clear improvement from the 'Blaster' & 'Welchia' worm outbreaks of August 2003. However, there was sufficient notice of this worm both from Microsoft and the main stream media so that no one should have been affected. Please be aware of the continuous nature of this threat to the Windows OS. All users must be responsible for the daily 'care and feeding' of their machine's OS.

Tiger
Apple has released OS X 10.4 and it is a significant improvement in the OS X world. There were some 'bugs' in the initial release but as of v.10.4.2 it is 'ready for primetime.' Apple has summarized the ~200 new features here. The OS is available through the Apple Store for Education for Yale University at a price of $69 per copy. Faculty should contact Greg Fitzgerald regarding their copy of the new OS.

NOTES:
It's a good idea to periodically check the Yale Software Library for updates to software you use frequently. The versions up on the Software Library have been tested for use here on the Yale network. If you choose to jump ahead of the version they have tested, you are at risk of unexpected errors or other problems with the software's performance.

• May 2005

NEWS:
Connecting to Yale-restricted resources from off-campus
Many users of Yale's electronic resources often need to access them from off-campus sites. Most commonly, people working at home using a broadband (DSL or cable) connection require access to files on servers, email, or on-line journals. While most Yale assets are publicly accessible, connecting to some resources, such as on-line journals, is restricted to machines on the Yale network. more . . .

Many Web browsers have released Security Updates in the past month. Check either on the Yale Software Library page or the Developer's Web site for updates.

SBC Users
Recently SBC changed a security setting for their network which has blocked outbound (SMTP) email for individuals using non-SBC email servers, such as those at Yale University, for sending email. Many SBC customers do use SBC servers to send out email so this change will not have affected them. A detailed description of these SBC changes is available at: http://help.sbcglobal.net/article.php?item=4640

Yale University individuals that have SBC connections in their off-campus offices or homes can continue to use Yale email services to send email if they wish to with the following:more . . .

NOTES:
MAC Users
Apple has released OS X 10.4 (aka Tiger). There are still many compatibilty issues with this new release. As such it is recommended that you not install this on a critical machine just yet. Hopefully by mid summer many of these problems will be worked out and users may then consider if they want to make the upgrade. As with all upgrades it is strongly recommended that you back up all critical files before performing the install.

______________________

• April 2005

NEWS:
Faculty Support now has an updated page containing many valuable links: http://www.yale.edu/fasit/. Among the new items are: information about the freely available Spyware software and a detailed description of how to obtain multiple Microsoft Office licenses.

NOTES:
Yale ITS Security recently issued a strong recommendation for users to upgrade certain browser software. Unfortunately there are many vulnerabilities in these packages and this list of updates fixes them. As always, backup any sensitive files on your machine before installing any new software.

Upgrade your software to the following versions:

IE 6.0.2 Service Pack 1 (on 2000, XP & XP SP 1)
Firefox 1.0.2 (fixes a bug in 1.0)
Mozilla 1.7.6 (fixes 1.7.3)

All these updated versions are available here.
______________________

• February 2005

NEWS:
The new Computer Equipment, Software and Supplies vendor at the Yale ePortal is GovConnection which replaces CDWG as the preferred vendor for supply category. As with CDWG all new users must create an account with GovConnection to use their site. Follow the instructions on the initial login screen.

NOTES:
Various worms and other 'malware' exploits still pose a real danger! Keep your Norton AntiVirus (NAV) definitions up to date as well as any Critical Security Updates that are made available for both the Microsoft Windows and Apple Macintosh Operating Systems. Norton AntiVirus is available from the Yale Software Library (use links on left). Never share your passwords and try to use a combination of alpha and numeric characters to make them more difficult to guess.

University Wide Spam Rejection

"As of January 26, 2005, email messages coming to Yale from known spam sending computers are rejected rather than being tagged as spam and delivered as in the past. The majority of individuals at Yale filtered the more than 500,000 such tagged email messages each day away from their inboxes. They, therefore, never actually read the messages that were identified as spam. Rejecting these messages has two positive benefits for Yale University. First, Yale email servers are not inundated with this email and second the very few messages that are "false positives" (real email that is identified as spam) receive rejection messages to alert the sender that their message is not being read by the recipients." more . . .
____________________

Spoofing involves the generation of messages on an infected machine using its local address book. If your e-mail address is in such a machine's address book, e-mail will be generated 'allegedly' from you and sent to all other addressees in the infected machine's address book. This may result in you receiving an e-mail claiming that you sent an infected message, which of course you never sent. The best solution to this is to delete the warning e-mail OR send a copy of the warning message including 'full message headers' to abuse@yale.edu.

The exploit known as e-mail phishing involves the use of messages soliciting personal information from you, such as account numbers, passwords, etc. DO NOT click on any links in these messages as authentic as they may appear. Legitimate institutions will not solicit such information in this manner. As with Spoofing, you should simply delete these messages.