A major new web security flaw was discovered this week, so it’s time to change your banking passwords again. Read on for more information.
You’ve probably noticed the padlock icon when you browse to “secure” websites, or the “s” at the end of “https”. Those clues indicate that the site you’re visiting uses a security protocol known as SSL (Secure Socket Layer) or its follow-on TLS (Transport Layer Security). The SSL/TLS protocol is designed to encrypt data transported to and from sites so that only the intended receiver can decrypt it.
What the Exploit Does
This week it was discovered that there is an error in a widely used implementation of SSL/TLS known as “OpenSSL.” The bug is related to the “heartbeat” function of the SSL protocol. The “heartbeat” function allows someone to send a message essentially saying, “Hey, SSL server, are you there?” The server should then respond “Yep,” and that’s that. In OpenSSL, though, it’s possible (easy, even) to trick the server into responding with the equivalent of “Yep. Oh, and by the way, here is some random information. Not sure what it is exactly, but check it out because maybe it’s my secret key that will let you pretend to be me and intercept passwords and other supposedly secure information. If that didn’t get you what you want, just ask again, maybe you’ll get lucky. And don’t worry, I won’t tell anyone about this little conversation of ours.”
What’s Being Done About It
A patch that fixes the bug has been released, and vulnerable sites are quickly installing it. You can check if sites you visit are vulnerable by visiting http://filippo.io/Heartbleed .
What You Should Do
Because there is no way to tell if a site has been hacked using this bug (you can only tell if it is vulnerable), the best practice available is to check to make sure a site is currently safe, and then change your password. Do this for every site you use for any financial or other sensitive information.
For more information check out http://heartbleed.com/.
The new Webmail roll-out has gone pretty smoothly, but there are a few common questions we hear. Read on, maybe we’ve answered something you’ve been wondering.
Our new webmail program, RoundCube, comes closer to looking like Thunderbird or other desktop clients, which is generally a good thing. A few things are different enough from the old webmail that they merit mention.
Why aren’t all my folders listed?
In RoundCube you may have to explicitly subscribe to folders in order to see them. If you don’t see your mail folders, try this:
- Up along the top right, click on “Settings.”
- Click on the “Folders” tab.
- Check each folder that you would like visible.
- When you’re done, click on the “Mail” icon on the top right of the window. You should now see all of the folders you’ve checked listed at the left.
I’m confused between the messages I’ve opened to read and messages I’m composing.
We can set RoundCube to display messages you’re reading on a panel in the inbox, instead of giving them their own window.
- Up on the top right, click on “Settings.”
- With the Preferences tab select, click on “Displaying Messages”.
- Uncheck “Open message in a new Window” and then click “Save” at the bottom.
- Select “Composing Messages” and check “Compose in a new window.” Click “Save”.
- Select “Mailbox View” and check the box to show the preview pane. Click “Save” at the bottom.
- Click on the Mail button on the top right to return to your mailbox.
Search doesn’t seem to find everything I’m looking for.
Roundcube only searches in the folder you have selected. You can change some search options by clicking on the small arrow next to the magnifying glass icon, but there’s no way to search through all of your folders.
How do I empty the trash?
It’s a good idea to empty the trash periodically so it doesn’t take up your quota space. Just right-click (control-click on a Mac trackpad or one-button mouse) on the trash can and click “Empty.”
We’ll be working on more tips in the weeks to come. If you have a specific question please contact firstname.lastname@example.org.
To keep videos playing and PDF’s displaying, add-ons in Firefox occasionally have to be updated or ousted.
Firefox has add-ons that allow you to view content beyond simple web pages. There are two kinds of add-ons: plug-ins and extensions. Plug-ins are modules that run inside a frame on a web page, like embedded video content. Extensions go beyond just displaying content and add-on to the base functionality of Firefox. It gets a little blurry because some functionality can be implemented as either a plug-in or an extension, depending on the supported functionality and the preferences of the developer; PDF display add-ons in particular seem to show up in both formats.
Firefox has a great little tool for checking if your installed plug-ins are up to date:
- From Firefox, select “Add-ons” from the Tools menu (or just select the “Add-ons” menu if that’s all you see).
- On the list on the left, select “Plugins.”
- Click on the blue “Check to see if your plugins are up to date” link at the top of the list.
- Update everything that has been flagged as being out of date by clicking on the provided link. If there is more than one link, you will have to repeat the steps above after each update to get back to the links.
- There are almost always some plug-ins that Firefox won’t know about and will have a “Research” option. If it seems like these plug-ins might be handling content that you’re having trouble viewing, you should see if you can find newer versions by using the link or going to the developer’s website.
If you’re still having trouble viewing videos, try the suggestions at https://support.mozilla.org/en-US/kb/fix-common-audio-and-video-issues#w_plugins.
There’s no tool for checking extensions, which may be where the problem is if you’re having trouble displaying PDF’s. There are often multiple PDF add-ons that may either all be out of date, or interfering with each other. In this case we suggest a little trial and error.
- As in step 1 above, bring up the “Add-ons” window.
