Are you part of the problem?

A number of you may recall that early this semester mail from Wayne State was blocked by Comcast and AOL. If you tried to send email to someone with a @comcast.com or @aol.com address, the message simply disappeared, or, if you were lucky, was bounced back as undeliverable.

What you may not know is the reason for the block. Apparently some of your colleagues who have their Wayne State email forwarded to Comcast or AOL accounts chose to mark mass mailings sent from Wayne (such as announcements of Convocation, messages from the new President, or even notices of the location of the campus post office) as spam in their Comcast/AOL email clients.

It turns out that if enough people do that, Comcast and AOL (and actually Google and Hotmail/LiveMail as well) will decide that the sender (wayne.edu) is a spammer and block all mail from that domain. And that is apparently what happened, with the result that many important messages from and to faculty, chairs, deans and students were not delivered, often without notice to the sender.
This raises two important questions:

First, why are people forwarding their Wayne email in the first place? Wayne Connect is powerful, fast and identifies you as a Wayne State individual, and you don’t have to give up your favorite email client (Eudora, Thunderbird, Mac Mail, whatever you like). Some universities forbid forwarding, essentially requiring all employees to use the university-provided email system. After all, when you get a message from joeblow@hotmail.com, how do you know who it is? When message arrives from joeblow at wayne.edu, we know for sure that it is either Joe, or, in the worst case, someone who has stolen their identity. But with a free, random account we have no way of knowing who sent the message.

It is currently already university policy that students must use their Wayne accounts to communicate with their teachers and other official people at Wayne, because otherwise we have no way of knowing who they are, and communicating with a stranger about a student would violate federal law. Should we require faculty and staff to do the same? How would your life be impacted if Wayne were to enact such a policy?

Second, I have actually heard Wayne State senior professors tell junior professors to delete any official message from the university without reading it, because they shouldn’t be ‘bothering’ with mere administrative details–they should be doing their work.

Leaving aside the possibility that the ‘official’ message might be one to evacuate the building because of a gas leak, or to lock their office door because there’s an active shooter in the building, there is the question of how best the university should communicate important messages to its employees, including its faculty. If folks won’t use the internal email system, what should Wayne be doing instead?

Larry Lessig thinks The Social Network movie gets the villains all wrong

And they’re not who you think. Larry Lessig (also here), well known for his work on copyright issues on the Internet, has a review of the Aaron Sorkin movie about Facebook founder Mark Zuckerberg and suggests Sorkin is an old fogey battling for Hollywood’s view of the future of the internet, while Zuckerberg is the future of the internet. Interesting reading, whatever you think. Also deals with the issue of net neutrality, something I’ll have more to say about later.

Lessig review in the New Republic

It’s Ten PM, Researcher. Do you know where your data is?

In a very scary story covered in the Chronicle of Higher Education last week a world-renowned cancer researcher was demoted from Full to Associate Professor by UNC Chapel Hill for failing to keep her servers patched.

Yes, you read that right.
I’ll summarize briefly here, but the full story can be found in these links:

Herald-Sun Article

Chronicle Article

Professor Yankaskas was running a large, NIH-funded research project on breast cancer, part of a national consortium. Apparently the server on which her data was stored was not properly patched (meaning the operating system hadn’t been kept up to date) and, as a result, it was hacked (electronically broken into). It’s not clear whether the data (which included names, addresses and social security numbers) was actually taken, but the University notified all the subjects in any case.
The exact details of what happened are a little unclear, but it seems that her techie assistant had not been doing his/her job properly, and the Provost held her responsible and tried to fire her. A faculty committee recommended a lesser punishment, which ended up being this demotion (with accompanying reduction in pay). She is fighting the decision.
Discussion on the web of whether she is being treated fairly is inconclusive, and we don’t know enough of the details to be able to tell exactly what happened when. But this should be a wake-up notice to everyone at Wayne (or anywhere else) who keeps sensitive research data on a computer. Do you know whether the machine is appropriately protected? Is its operating system up to date? Does it have a firewall enabled? Does it have Symantec Endpoint Protection installed (if it’s a Mac or Windows PC–see previous post)?
The take-away here is not that that administrators can be mean-spirited bullies (although some commenters seem to think so), or that faculty are goofy airheads who can’t be trusted to maintain their own machines (although different commenters are saying that). The main point is that we all need to take responsibility for ensuring the data we are collecting is properly secured, especially if it is sensitive data that we have promised HIC we will be careful with it.

Educause Online at WSU

Educause Conference Live Streaming Oct. 13-15 at TRC

Educause Online @ WSU


Join your colleagues for interesting discussions, presentations, and conversation about IT in higher education. WSU will be broadcasting select live sessions from the annual Educause Conference. Sessions will be shown at the Technology Resource Center inside the Purdy/Kresge Library. To register, log in to Pipeline and click the link on the announcement about the conference.

Install Endpoint–Do Everyone a Favor

Symantec End-Point Protection

October is National Cybersecurity Awareness Month, and Wayne State is observing it by holding a campaign to get everyone to install Symantec End-point Protection on their home and office computers. Here’s why:
The Internet, like the world, is a scary place. But in 2010 you can’t avoid it, and you probably don’t want to. However, you can make it safer, both for you, and for those around you. In the last century we worried about viruses, but the number and kind of threats has vastly increased since then, and many new evil objects have been invented, so much that we now talk about malware, by analogy with hard- and software. Malware is the generic name for programs that get spread throughout the internet, usually landing on someone’s computer. Their purpose is to disrupt, damage or infect individual machines.
Once infected, the malware’s purpose is to help run coordinated attacks on other computers (called denial of service attacks), aid in the distribution of questionable goods (copyrighted movies, music or software, or even pornography, both legal and illegal), or to capture your passwords and other log-in information (this is called keystroke logging). Stolen log-in credentials are then used to steal your money and/or your identity.
Malware is easy to get and hard to get rid of, kind of like a cold. But we do have two kinds of defense. One is behavior—be careful where you surf. A national campaign to get people to ‘stop, think, connect’ is just starting up.
The other is to install Symantec  Endpoint Protection, the successor to Symantec (Norton) Anti-Virus.
NEP is free to all Wayne State students, faculty and staff. You can, and should download Endpoint by clicking the orange icon on http://security.wayne.edu and install it on all PC’s and Macs that you have any control over (Medical School personnel will have it installed and configured automatically on your office computers, but even you Med School folks do need to install it on all your home computers).
It’s quick and it’s free, so what are you waiting for? You owe it to yourself, your family and everyone else at Wayne State.