Security Alerts

Security Notification for Evernote Users

March 5th, 2013 | Posted in Security Alerts | Comments Off

3/5/2013 – A recent security incident at Evernote allowed attackers to gain access to Evernote user names, email addresses and password hashes.  Evernote has notified all users to reset passwords.  If you use Evernote and have not reset those credentials, please do so at once.  If you have used the same password on any other services, especially University resources, change those passwords at once.  Be sure to avoid passwords that you have used before and do not use your University passwords on third-party services.

Please keep in mind that Evernote is not an appropriate resource for University business.  The service is not compliant with federal regulations governing student data, and the University cannot audit or confirm security of content on the service.  If you do have University data in Evernote, please remove it at once.

More information on the breach can be found at the following:

Security Notice: Service-wide Password ResetSecurity Notice: Service-wide Password Reset http://evernote.com/corp/news/password_reset.php

Java 1.7 Security Advisory

January 15th, 2013 | Posted in Security Alerts | Comments Off

1/15/2012 – News organizations recently announced a security issue with Oracle’s Java version 7 and some earlier versions.  This software flaw poses a serious risk to computers when browsing external web sites.  Until Oracle releases a fix, University internet users should exercise extra caution to remain safe online.

If Java is not required for critical job activities, the best solution is to remove the ability of web browsers to use Java.  Individuals who require Java, such as Banner INB users, should be vigilant.  Please refrain from personal web browsing until Java is removed from your computer or a Java software fix is announced.  As Java updates are released, the University will test them, provide more information to the campus, and coordinate an effort to deliver the update to all University computers.

For more information regarding Java applications and the security risks at this time, please check the OIT Information Security web site at http://oit.ua.edu/oit/security/ , or by clicking the “Information Security” link on the main OIT web page.