Category Archives: News

STUDENT PHOTOGRAPHY PROJECT 2017

Technology is a primary form of communication for students around the world. Not only does it have academic significance, it acts as a personal companion in our day-to-day lives.  Five students at UMass Boston engaged in an extensive photography workshop lead by Lisa Link. Students worked on a total of two semesters on these photo projects and met every Wednesday for their critique and reviews.

“It is so important to have critiques because they help you in giving another perspective on your images- highlighting the good and the areas that need more work,” said Sashi Poudel, one of the student photographers.

The 2017 student photography project event was held on the 17th of May in the Upper Level of Healey Library.  Lynn Nguyen, Cynthia Rubio, Aisha Yousuf, Sashi Poudel and David Liu presented their works and celebrated a project well done with light refreshments and conversation. Students, faculty, and bystanders observed the photographs with great admiration.

David Liu, a sophomore studying Information Technology, shot all his photographs with his iphone 7 and in portrait mode. He further explained how he used an editing application on his phone which helped him to add effects to his images. Although Liu has some experience with photo and videography in the past, he felt that the weekly meetings, critiques, and topics helped him build on that skill further.

There were also students who did not have that much of prior experience- and that’s okay! The best part about the workshop is that Lisa works with students to not only teach them the basics and a step higher than that but she also assists in teaching them how to use photoshop. Lynn Nguyen, a freshman, was one that did not have any experience. She found her interest in reflection imagery and mainly worked with those images. She captured the everyday use of phones, explaining that there is something new in technology every year and the industry is growing at such a fast pace- it is impossible to capture it all in one image but she tried to show how significant phones are in a student’s life.

Sashi Poudel, a senior and a computer science major, also claimed to have learned many new tricks and techniques to photography. Just like any ordinary young male, Sashi did not have prior experience either. He described their workshop as “amazing and fun.” When asked about what role technology plays in his life, he said, “we are too much into technology, accessing information has become easier than ever and I think that now virtual has become a reality.” Sashi also experimented with a very distinct style in his image, called the “long exposure photo” where he and David along with a friend from the IT department turned on their phone torchlights and ran across an open space in the library. The result? a beautiful pattern captured by the camera lens in the long exposure mode.

The event also was highly significant in keeping up with UMass’s reputation of student diversity by exhibiting an image related to people with disabilities and how they use technology. The image was taken by Aisha Yusuf, a senior studying psychology. She explained how there is a disabilities lab called “AC Lab” and how it is equipped with devices that allow those who are physically impaired in any way to access information just like any other student on campus does. The example she used was that of a desktop-like device that magnifies the text for the viewer. Aisha also explained that she had a pleasant time working with Lisa link who taught her how to take a reflective shot and use photoshop and cameras in general.

Overall, just like last years photo workshop, the students had a wonderful experience that was a mix of teammate bonding and learning. Lisa emphasised on the fact that this group, in particular, was very engaging and collaborated constantly with one another on projects and critiques.

“I believe that the students must express their views about the university. It benefits IT into understanding what they want and think and how IT can help them gain that access or experience. They must feel comfortable to utilise the IT space” she said.

This event was only the beginning of another exciting project. The images have been placed on the left wall of the lab hall in UL, and every year, the IT photo projects will progress up the hall, and soon students will be walking around works of art. This not only beautifies the hall further, but it creates a sense of community and belonging.

The student IT event was once again a great success, if any students wish to participate in this exciting opportunity, they must email Lisa Link at: Lisa.link@umb.edu

 

WannaCry Ransomware Windows Vulnerability

As widely reported in the press over the weekend, a new ransomware threat named “WannaCry” has impacted Windows machines (workstations and servers) around the globe. Due to better Windows update compliance, systems in the US have been less impacted than international systems. This threat only impacts select Windows systems and does not impact Apple iOS systems.

“WannaCry” is initiated when a user responds to a phishing query by opening and executing an attachment to that email. Once it executes, it encrypts files on the affected local computer and shared drives. The user is then asked to pay a ransom to recover the files. To add salt to injury, “WannaCry” malware spreads aggressively by behaving like a worm and attempts to infect other vulnerable unpatched machines on the network. As far as we know, the format of the phishing email is not consistent but the underlying Windows vulnerability only impacts unpatched Windows XP, 7, and 8 systems, as well as Windows Server 2003 and 2008 Editions. Windows 10 PCs patched in March of this year are not affected by this attack.

