What does the Yahoo Breach mean? Fix your password now!

You may have heard that Yahoo suffered a security breach which they revealed last week, although it’s not exactly clear when it happened, or even when they became aware of it. You probably don’t think this matters to you, but you might be surprised. There are some things you should do immediately, and some things you should do in the next few days.

First the facts: According to Reuters,  at least 500 million (yes, half a billion) accounts were hacked. That means that user names, email addresses, telephone numbers, birth dates, and encrypted passwords were all stolen. Unencrypted passwords, payment data (bank account information) were not taken. According to Bruce Schneier this is the largest breach in history.

Yahoo is claiming that the breach happened in 2014, and that they became aware of it recently, although some have questioned that claim.

So what does this have to do with you? First, if you know you have a Yahoo account, change the password now. Although they claim it happened two years ago, unless you’re sure you’ve changed the password since then, change it now.

Second, many other things are linked to Yahoo. For example, if you have a Uverse account, and use the email address associated with it, that’s the same set of credentials. The same for Flickr. Also, change the security questions (and especially the answers).[1]

Finally, if you used the same password for any other account, particularly your Wayne State email/Academica/AccessID account, CHANGE THE PASSWORD NOW!!! Especially if you have the same access ID (i.e. as I do, geoffnathan@yahoo.com)[2]

This is a good reason, unfortunately, for the annoying requirement for frequent password changes—people reuse passwords. On the other hand, if you use a password manager (like LastPass or Dashlane or Keepass) you don’t need to worry about it. You can read a discussion of the various password managers here

Finally, check back here later in the week to hear about a new security measure C&IT will be implementing that will change the way you get to things like your pay stub, your time sheet and your direct-deposit information in Academica.


[1]    This is a good time to reiterate that you should not use standard answers to security questions. So if it asks you your mother’s maiden name, LIE. Nobody cares, and that answer can’t be Googled, and isn’t on Facebook. Just make sure you record you answer somewhere where you can find it.

[2]    And, before you can get smart with me, as I am writing this I have already changed it.

More Search Tricks in Wayne Connect 365

Last week I provided some tricks for searching through email messages in the new Wayne Connect Powered by Microsoft. Following a question by one of my colleagues, here are some additional keywords and other pieces of search syntax you might find useful.

Binary Operators

You can use AND, OR, and NOT to join search terms. AND means that both items must be present, OR means, of course, either item. NOT excludes the term that follows. Note that these words must be in ALL CAPS. So all of these are legal searches:

elephant AND castle finds messages that contain both ‘elephant’ and ‘castle’.
Jones OR Smith finds any message that has either of those terms.
rutabagas NOT turnip finds all messages that have ‘rutabagas’, but do not also have ‘turnip’

Date Restrictions

It is possible to specify date ranges within searches. You use the operators :< to mean ‘before’, and :> to mean ‘after’. So to find messages between January 1 and March 1 you could write

received:> 1/1/2015 AND received :< 3/1/2015

You can also restrict your search to a particular mailbox by highlighting that mailbox after you search.

Using the minus sign

Finally, for at least some of the keywords, you can place a minus sign – immediately before it, and it will exclude whatever follows the minus. Thus

from:Jones -attachment

will find all messages from Jones that do not have an attachment

and

from:Jones -to:Smith

will find all messages from Jones that are not also to Smith.

More complex searching

My colleague also asked about selecting multiple hits in a search result. Unfortunately this is not quite so easy. Theoretically you can click, then shift-click at the end of a long list, but that seems not to work reliably. The only easy way to select a large number of email messages (in order to drag them to a different mailbox, for example) is not to use the web-based client, but instead to use the Outlook desktop app, which has a very powerful, and very quick search engine.

Has Academica left you apoplectic? Does Wayne Connect leave you feeling disconnected?

New systems come with new puzzles, and our two new connection apps certainly have had that effect. C&IT is offering free training/help over the next few days. All sessions will be held in the Purdy/Kresge Auditorium (use the entrance nearest the Student Center).

The sessions will cover topics from setting up your inbox and syncing Wayne Connect to your mobile device to using streams and getting the most out of our new portal.