- Select “Extensions” from the list at the left. Scan for anything mentioning PDF’s or Adobe and disable it.
- Select “Plugins” from the panel on the left, and look for anything mentioning PDF’s or Adobe, and select “Never Activate.”
- Now try to view a PDF. It should bring you to Adobe Reader or Preview. If this is acceptable to you, you’re all set.
- If you want to try to find a PDF viewer that will work inside Firefox, try enabling one PDF viewer at a time, testing with a PDF, and then disabling and trying another if it’s not satisfactory.
- If you can’t find a PDF viewer that works for you, go to adobe.com and download Adobe Reader–this will install a Firefox add-in that should be up to date. Be careful, though, with the install–it may try to sneak in some extra software; read carefully and uncheck any optional install choices.
Please join us in welcoming Gavin Lofland, our new technology support specialist in IT. Gavin will be responsible for configuring and maintaining public computer labs in the library and select locations around campus. He will provide primary support for the pay-for-print system in the library and computer system imaging, as well as take the lead role in the hiring, supervising, and mentoring of IT student workers in the student diagnostic repair center and public computer spaces. He will also provide back up to other IT support staff by troubleshooting, installing, and upgrading computer systems and software. Gavin’s office is located on the third floor of the library, behind the student diagnostic center.
Of all of the unexpected uses for my smart phone, using it as a level is my favorite.
When I first got my smart phone I loved the fact that it doubles as a flashlight: clever and really useful. Recently I’ve had some issues with my washing machine, and I’ve been thrilled that I can just pull out my phone and use it as a level.
Smart phones have built in tilt sensors (that’s how they know to switch the orientation of the screen, and allow pinball and other direction-sensitive games), so they can also be used as a level.
iOS 7 on the iPhone has a minimalist level in the Compass app–swipe to the left on the compass and it will appear. I prefer third party levels with a more traditional appearance–just search in the App Store or Google Play for “level” or “bubble level” to find one that’s right for you.
Entering information about students for whom you have concerns at midterm is important to help CASA identify those who may need assistance to ensure satisfactory academic progress. Like the old version of TheHub, you now have two methods of recording midterm evaluations: a new quick (summary) method to quickly enter the majority of students or the original student-by-student basis to record comments for each. You can use either (or both!) methods, the choice is yours. Please note that Midterm Evaluations are required for all students in their first year at Hampshire (both newly admitted and transfers who entered in Fall 2013 or Spring 2014). You can easily identify which students require an evaluation by looking for the icon. Midterm evaluations for other students is voluntary.
When you get to TheHub, select any course from Spring 2014 for which you wish to complete midterm evaluations. By default, the class roster is displayed. Take note of the Action: selector in the upper-right corner.
From your class roster on TheHub, use the “Action” selector in the upper right corner and choose “Midterm summary evaluations” to display the Summary/Quick entry form.
Your roster will now display a “Concerns at Midterm?” column along with columns of Yes/No for each student. For students for whom you have no concerns simply click “No”. This will record your response with a single click and no confirmation is needed. Note that this does not allow you to enter positive comments for these students either. If you want to include comments for a student for whom you have no concerns, please use the Student-By-Student entry below.
For those students whom you do have concerns at midterm, click “Yes”. This will open a new dialog where you are required to enter comments explaining your concerns. Please note that these comments are shared with both CASA and the student.
Student by Student Entry
If you prefer to enter midterm evaluations on a student by student basis, from your class roster on TheHub, use the “Action” selector in the upper right corner and choose “Access all evaluations” to display the Evaluation page.
Under the “Midterm Eval” column, click “Write” to record your midterm evaluation for each student in the class.
This will open a new dialog where you can indicate if you have concerns. As always, you are required to enter comments if you do have concerns. Please note that these comments are shared with both CASA and the student.
As we warned people this week of a potential Apple security risk, we were reminded of the distinction between minor updates and major upgrades. Install updates promptly but wait for more information on upgrades.
Updates are relatively minor changes to software, usually addressing security flaws as well as feature enhancements. Upgrades are major revisions–perhaps complete rewrites–of software.
On a Mac, updates come through regularly and are often listed as separate items: printer updates, iTunes updates, security updates, etc. These are all minor enhancements to the components of the system. When the core part of the operating system is updated it is given a number in the third place, such as 10.6.8 or 10.8.2. These updates generally require user acceptance, and we recommend that you accept them as they appear.
On Windows, updates are also distributed regularly–often weekly. Most Windows computers are set up to automatically install system updates. The numbers associated with the Windows updates aren’t as clear as they are on the Mac. Occasionally one will come through as a “Service Pack” with a number after it (Windows XP Service Pack 2, for instance); these are in between routine updates and upgrades in terms of content, but you should install them.
An example of an upgrade on the Mac is the Mavericks OS, system 10.9. It’s available for free and is front and center when you look at pending updates. This is a major operating system upgrade and we do not recommend it for most users. It is bigger and slower than previous systems and unless your computer is new or high end you will notice the decrease in performance.
As always, contact the help desk if you have any questions.