October is National Cyber Security Awareness Month, a time set aside to heighten awareness of online threats and how to protect yourself, your computer or device, personal information, identity, bank account and/or reputation.
Each October the Information Security Group ratchets up their efforts to bring their message of computing safety to the Brown community. As part of this year's theme of Don't Get Caught, Get Cautious, ISG has planned special Brown Bags, prepared online materials that includes weekly quizzes, and is once again holding a raffle, with prizes that include an iPad mini and Samsung Galaxy Tab 3.
Visit Don't Get Caught, Get Cautious for full details on how to sign up for classes and enter the contest.
On Thursday, November 21, Brown's Shibboleth login screens are getting a new look. Though you may not know it by name, you have probably used Shibboleth to log in to many access-restricted Brown websites and services such as Canvas and Workday.
The new look brings our login screens in line with the University's web branding initiative that started with the homepage in 2010. Logging in still works the same, the only thing that changes is the visual design of the login and error screens.
The new format makes authentication (logging in) easier for Faculty, Students, and Staff. It highlights important information and helps visitors to be aware of which services have asked that they authenticate.
In addition to having a new look, the page is built with a "responsive" layout. That means it will automatically format itself to display well on your phone, tablet, or desktop browser.
A mobile-friendly login screen at Brown responds to increased demand for web content from mobile devices, and is critical to engage segments of the world's population that use only mobile devices for web access. Mobile traffic has grown ten fold from what it was three years ago, and currently accounts for nearly 25% of Brown's online visitors.
If you get a new computer over the break, remember that you'll be able to download Microsoft Office for free in 2014 through Brown - no need to buy a copy. In early January, look for more information in Morning Mail and on this site.
Google updated its look recently, changing the top menu bar. We've gotten a lot of questions about how to find some apps and features. Here's where to look:
Previously, you could access Google's apps (such as Mail, Calendar, Contacts, Drive) on the black bar across the top. Now, click the grid icon near the top right of the page and a menu of apps will appear.
Shared Mailboxes and Signing Out
Click your photo / icon on the top right to see your shared mailboxes and to sign out.
Other Suggestions for Finding Apps
Looking for your apps? Try these two suggestions to make them easier to find:
- Add your favorite apps (like Mail and Calendar) to your browser's bookmarks bar, and links will always show at the top of your browser. Every browser is different - here's information about the bookmarks bar in Chrome.
- Automatically open your favorite apps in new tabs each time you start your browser. Again, each browser is different - in Chrome, look for the "Open a specific page or set of pages" option.
Google Calendar invites sent to Google Groups will now automatically update as people are added to or removed from the group. In other words, if someone is added to the group, they will automatically be added to the event; anyone removed from the group will no longer see the event. Please note that group membership does not automatically update if more than 200 people are on the event's guest list.
Please join us for an Academic Technology Showcase Luncheon with Michael Satlow, December 13, 2013 at 12PM in 201 CIT (ETC). Professor Michael Satlow will be sharing his class on the Talmud and his use of Concept Mapping software. Lunch will be served.
Since its release last week, CIS has evaluated the use of the Apple Mavericks operating system for compatibility with Brown’s computing environment. We’ve made changes to our wireless network to enable Cloudpath functionality, and VPN works well.
However, we are aware of printing issues and other incompatibilities; early adopters may encounter trouble with these and other services. As a result, the CIS Service Center is not yet able to fully support Mavericks. See the following link for details: https://wiki.brown.edu/confluence/pages/viewpage.action?pageId=88506535
On October 23rd, LinkedIn began offering Intro, their "Insights in your inbox", which allowed users to see LinkenIn (LI) profiles in their iPhone mail app. This extension of Apple's built-in iOS mail app is accomplished by routing email through a LI proxy server, where LI information is added to messages, which are then returned to the iPhone. According to Martin Kleppmann, senior software engineer at LI, "With Intro you can see at a glance the picture of the person who's emailing you, learn more about their background, and connect with them on LinkedIn." Here's a graphic that demonstrates how this works.