Here are the available sessions:

Wednesday, 9/2: 9:00 a.m. – 10:00 a.m.                             Thursday, 9/10: 3:00 p.m. – 4:00 p.m.
Wednesday, 9/2: 10:30 a.m. – 11:30 a.m.                            Monday, 9/14: 9:30 a.m. – 10:30 a.m.
Thursday, 9/3: 1:30 p.m. – 2:30 p.m.                                   Monday, 9/14: 11:00 a.m. – 12:00 p.m.
Friday, 9/4: 10:30 a.m. – 11:30 a.m.                                     Friday, 9/18: 9:00 a.m. – 10:00 a.m.
Thursday, 9/10: 1:30 p.m. – 2:30 p.m.                                 Friday, 9/18: 10:30 a.m. – 11:30 a.m.

You can RSVP for these sessions by logging into Academica and clicking on this link:

https://www.eaa.wayne.edu/event_new/session_registration.cfm?eid=1650

Remember you can always call the Help Desk at (313) 577-HELP or emailing helpdesk@wayne.edu

Some additional notes about Outlook 365

By the time you read this, many of us will have been switched over to the new Microsoft-based email system. And, of course, with any new system, there are both things to learn, new features that are cool, old features whose absence is annoying, and the occasional bug. Here are a few things to be aware of.

The interface (how the program looks) is somewhat configurable. You can choose to have a reading pane on the right, below your list of messages, or not at all. You control this through the pull-down marked by a little gear symbol on the upper right.

Gear

If you click that you can choose ‘Display Settings’. You get two sets of options—where the reading pane appears, and whether the system opens the next message or the previous one if you delete a message.

You can also control a lot more things by choosing ‘Options’ under the same menu. There you can choose a number of items associated with Mail, including automatic replies, what happens when you mark something as ‘read’, and so on. Ignore the button marked ‘Retention policies’—it doesn’t do anything.

Options

Under ‘Layout’ you can choose whether to see ‘Conversations’ (all messages with a common subject line together) or not (all messages solely in chronological order). You can also set up your email signature. If you don’t remember yours, just open an old ‘Sent’ message and copy it, then paste it into the relevant window in the ‘Layout’ area.

I’ll have a few more items in my next posting.

More on the New Email System

I’ve been asked how folks will know that they have been transferred to the new Wayne Connect. The answer is that there will be notification emails a week before the transition and one (business) day before. Then, once you have been transferred, the new mail page will look like this:

New Email header

 

 

Because the new Wayne Connect is part of a larger suite of applications (email, Word, Excel etc.) your login page may look like this:

New O365 Portal Page

 

So you’ll have plenty of warning and you’ll be able to tell immediately. Finally, you will receive an informative email message as soon as the transition has taken place.

Wayne Connect Powered by Microsoft is almost here

In late April I blogged about the new email/calendaring/collaboration system that was going to replace our current Wayne Connect email and calendar system based on Zimbra.

As of this week the new software is gradually being implemented across campus, so this is a good time to remind everyone about what to expect. The most important point is that you don’t need to do anything to implement this new email system–it will happen automatically. In fact, if you get a message telling you to ‘click here’ to upgrade your email, delete the message immediately, and, whatever you do, don’t clickit’s a scam (there have been several phishing messages with this theme over the past couple of weeks).

There are a few things you should do, but they are all essentially ‘back-up’ procedures. Although all your email, calendar entries and address book data will be transferred automatically, your signature won’t be, so you’ll need to recreate it. You can either make a copy of the wording (and images, if you use them) or just wait till after the transfer and look for some email you’ve sent (all the ‘Sent’ messages will be in the ‘Sent Items’ folder) and just you can just copy it from an earlier message to the Signature section of the ‘Options’ page. You can find the ‘Options’ button by looking for the little gear symbol in the upper right hand corner.

Although everyone uses Signatures, there are a few other things that won’t transfer but that only affect some people. If you use Filters in Wayne Connect, they will need to be recreated in the new system. They are easy to make–right click on a message you want to be the basis of a Rule (say, anything that comes from that email address) and choose ‘Inbox Rules’, then follow the instructions. If your old filters are complicated, you might want to note them down so that you can implement with the Microsoft system, where they are called ‘Rules’.  Also, Tags won’t transfer, so if you tag your mail, that will also need to be rewritten. Tags are called ‘Categories’ and are based on colors.

Remember that, if you have been using the Wayne Connect Notebook, the files in there will be transferred to your OneDrive area.

October is National Work and Family Month and…

Filipino American History Month  (not to mention LGBT History month )
and several other months too. And October 27 is National Pit Bull Awareness Day

But, seriously, folks,  it’s also National Cyber Security Awareness Month, and C&IT is taking the occasion to ‘raise awareness’ of phishing as an internet danger.

