UA System Hosts Virtual Scholars Institute

This month The University of Alabama System will be hosting its 13th Annual Scholars Institute. For the first time, this year’s Scholars Institute will take place as a series of online events.

The institute kicks off Friday, May 15 at 10am with a virtual presentation offering an overview of how the UA System community is responding to events related to the novel coronavirus (COVID-19). A student panel will also discuss their experiences of learning in an online or remote format during the spring 2020 semester.

Join us for the 13th annual UA system scholars institute May 15 2020

“Like most events happening right now this year’s event will be quite different than past Scholars Institutes that UA has hosted” said Rachel Thompson, director of UA’s Center for Instructional Technology and planning committee member for the Scholars Institute. “We’re excited to host the event virtually, and we’re looking forward to what students have to say about the transition to online learning.”

The Scholars Institute fosters a shared community of knowledge among members of the three UA System campuses. The online series will include live presentations, panel discussions, Q&As and other ways to discuss current challenges and opportunities in the use of technology in teaching and learning.

Institute presentations will align with the institute theme, “Diversity, Equity, and Inclusion: Using Technology to Bridge Connections” and explore some aspect of technology’s role in teaching, research, and service.

Learn more, and register for the Scholars Institute, on the CIT website. For more information, contact UA’s Center for Instructional Technology at cit@ua.edu.

Password Spraying

What is password spraying?

Password spraying is a technique used by malicious actors to compromise user accounts. 

When did it become a common technique?

In early 2019, 773 million passwords were exposed in a massive data breach titled “Collection 1”.  This password collection originated from over 2,000 leaked databases containing compromised passwords.  By trying all these passwords (spraying), the malicious actors are finding out who uses the same passwords, or weak passwords, on multiple accounts. 

Could I be impacted?

Last month, 530,000 Zoom accounts were compromised using password spraying based on a release from Zoom.  Just after Disney Plus went live, thousands of accounts were compromised as well using password spraying.  OIT has seen many instances of attempted password spraying at UA.  Duo is our best defense against this technique.  Different attempts come in the form of extortion emails that contain users’ actual passwords in the subject or text of the message along with different types of threats to try and scare the user into giving up money.  

How can I protect my accounts?

It’s important to emphasize that passwords should not be reused especially when accessing sensitive or restricted information like PHI.  If users have a password that they haven’t changed in a year or two, OIT Security strongly recommends changing it to a stronger password, and use two-factor authentication whenever it is offered, to dramatically reduce the risk. Also, create and store passwords in LastPass. UA students, faculty and staff have access to LastPass – a tool that can not only encourage strong passwords, but store passwords in a secure environment. Get started with LastPass today!

May 2020 Upgrades, Planned Outages

Sunday, May 10 – OIT will be performing operating system upgrades which will cause some UA systems to be unavailable from 7am to 10am. These systems include CEME, DegreeWorks, eProcurement, myBama, PCR-360, Crystal Report Server, SiteFile.

Sunday, May 17 – OIT will be performing operating system upgrades which will cause some UA systems to be unavailable from 7am to 10am. These systems include Appworx, BITPRD, Banner, CENSUS, OIRA.

If you have any questions or concerns, please contact the OIT Service Desk at itsd@ua.edu or 205-348-5555.

MessageOne to be Decommissioned

OIT will decommission the Finance and Operations email archive system, MessageOne, on Monday, June 1.

What is MessageOne?

MessageOne is a system that houses archived Finance and Operations messages from Jan. 1, 2010 to Aug. 23, 2017; messages sent and received prior to Microsoft O365. 

What do I need to do?

The decommissioning of MessageOne should have minimal to no impact unless you have email messages prior to August 23, 2017 that are not stored in your local .pst files. Most users have .pst files dating back for several years. If you have any critical email messages dated prior to August 23, 2017 and would like to confirm that you have a copy preserved, please do the following. 

Verify that the emails are available in your local .pst files. 
Search for email by subject, recipient, content, etc. through the Microsoft Outlook search feature. (Additional instructions for searching for messages in Outlook is available on Microsoft’s website.) If the emails are present in Outlook then there is no need to search MessageOne, the emails are already copied and preserved in Outlook.    

If the emails are not found in Outlook, search and export the emails from MessageOne.

  1. Visit https://ems.messageone.com/wfe/
  2. Login in with your FA email address and MessageOne password
  3. Once logged in, click the Archive tab at the top of the page
  4. On the Archive tab, you will see past emails that have been sent or received
  5. Forward any necessary emails you wish to keep to your own email address. Once you do this, your message will be stored in Outlook.  

Why is MessageOne being decommissioned?

MessageOne is no longer a system that is necessary to Finance and Operations; emails are now archived in O365.  Decommissioning this system will result in a significant cost savings for the University. 

Phishing Alert – Extortion Emails

With Duo two-factor authentication activated, hackers can no longer access myBama accounts with usernames and passwords alone. Malicious actors have resorted to new and different tactics for phishing.

Many faculty and staff have reported to OIT that they’ve received extortion emails. These emails that claim to release information about the individual unless the individual provides sensitive information or money. Other messages include real passwords that individuals may currently or have previously used for an online account.

In most cases, these passwords were made available through a dark web credential dump. If you receive an email with a password in it, make sure you change your password to any online account where you are using that password. If you have any questions or concerns, contact OIT Security at security@ua.edu.

April 13 – Phishing Alert

Monday, April 13, many UA students, faculty and staff received phishing emails with the subject “Notice! From Faculty ITS Admin” and “COVID-19 PAYMENT”.

These emails are scam attempts. One of the emails attempted to lure recipients into clicking a link to “Outlook Storage Access.”

Remember to notice the red flags of phishing emails. Look at the from email address of the email, and hover over links before you click to see the web address. If you are not a DUO two-factor authentication user, please activate your account today. DUO can help protect sensitive information in your UA accounts.

If you received one of these emails, mark it as spam and delete it. If you did receive an email like this, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

SPSS Home Use

Due to COVID-19 and remote work, SPSS has provided UA with a Home Use license that students and faculty may download for teaching and learning. This off-network license is available for one year. More information, and a link to download the software, is available at https://oit.ua.edu/software/spss-26/.

Phishing Alert – April 5

Sunday, April 5, many UA faculty and staff received a phishing email with the subject “Notice! From ITS Admin office.”

This email is a scam attempt posing as the UA IT Service Desk. The email attempted to lure recipients into clicking a link to “Outlook Storage Access.”

Remember to notice the red flags of phishing emails. Look at the from email address of the email, and hover over links before you click to see the web address. If you are not a DUO two-factor authentication user, please activate your account today. DUO can help protect sensitive information in your UA accounts.

If you received this email, mark it as spam and delete it. If you did receive an email like this, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Banner Bundle – Sunday, April 19

OIT will be implementing a Banner Bundle upgrade on Sunday, April 19 from 4:00 a.m. – 10:00 a.m.  myBama will be available during the upgrade, but channels that connect to Banner will not be accessible, including self-service and administrative systems. For questions or concerns, contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.