Intro immediately drew criticism from the IT security world, which pointed out that, in essence, Intro intercepted emails in order to inject LinkedIn information, a kind of "man-in-the-middle attack." Bishop Fox, a global security system, responded with the article "LinkedIn 'Intro'duces Insecurity", which listed ten reasons they considered it "a bad thing." These included concerns over attorney-client privilege, that LI changed the content of emails and a device's security profile, that it stores email communications, and its use could be a "gross violation of your company's security policy." They concluded their article by saying that the use of Intro at Bishop Fox would be banned on company devices until they could further investigate, and recommended that others do likewise and not introduce it into their environments.
Martin Kleppman responded to this criticism on the 24th, pointing out that Intro was an "opt-in" feature, requiring users to install it before being able to use it, and that usernames, passwords, and email contents are not permanently stored anywhere inside LinkedIn data centers, but instead, on your iPhone. (See the update on LinkedIn Intro: Doing the Impossible on iOS for a full list of Kleppman's reasons).
Since this story continues to develop and evolve, ISG recommends that LinkedIn/iOS users wait until all the facts are in so that they can make an informed decision on whether or not to use Intro.
- About LinkedIn Intro
- LinkedIn Intro: Doing the Impossible on iOS by Martin Kleppmann, Senior Software Engineer at LinkedIn (10/23)
- Graphic of Intro IMAP Proxy Service and iOS mail client
- LinkedIn ‘Intro’duces Insecurity by;Bishop Fox (10/23)
- LinkedIn wants the keys to your email for its innovative new Intro feature – but can you trust it? by Jon Russell, Asia Editor for The Next Web (10/24)
- LinkedIn’s Intro Feature Is Very Cool And A Spectacularly Bad Idea by Matthew Panzarino, writer for TechCrunch (10/24)
- The Facts about LinkedIn Intro by Cory Scott, Senior Manager, Information Security at LinkedIn (10/26)
- LinkedIn attempts to iron out security concerns surrounding Intro for iOS (author unknown, 10/26)
- LinkedIn defends security of Intro service by Michael Lee, Journalist, ZDNet (10/28)
Here are ISG's Ten Travel Tips for your mobile device, especially for those traveling outside of the U.S. Please take a few moments to review them as an ounce of prevention now can save a pound of trouble later.
- Contact your cellular provider several weeks before you travel to discuss and activate the most cost-effective plan to fit your needs. For Brown devices, contact Telecommunications at 863-2007 or firstname.lastname@example.org. For non-Brown devices, users can contact their cellular provider directly.
- For phones, familiarize yourself with international roaming and data charges. We recommend turning off or setting a limit on cellular data usage for your smartphone to prevent incurring significant fees.
- Consider using Google+ Hangouts to bypass the phone. See the About Hangouts site for help on getting started.
- When traveling with a laptop, remove all PII from it or encrypt it. If possible, we recommend using a laptop specifically designated for travel with no personal information on it. Note: CIS has loaner laptops for faculty, staff and grad students who are working on projects when traveling abroad. The loaners can be signed out at the Computer Service & Repair window.
- Become aware of and comply with all export controls. For example, some countries ban or severely regulate the use of encryption, you should check country-specific information before traveling with an encrypted laptop. See the Symantec Endpoint Encryption FAQ on international traveling restrictions for details.
- Set a strong password or passcode for your device. Here are some ideas on how to create a strong and memorable password.
- Make sure all operating system and anti-malware software is current. If you haven't installed an anti-malware client for your phone, do so.
- Install device finder software, such as Computrace (for laptops) or Lookout (for tablets and phones).
- Use VPN to connect to Brown's network when away from it. CIS offers both a web and client versions. If you haven't used VPN before, test it before leaving.
- Make sure you have contact information for your local IT support professional and the Help Desk before you leave (email@example.com, 863-4357).
If you are using a mid-2013 MacBook Air and have issues staying connected to Brown-Secure wireless, a software update might help. See this Apple Support article for more information and instructions. Please note that the patch cannot be installed on computers besides the MacBook Air.