UMass Boston Windows XP systems are rare and are believed to be offline as they do not show up on ITS Qualys scans. If you have an XP system and would like us to help you upgrade please send an email to ITSecurity@umb.edu and the ITS Security team will respond asap.

Windows 7 & 8 systems which are current in terms of patching updates are not vulnerable. This includes all workstations supported by the ITS KACE workstation management service and some departments which have similar services.

For those systems which are not current in terms of updates and where the user has fallen for the phishing attempt, several actions may occur.

  • The system’s hard drive and associated network shared drives may be encrypted by running the attachment. In this case, the user is presented with a message that, until a ‘ransom’ is paid, the user will not be able to access the data on the encrypted drive(s).

NOTE: UMass-wide IT Security Policies prohibit the payment of ransom. Should a user experience a ransom query, he or she should not respond to the query and should immediately contact IT Security by emailing ITSecurity@umb.edu or by calling Wil Khouri, UMass Boston Information Security Officer, at 617-287-6232.

  • Additional systems on the UMass Boston network may be scanned from the infected system for the underlying vulnerability and those vulnerable systems may be encrypted and the ransom notification presented to the user(s) of that vulnerable system.

UMass Boston’s best defense to this, and all malware, is an educated and vigilant user community recognizing these threats, reporting them to ITSecurity@umb.edu, and deleting the offending email.

Beware of Ransomware, a virus that locks your files until you pay a ransom. Run antivirus, backup your files, keep your computer updated, and be careful what you download.

The Anatomy of a UMass Boston Spear Phishing Attack

By Wil Khouri
Assistant Vice Provost and Information Security Officer
Information Technology Services / Communications and Infrastructure Services

Spear phishing is phishing crafted to target specific individuals or groups within an organization. The hackers responsible for the spear phishing emails have essentially done their homework regarding who their victim will be, and researched carefully how to personalize and customize the message to make the message more appealing to increase the probability of getting a response from the target audience.

Spear phishing emails are tailored in such a way to include information targeted victims would think only another employee, friend, or family member would know. In this digital age, the Internet, and particularly social media, has made it easy for hackers to gather such pertinent information. For instance, a hacker needs only to visit a victim’s LinkedIn and Facebook pages or look through their web profiles to gather enough information to craft the perfect spear phishing message. In addition, Hackers craft the messages in such a way to grab one’s attention with alarming, shocking, or tempting information.

Recently, UMASS Boston students, faculty and staff received emails appearing to originate from UMASS legitimate addresses. These emails had a variety of subject lines designed to draw people in, including “Important message from UMB Faculty/Staff”, “Important Information”, “[IT Status Alert] Your Account will expire soon”, or “Your account has expired”.

One particular message targeting faculty and staff appeared to be from the address “IT News <psoft@umasscs.net>” with the subject line “[IT Status Alert] Your Account will expire soon” and presented in the following format:

Click the screenshot below to zoom in. Pay attention to the numbers (1-4) in Figure 1 as you read on.

Screenshot of the phishing attack, with UMass IT branding, reading "Your account will expire soon, Sign In to proceed"
Figure 1. The Makeup of the Phishing email targeting UMB employees.

Unfortunately, a handful of employees inadvertently provided Personal Identifiable Information (PII) including passwords, social security numbers, bank routing and personal account numbers, to the hackers. Information Technology Services Security and Systems staff, Human Resources staff, as well as the Information Security staff at the UMASS president’s office, acted swiftly and took the necessary steps to contain the damage. Upon further investigation, we found out that the hackers used the phished PII to access bank accounts, modify bank routing and account information to re-route the employee’s compensation to untraceable credit cards not attached to bank accounts (prepaid access cards), and used the data to file fraudulent tax returns especially when the university confirmed that their “W2” forms had been accessed Online.

Refer to Figure 1 above for the following paragraph.

