More Search Tricks in Wayne Connect 365

Last week I provided some tricks for searching through email messages in the new Wayne Connect Powered by Microsoft. Following a question by one of my colleagues, here are some additional keywords and other pieces of search syntax you might find useful.

Binary Operators

You can use AND, OR, and NOT to join search terms. AND means that both items must be present, OR means, of course, either item. NOT excludes the term that follows. Note that these words must be in ALL CAPS. So all of these are legal searches:

elephant AND castle finds messages that contain both ‘elephant’ and ‘castle’.
Jones OR Smith finds any message that has either of those terms.
rutabagas NOT turnip finds all messages that have ‘rutabagas’, but do not also have ‘turnip’

Date Restrictions

It is possible to specify date ranges within searches. You use the operators :< to mean ‘before’, and :> to mean ‘after’. So to find messages between January 1 and March 1 you could write

received:> 1/1/2015 AND received :< 3/1/2015

You can also restrict your search to a particular mailbox by highlighting that mailbox after you search.

Using the minus sign

Finally, for at least some of the keywords, you can place a minus sign – immediately before it, and it will exclude whatever follows the minus. Thus

from:Jones -attachment

will find all messages from Jones that do not have an attachment

and

from:Jones -to:Smith

will find all messages from Jones that are not also to Smith.

More complex searching

My colleague also asked about selecting multiple hits in a search result. Unfortunately this is not quite so easy. Theoretically you can click, then shift-click at the end of a long list, but that seems not to work reliably. The only easy way to select a large number of email messages (in order to drag them to a different mailbox, for example) is not to use the web-based client, but instead to use the Outlook desktop app, which has a very powerful, and very quick search engine.

Has Academica left you apoplectic? Does Wayne Connect leave you feeling disconnected?

New systems come with new puzzles, and our two new connection apps certainly have had that effect. C&IT is offering free training/help over the next few days. All sessions will be held in the Purdy/Kresge Auditorium (use the entrance nearest the Student Center).

The sessions will cover topics from setting up your inbox and syncing Wayne Connect to your mobile device to using streams and getting the most out of our new portal.

Here are the available sessions:

Wednesday, 9/2: 9:00 a.m. – 10:00 a.m.                             Thursday, 9/10: 3:00 p.m. – 4:00 p.m.
Wednesday, 9/2: 10:30 a.m. – 11:30 a.m.                            Monday, 9/14: 9:30 a.m. – 10:30 a.m.
Thursday, 9/3: 1:30 p.m. – 2:30 p.m.                                   Monday, 9/14: 11:00 a.m. – 12:00 p.m.
Friday, 9/4: 10:30 a.m. – 11:30 a.m.                                     Friday, 9/18: 9:00 a.m. – 10:00 a.m.
Thursday, 9/10: 1:30 p.m. – 2:30 p.m.                                 Friday, 9/18: 10:30 a.m. – 11:30 a.m.

You can RSVP for these sessions by logging into Academica and clicking on this link:

https://www.eaa.wayne.edu/event_new/session_registration.cfm?eid=1650

Remember you can always call the Help Desk at (313) 577-HELP or emailing helpdesk@wayne.edu

Some additional notes about Outlook 365

By the time you read this, many of us will have been switched over to the new Microsoft-based email system. And, of course, with any new system, there are both things to learn, new features that are cool, old features whose absence is annoying, and the occasional bug. Here are a few things to be aware of.

The interface (how the program looks) is somewhat configurable. You can choose to have a reading pane on the right, below your list of messages, or not at all. You control this through the pull-down marked by a little gear symbol on the upper right.

Gear

If you click that you can choose ‘Display Settings’. You get two sets of options—where the reading pane appears, and whether the system opens the next message or the previous one if you delete a message.

You can also control a lot more things by choosing ‘Options’ under the same menu. There you can choose a number of items associated with Mail, including automatic replies, what happens when you mark something as ‘read’, and so on. Ignore the button marked ‘Retention policies’—it doesn’t do anything.

Options

Under ‘Layout’ you can choose whether to see ‘Conversations’ (all messages with a common subject line together) or not (all messages solely in chronological order). You can also set up your email signature. If you don’t remember yours, just open an old ‘Sent’ message and copy it, then paste it into the relevant window in the ‘Layout’ area.

I’ll have a few more items in my next posting.

