Another way to make your email more secure

Nowadays it’s easy to lose track of passwords, because we have so many. And if you forget your password, there are various ways that email system owners verify that it’s ‘you’ before allowing you to reset it. For many years Wayne State has provided a series of  ‘challenge questions’, which you set answers to. Unfortunately the built-in questions are sometimes ones that make it very easy for a nefarious hacker to guess (by wandering around your Facebook account, for example). So, like many other institutions (Google, Facebook, perhaps your bank) Wayne State has decided to eliminate the Challenge Question system and replace it with a ‘recovery email’ facility.

Some time soon, when you log in to Wayne Connect you will be asked to supply an alternate email address (i.e. one not ending in ‘wayne.edu’). It can be anything else (Gmail, Hotmail, Apple, AT&T…) but it should be one that you actually read, even if only occasionally.

If you forget your Wayne State password, or if you’re asked to reset it because of a hack, an email will be sent to the alternate address. When you open the email it will contain a link to a password reset page. (You’ll also need to enter the last four digits of your social security number if you are an employee.) An additional security measure is that, if you have access to high-risk systems such as Banner or Cognos, you’ll need to be on a Wayne State network (in your office, essentially).

If you would rather not provide an alternate email address, or if you don’t have one, you will need to call the Help Desk, but only during their business hours (M-F 7:30 AM – 8:00 PM).

If you have any questions about this new policy or you need assistance in implementing your recovery email address, please contact the C&IT Help Desk at 313-577-4357 or at helpdesk@wayne.edu.

Booking International Travel is About to Change

Getting to TravelWayne is going to get a little more complicated if you are planning international travel. Here’s why.

For a number of years the US Department of State, the Department of Commerce and the U.S. Treasury Department have had restrictions on what things can be exported to other countries. These restrictions come from the International Traffic in Arms (ITAR) regulations, the Export Administration Regulations (EAR) and the Office of Foreign Assets Controls (OFAC). However, ‘export’ doesn’t mean what you think it means. The US government defines ‘export’ as moving objects or data out of the country. That includes objects such as laptops that contain data. There are certain kinds of data that cannot be taken to certain countries. Probably most data you would put on a laptop (or tablet, or thumb drive, etc.) would not be restricted. But there is a large list of kinds of data that could get you, and Wayne State into big trouble if the Feds find out you have taken them to China, or Iran, or even France, in some cases.

Just as an example of how faculty members can get into trouble, you can read the University of Hawai`i’s website on the topic

Further complicating things is the fact that some countries forbid encrypted data from being imported into those countries. Here is a map showing which countries restrict the import of encrypted data.

So, to protect everyone involved (travelers and their ‘supervisors’–chairs and such, as well as the Office of Research), there is a new university policy on international travel that is going into effect in a couple of weeks, once the mechanisms are in place.

How will the policy affect the average traveler? If you are traveling within the US, it will have no effect. But if you are travelling internationally, you will see a new button in Academica saying ‘International Travel’. When you click that, you will be taken to a questionnaire that asks what you will be bringing with you. If one of your answers triggers a potential international travel issue, the system will generate an email to the Export Control office at Wayne. You will be urged to contact them so that they can make sure you are not violating laws against Export Control. After you do so, they will send you an email giving you clearance to travel.

For a preview of the questions, just go to ft.wayne.edu. At the moment it’s set up as a test version, so no emails are generated, and it doesn’t record who has visited.

The way the system will work is that when you begin the process of making travel plans (within TravelWayne) for each trip, you will have to go through the questionnaire. Thereafter, for each trip you can go directly to TravelWayne (say, to tweak you hotel reservation or whatever).

The kicker, once the policy goes into effect, is that you will not be reimbursed for your trip if you haven’t received clearance from the Export Control office, so it is definitely in your interest to get that clearance.

Associated with this policy are two helpful FAQ’s that make suggestions about safe ways to travel internationally, one on legal questions, the other on technical issues. These include always using the VPN when connecting to Wayne State resources (such as your email, or files stored on Wayne State sites). Note that you cannot even reach Facebook or Google from certain countries (including China) unless you use the VPN, by decision of the host country. Wayne State has nothing to do with these restrictions, of course.

 

Pokémon Go—the best thing since sliced bread (or Tinder)

By now you’ve undoubtedly heard about Pokémon Go, the ridiculously popular new phone app based on the Pokémon franchise. In the relatively new development space of augmented reality it blends fantasy characters with the real world. It uses your phone’s GPS and superimposes Pokémon[1] on a map, like this:

Near CIT

This is a screenshot taken outside my office, standing next to I-94 at Woodward.

It was released last week and is now more popular than Tinder, and is rapidly catching up with active users of Twitter. Since I’ve only just begun playing I can’t report a great deal about what it does (there are various kinds of critters that you can ‘capture’, and there are ‘gyms’ where you can have fights (the platform-like object in the image above is a gym at the church across the street from the main C&IT building at Woodward and 94), and I’m told there’s one near the Science and Engineering Library. In addition there are ‘Pokespots’ all over campus, including one inside UGL.

Here is an excellent, if a little snarky, introduction to the whole thing.

The social fall-out from Pokémon Go has been quite astonishing. There are stories of folks making friends through the app (which is perhaps why it’s surpassed Tinder 🙂 ), and a few cases of accidents of various types. Apparently, in the space of a week some folks have started playing a NSFW[2] version. There was originally a security issue because the first version of the app was able to access all your Gmail contacts if you had an iPhone, but an update has assigned appropriate security levels.

There is going to be a Pokémon Go event here in the Cultural Center on Friday.

So it really seems to be ‘a thing’, and probably worth learning more about. I haven’t yet had a chance to wander around looking for Pokespots yet, but probably will. Don’t forget to be very careful if you are walking around holding your phone. There are two dangers:

  1.  Apple Picking
  2. Immovable objects

In the end, have fun. And let me know what you think. Is this the greatest thing since Twitter? Or a flash in the pan?
_____________________________________________________________________

[1]  Since I’m a linguist you’re gonna get some linguistic commentary here too. Like several other words borrowed from Japanese (emoji, for example), purists insist that the plural is unmarked (that is, that you don’t add an ‘s’). This is analogous to those who insist that ‘data’ is plural and that the correct plurals are ‘stadia’, ‘podia’ and ‘octopi’. Or perhaps it’s analogous to the animals that have what we call ‘zero plurals’, like ‘sheep’ or ‘deer’.

[2] ‘Not safe for work’. You can probably figure out why, given that the game uses your phone’s camera, which can take selfies.

The IRS is coming and they want to help–really!

As I mentioned in an earlier post and also here, a number of Wayne State employees were hit by an IRS hack that stole their identities and attempted to claim refunds. Wayne State C&IT and Internal Audit have investigated these hacks and have found no evidence that the source of the leaks was located at Wayne State, but nonetheless the IRS has volunteered to send an agent to campus to talk about how to avoid this kind of attack in the future.

We have contacted all the victims that we know of, but have also decided to open the IRS agent’s talk to the campus at large. Here are the details:

Tuesday, July 12, 10:00 AM

Partrich Auditorium (located in the Law School).

No need to RSVP—just come.

If you have any questions, you can contact the Office of Internal Audit at (313) 577-2128 or Carolyn Hafner at ab0414@wayne.edu.