What made this phishing scam so effective is (1) the spoofed “From” origin which appeared to originate from a functional UMASS president office email account, (2) the subject line format which mimicked our campus “status alert” format, and (3) the use of a legitimate “IT News” template that Information Technology Services (ITS) normally uses for its “alert” communications. As it is the case with many phishing scams, a sense of urgency was added to spice the message up.

That begs the question how would one differentiate legitimate emails from phishing scams?

Fortunately, you can often tell phishing links from safe links by dissecting their construct. The most effective step one may use so not to fall for these scams is to (4) hover the mouse over the link to reveal its Uniform Resource Locator (URL), commonly known as web address destination, and in this case, as it is shown in Figure 1, it shows two components; The first part is the one you see: “Sign in to proceed.” And then there is the second part of the link you don’t see which is revealed by hovering over. This is the actual address that controls where the link will actually go. In our case, it reveals an odd URL: “http://www.jjlemaire.mu/wp-admin/images/sm-prd11.ucollaborate.net.html”. Always be wary of URLs that contain numbers, subtle spelling mistakes, odd connotations, and unfamiliar endings and domain letters (e.g. mu).

What must raise your suspicion are attempts to get you to reveal private information, such as your social security number or bank account information. Phishing attacks may ask you to download files, fill out forms or reply with information. If you cannot determine whether a message is phishing or not, try to contact the sender directly to verify its authenticity but never use the communication means appended to the suspicious message to verify its contents. If still in doubt report it to abuse@umb.edu.

For those who proceeded to click the link, the landing page was engineered to look deceivingly similar to the “UMASS HR Direct” page with the familiar “Secure Access Login” fields with two crucial differences; First, the URL valid certification was missing and presented as follows:

As compared to the valid and secure (5) legitimate site URL:

The most important cue and skill, if you will, is to check for the URL’s valid certification (5). Remember GREEN IS GOOD. NEVER enter any information without first checking the valid certification of the site which always displays a green secure link with a green lock icon: 

The second red flag in the phishing site was the .mu top-level domain which is the code for the “Republic of Mauritius”. Notice that the fraudulent landing page was “www.jjlemaire.mu” and not “sm-
prd11.ucollaborate.net” like it was supposed to be and it was crafted deceivingly with our legitimate domain name imbedded within the .html construct (6). While the public has become more savvy at spotting scams, and in desperation, those malicious actors are spending serious effort in honing their craft making it a challenge to recognize spear phishing messages. However, it is really simple to beat them: Be aware of the cues that raise your suspicion and if in doubt always ask. If you suspect you may have been phished, do act quickly; Change your password at mypassword.umb.edu, and notify ITS staff by emailing abuse@umb.edu.

As threats arise, our campus community will be trained to identify these types of targeted attacks. Information Security often runs simulated Self-Phishing campaigns for educational purposes. For those who fail the simulation we encourage you to take the assigned exercise modules provided post-
simulation or go to: http://iatraining.disa.mil/eta/phishing_v2/launchpage.htm The above link is courtesy of the US Department of Defense. And no, it is not a Phishing attempt nor a simulation if you’re wondering. You do not believe me? Go ahead and hover over the link. It will reveal a “.mil” domain belonging to the US Military.

One last thought… As a community of higher education, our weapon is knowledge. Do take the time to learn how to scrutinize between what is legitimate and what is not. We do not want to feed on fear and paranoia to the point of rendering our tools we use daily useless. Let’s all learn how to defeat the scammers. It is very simple. Really very simple.

PHISHING WALL OF SHAME – “Academic Dishonesty”

Scammers are willing to invest the time to trick you!

Phishing is a type of cyber scam designed to trick you into giving your personal information.

Today’s example was reported by a few users who could tell something smelled phishy!

phishing-stack9

In this example, there is no obvious request for money or personal info! The scammer went so far as using a real staff person’s name and title, and even referring to the correct section of the UMass Code of Conduct! That’s crafty! At first even we IT staff weren’t sure if maybe this was a real email…

How can you know when a legit looking email is a scam?
Trust your gut, and verify!