More on the New Email System

I’ve been asked how folks will know that they have been transferred to the new Wayne Connect. The answer is that there will be notification emails a week before the transition and one (business) day before. Then, once you have been transferred, the new mail page will look like this:

New Email header

 

 

Because the new Wayne Connect is part of a larger suite of applications (email, Word, Excel etc.) your login page may look like this:

New O365 Portal Page

 

So you’ll have plenty of warning and you’ll be able to tell immediately. Finally, you will receive an informative email message as soon as the transition has taken place.

Wayne Connect Powered by Microsoft is almost here

In late April I blogged about the new email/calendaring/collaboration system that was going to replace our current Wayne Connect email and calendar system based on Zimbra.

As of this week the new software is gradually being implemented across campus, so this is a good time to remind everyone about what to expect. The most important point is that you don’t need to do anything to implement this new email system–it will happen automatically. In fact, if you get a message telling you to ‘click here’ to upgrade your email, delete the message immediately, and, whatever you do, don’t clickit’s a scam (there have been several phishing messages with this theme over the past couple of weeks).

There are a few things you should do, but they are all essentially ‘back-up’ procedures. Although all your email, calendar entries and address book data will be transferred automatically, your signature won’t be, so you’ll need to recreate it. You can either make a copy of the wording (and images, if you use them) or just wait till after the transfer and look for some email you’ve sent (all the ‘Sent’ messages will be in the ‘Sent Items’ folder) and just you can just copy it from an earlier message to the Signature section of the ‘Options’ page. You can find the ‘Options’ button by looking for the little gear symbol in the upper right hand corner.

Although everyone uses Signatures, there are a few other things that won’t transfer but that only affect some people. If you use Filters in Wayne Connect, they will need to be recreated in the new system. They are easy to make–right click on a message you want to be the basis of a Rule (say, anything that comes from that email address) and choose ‘Inbox Rules’, then follow the instructions. If your old filters are complicated, you might want to note them down so that you can implement with the Microsoft system, where they are called ‘Rules’.  Also, Tags won’t transfer, so if you tag your mail, that will also need to be rewritten. Tags are called ‘Categories’ and are based on colors.

Remember that, if you have been using the Wayne Connect Notebook, the files in there will be transferred to your OneDrive area.

Anatomy of a Phishing Onslaught

Recently Wayne State University was attacked, a small skirmish in a diffuse, ongoing cyberwar, albeit without a single, defined enemy. This is an account of what happened, why it happened, and how the university responded. I have tried to make the explanation of each event relatively non-technical, but a certain amount of geekery seems unavoidable.

On May 11, at 9:48 in the morning 182 University computers received an email message from a computer belonging to a local contractor who was doing work on the WSU campus. The message had the subject line ‘invoice’, and the text of the message said merely ‘Check invoice’. There was a zip file attached. A zip file is a data file that has been ‘compressed’ so it can travel more easily over the tight ‘passages’ of the email system. It’s a perfectly respectable way of making large files (such as pictures, pdf files and such) fit within email size limits.

However, when the recipients clicked on the file labeled ‘invoice123.zip’ it extracted into a file named ‘e9058.pdf’, which showed up on the screen as a file with an attached (blurry) image of the Adobe Acrobat logo, making it look like a real pdf. When the respondents with Windows computers (but notably not Macs or Linux machines) then ‘opened’ the pdf file, the following things happened:

  1. that person’s computer connected to some external websites
  2. from which it then downloaded additional malware, which proceded to search their computer for personal banking logins
  3. it then connected to remote ‘command and control’ servers. passing control of the computer overseas.
  4. finally it looked in the local Outlook address book and used it to send the infecting email message to addresses it found there.

It took about an hour for the first three computers to get infected, but the attack was discovered by the C&IT Security office after the second computer began spreading the virus. Between the time that the second computer was detected and when it was shut off the network, seven minutes elapsed, and during those seven minutes that computer sent out 4462 virus emails.

By the time the third computer was infected, C&IT’s security office was able to take action to stop the further spread of the virus. A set of filters on the WSU email system blocked transmission of the zip file, but by noon 150 computers had been infected, and 111 of them were sending out email with the attached zip file.