★ Be suspicious of unexpected notifications
★ Call the real staff person and ask if the message is real

We got in touch with the real department referred to in the email and they told us it was not real! The scammer is weaving a story about “Academic Dishonesty” by a UMass Boston student. It’s a serious matter, but the message never makes an obvious request for money or personal info. In these “long-cons”, an email like this is the first step in building a relationship of trust between the scammer and the recipient. The scammer hopes you’ll bite and reply, and then the inevitable trap will spring!

If you are suspicious of a file, link, website, or email, you can contact the IT department to ask if it may be a scam. Forward a copy of a suspicious email to abuse@umb.edu.

Always remember…

Don’t take the bait! IT will NEVER ask you for your password. Phishing emails attempt to deceive​ you into giving up your private information by leading you to fraudulent websites. Learn more at:
http://www.umb.edu/it/getting_services/security/phishing/

IT Services Pushes Community Education for National Cyber Security Awareness Month

 

passphrase

October is National Cyber Security Awareness Month around the country, and Communications and Infrastructure Services staff from IT Services spent the month educating the UMass Boston Community on this important issue. The focuses of the education efforts were Phishing, Ransomware, and Passphrases. A series of poster designs were created and located around campus, and also sent out to Faculty and Staff by email. Additionally, IT Security staff held “Information Sessions” in the Campus Center for to help spread the word on easy ways to stay safe online.

 

It’s a new day for Wi-Fi at UMass Boston!

 

hows-the-wi-fi-digital-signage

To provide pervasive Wi-Fi connectivity on campus, ITS/CIS staff have dramatically improved the network by replacing and tuning over 1000 access points on campus! This includes replacing the hardware with next-generation equipment, and configuring load groups to meet the demands of crowded areas such as cafeteria, large classrooms, and event spaces. The major enhancements provide improved and ubiquitous Wi-Fi coverage within the academic buildings, including the on-campus outdoor bus stops but excluding stairwells and bathrooms. In addition, a high availability backbone network has been architected and implemented to sustain the Wi-Fi uptime and its quality of service. IT Services started the semester with a large communications campaign to let the community know about these improvements, and requesting anyone still experiencing problems to get in touch for quick help. The message of these communications was that IT Services is committed to providing 100% Wi-Fi coverage for every indoor learning, working, and recreation space on campus!

 

UMass Boston’s new MakerSpace excites professors and students with 3D printing

.dsc_0241-1

 

UMass Boston now has five 3D printers, free to use for all Faculty, Staff, and Students, at the brand new UMass Boston MakerSpace! On October 12th and 13th, the MakerSpace was visited by the Provost, the CIO, and many faculty and students all eager to learn about the possibilities of this new technology. Students quickly started designing and printing small organs, gears, pieces to build objects, etc., while faculty and staff excitedly discussed how to incorporate the lab into their curriculum. Three professors are already making use of the MakerSpace for their classes in the month after it’s opening, including a Biology class where students will be designing and printing replicas of livers, stomachs, and hearts! The UMass Boston Makerspace is a collaboration between School for the Environment, Department of Engineering, and Information Technology Services.

VoiceThread Event a Success!

By Ellen Foust, VoiceThread Consultant/Trainer

vtlogoOn May 4, the eLearning and Instructional Support Team hosted the first in a series of VoiceThread Lunch & Learn events. Voicethread is an interactive multimedia tool in Blackboard that lets you upload pictures and videos for you and your students to leave recorded audio comments and listen to each other’s comments.

With this tool, you can create online speaking and listening opportunities for your students to get more practice outside of the classroom. Future Lunch & Learn events will showcase use of VoiceThread by other departments besides languages, including use for group projects, to replace text-based discussions, to create video introductions to weekly modules, and more!

IMG_2515

Over a light lunch, a full room of language faculty learned from their fellow faculty presenters, including Tracy Brown, ESL; Gretchen Umholtz, Greek; Katharina Loew, German; and Jim Dobreff, Latin. Instructors shared how they incorporate VoiceThread into their face-to-face and fully online courses, and they had an engaging discussions about the possibilities this tool provides.

Do you want to see how VoiceThread can increase the engaging interactive activities for your students? Get in touch with Ellen Foust, VoiceThread Consultant, by emailing ellen.foust@umb.edu.