You might wonder why our Symantec antivirus software didn’t detect the infection when the attachment was opened. The answer is that Symantec (and all other antivirus systems) rely on known virus ‘signatures’ (identifying features), and this was what is known as a ‘zero-day’ attack—a brand new virus never before seen ‘in the wild’. It takes the antivirus people a day or so to develop the specific tools needed for each new virus and distribute them to their users.

In addition, because the virus relied on Outlook address books, people got email from people they knew, who did occasionally send them invoices.

The spread of the virus was effectively stopped by 11:50. Our security team isolated it and determined that it was connecting our computers to Serbia and Ukraine. The Security team then set the university firewall to block connections there, and identified all of the infected computers.

In order to clean up the infection those machines maintained by C&IT (i.e. managed by the DeskTech unit) were reformatted, and outside of the DeskTech domain local administrators were given guidance on how to clean the machines under their control.

In addition, within the DeskTech domain a program called AppLocker was turned on. This prevents computers from running software that did not have an appropriate signature, or which were installed in nonstandard places in a computer (i.e. not in Program Files). Unfortunately this broke a number of specialized programs that various people around campus relied upon, and special rules had to be written to fix this.

By the evening only a few infected computers were not yet fixed,and the original attacker used that to their advantage. Overnight new instructions were passed down to these few straggling machines, and the next day a new attack was launched, sending attachments with different names, but the same modus operandi. These were blocked within 20 minutes of the first occurrence, but to ensure no further attacks, there was a temporary block placed on all zip files sent through the email system. Since there are many legitimate uses of zip files, this block will be ended shortly.

Meanwhile, everyone who was affected was required to change their WSU passwords. Careful examination of system logs showed that four of those AccessID’s were tried from Russia (while their owners were at work on campus) but none of the logins succeeded, so apparently no passwords were compromised.

What can we learn from this adventure?

The faster the IT security guys can act the less harmful the infection. Forwarding suspicious emails to the Security Office (or dragging them to the Phishing applet in Wayne Connect) is valuable. A delay of even an additional hour could have been catastrophic for the campus.

Smooth coordination between the security office and desktop support enabled the spread of the infection to be halted quickly.

We continually remind folks not to click on attachments they don’t expect from people they don’t know. Now we need to modify this—don’t click on any attachment, regardless of sender, unless you are sure it is safe. The text of the email message should reference the content of the attachment and you should be expecting that content. If it doesn’t either phone the sender or just delete it.

Finally, if you’d like to learn more about how to resist phishing attempts, you can take the anti-phishing training we make available through Accelerate, HR’s online training system. To get there, log in to Academica, then search for ‘Accelerate’ in the search box (unless you’ve already been there, in which case it should show up in your personalized links). Start Accelerate, then Browse the Catalog, C&IT Security Awareness Program, and finally PhishProof (Part 3), Launch.

A New Wayne Connect is Coming

Many of us received a message from C&IT today announcing the new Wayne State email system, which will be called Wayne Connect – Powered by Microsoft. There are a number of new features that everyone will be happy about, and this blog is intended to highlight several of them.

OneDrive

First, everyone will have a personal storage, collaboration and sharing tool called OneDrive. Some of you may use this already, and it’s very similar to competitors such as Dropbox and Box. It has the advantage of being much more secure, but has all the features that have made these tools so popular—you can share specific files with specific people (ending the need to share large files by emailing them), or with groups (making collaborative writing tasks much easier). OneDrive comes with 50GB of storage for all users—way more than the 12 GB we have now.

Skype for Business

The new system also comes with Skype for Business, which is an IM client, but also allows for audio and even video conferencing (if you have a microphone and camera on your computer).

Email, calendars and address books

But, of course, Wayne Connect is also an email and calendaring system. You will have the choice of using the web-based client, which will be very similar to the current Wayne Connect Zimbra-based system (or Outlook 365, if you use that). Alternatively, you can use (or continue to use) the desktop Outlook program instead, or in addition. In fact you can use any email client, including the ones on your phone or tablet, or Mac Mail, or… Each one has advantages and disadvantages. The desktop version allows you to import .ics calendar files, so you can import appointments from, say, Tripit or OpenTable. The web-based version is of course available wherever you can get access to a browser.

What you don’t need to do.

All your current Wayne Connect files will be moved into the new system over the next few months, so all your back email and old appointments will be there, as will your address book, so you don’t need to do anything to keep all that stuff.

What you do need to do

There are a few small wrinkles in some corners of the system. If you use filters they won’t transfer, so you’ll have to rewrite them, and you’ll need to recreate your signature file(s) and any file permissions you might have set up.

If you use Briefcase you’ll need to move all your files into the main folder—any additional folders you might have created won’t transfer.

These details can be found here

Maybe our students aren’t so savvy after all

And maybe we aren’t either.

An article in this week’s Chronicle suggests that we’re on shaky grounds if we assume our students know tons about how the Internet works and what that means for their (and our) future.

A couple of faculty  at Northwestern (Eszter Hargittai and Brayden King) teach a course called ‘Managing your Online Reputation’, where they encourage students to find out what the Internet knows about them and think about what it’s advertising to the world.

Their idea is that students should be encouraged not only not to post videos of stupid things they might have done, but also to think about posting (tweeting, instagramming, tumblr-ing) positive views about their skills, attainments, knowledge and capabilities in a way that the usual searches will turn up not only nothing bad, but rather some good stuff.

The course was based partly on research by one of the faculty (Hargittai) that showed that, contrary to what many of us believe, many students today know less about online life than most of us. For example,

about one-third of the survey respondents could not identify the correct description of the ‘bcc’ email function. More than one-quarter said they had not adjusted the privacy settings or content of social-media profiles for job-seeking purposes.

My experience has been that I have a few students who are really tech-savvy, a few who have no idea what they are doing, and the rest somewhere in between. And, of course,  being tech savvy is a moving target. I’ve been doing email since 1990, so I certainly understand how that works. But I only joined Instagram about a month ago, and Tumblr  a few weeks earlier than that, mostly to follow a nephew who’s traveling around the world and documenting it on Tumblr.

On the third hand, I actually understand what the Heartbleed vulnerability is exploiting (and I even understand what that last sentence means…).

Anyway, some food for thought.

And, for a contrary view, try this. And for an even more contrary view on brand-building, there’s this.

 

Some Thoughts on the NSA Data Collection Story

Anything I say here would be highly political, needless to say. The following reflects my views alone, and does not speak for the university.

My university IT security policy buddies around the country have discussed whether universities ought to add a warning to our email log-in screens saying that anything you write may be indexed by the federal government. I don’t think any university has actually done that so far, however. Given the size of the headlines, it seems unnecessary to restate what the whole world now knows.

Instead, I’ll link to a number of thoughtful columns, all by people I respect, who have said things I think are right on.

Bruce Schneier, well-known security guru. Invented the term ‘security theater’.

Daniel Ellsburg (if you’re old enough you certainly remember him.)

Tracy Mitrano (blogs for Inside Higher Ed, my opposite number at Cornell and a good friend)

Peter Swire, International Privacy Association and the C. William O’Neil Professor at the Moritz College of Law of The Ohio State University

More on gaining your real identity

Geoff Plate

Several folks asked me how to go about making sure you are you, and not your license plate. I’m going to give some detailed instructions here to help. This assumes you are using the Web-based version of Wayne Connect, through Firefox, Internet Explorer, Chrome or Safari. If you use Outlook, Mac Mail or Thunderbird you’ll need to use a slightly different procedure.

First, make sure that your normal return address is your real name. You do this by going to ‘Preferences’ on the top menu and selecting ‘Accounts’.

Preferences Panel

 On the right you will see Primary Account Settings.

Primary Account Settings Box

Put your preference for how your name will be displayed in the two left-hand boxes and click Save (at the top of the screen). Now what you have chosen as your name will always show up as the sender, whether you use your license plate or not.

If you need to keep a license plate return address (say because you are subscribed to a listserv with that address) you need to establish a Persona. This is essentially an alias that you can choose before you send a message.

To do this, click the ‘Add Persona’ button, and you will see this:

Persona Image

Choose the address you need to establish (normally your license place) from the drop-down menu on the right. Click the appropriate boxes (When replying to…), give it a name, and click Save.

Then, whenever you send a message (and particularly when you are writing to a listserv which uses your license plate ID) you will see a little drop-down box in the ‘From’ area.

Return address drop-down

Now, every time you send an email you have the choice of which return address to use.

One more thing. Just today I got a message with lots of unidentified license plates. In fact, there were probably fifty out of maybe a hundred addresses in all. Mine was one of them–I have no idea why (this was neither a ‘reply’ nor any other automatic isertion of addresses). That’s what I’m talking about….