Most people now know what phishing is: an attempt by crooks to get you to visit a website or download a file to your computer that will infect your computer (or your smartphone, or tablet) and either steal data from it or use it to send additional spam, or even help launch Denial of Service attacks.

In 2012 most users have no idea what their computer (tablet, smartphone) is doing ‘behind their backs’. For example, tiny files are deposited on your computer all the time when you visit websites (these files are called ‘cookies’, and they make it easier for you to log in to Wayne Connect, or order stuff from Amazon, or buy airline tickets). Unless you’re geeky, like some of my colleagues, you have no idea what cookies your computer might be harboring, and that’s generally not a danger.

But some websites put much more malicious items on your computer. For example, programs that snatch control of your computer and use it to send out spam. Even porn-based spam. Or the program might send out tens of thousands of messages to a particular, targeted website (say Walmart, or the White House). If enough infected computers do this, the net effect is to break the targeted website so it can’t function. These attacks are called Distributed Denial of Service (DDOS) attacks, and programs downloaded without your knowledge are used to do this.

Another way that your computer can be seized (metaphorically) is through opening attachments that are designed to do the same thing–surreptitiously put programs on your computer. And we all get messages saying things like ‘please see the attachment for important information’ or something like that.

Now, you may think you’d never fall for these tricks, but in early September several of your Wayne State colleagues did, and their computers were ‘pwned’ (cute internet slang for ‘taken over by cybercrooks’) and sent out tons of spam. As a result all of Wayne State email was marked as spam by Microsoft (who run Hotmail and its successors), and nobody at Wayne could contact anyone with a Hotmail or .msn address. Many of us were handicapped by this until we could persuade Microsoft that we were good guys after all.

So, C&IT is going to be running a campaign to teach folks how to recognize phishing messages and what to do when you receive one. And this blog entry is one of the opening salvos in that campaign. Anticipate hearing lots more about this, including an exciting contest with clever prizes.
And happy National Bullying Prevention Month.

Have You Tried Turning It Off And On Again?

Those of you familiar with British sitcoms might be aware of the show The IT Crowd, about an IT support office for a huge but mysterious company. Their catchphrase is the title of this blog. The reason I’m bringing this up is that C&IT is going to do just that this coming Sunday. Everything you know and love will go away from midnight Saturday night till 10 AM Sunday morning, and this blog is intended to provide a sense of why this is being done and what effects it will have.

As you might imagine, C&IT has hundreds of servers, running Pipeline, Blackboard, Banner and even each other. The last bit is because much of the C&IT infrastructure runs on virtual machines rather than having one operating system per machine, and there is also complex load balancing going on. When there are thousands of people visiting Blackboard at the same time a ‘traffic cop’ assigns them to different routes to the basic Blackboard files.
Consequently, the electrical power demands of these hundreds of units are very large, and require  a very elaborate system to assure continuous power. The system includes an enormous battery back-up system, and beyond that, a natural gas-powered generator to power the entire building independently when power problems occur. All this is necessary to deal with the vagaries of electrical supply in the city of Detroit, especially during the peak-demand summer months.

The electricity comes into the primary room to the un-interruptable power supply (UPS) system and is then routed to power distribution units (PDU’s) where the power is transformed from 480 volts to 208 volts before being distributed through panels that are similar to the circuit breaker panels in your basement. Over the years the number of servers has increased, and it’s time to rewire the PDU’s  in order to make sure that servers are connected redundantly to the PDU’s and subsequently the breakers. But, as you know if you’ve ever thought about doing this at home, you need to shut off the entire power supply before you touch anything. So, early on Sunday morning (specifically 12:01 AM) we’ll start shutting down all the computers. Because they are all interconnected, this is a complex and slow process. Then the electrical guys will do the rewiring, and finally we’ll turn it all back on again, which is again, a very slow and careful process. This is why we’re allocating ten hours for the complete change. It’s possible it will take less time, but just to be sure, we’re being very cautious.

So, everything you normally use (Blackboard, Pipeline, Banner, Wayne Connect email…) will be turned off between midnight and 10 AM Sunday morning. We’re hoping, because the university is closed Monday in observance of Martin Luther King Day, that this will not be too disruptive.

More cool ways to use Wayne Connect

My last post about Wayne Connect dealt with ways to use the powerful search engine capabilities to find anything anyone has ever sent you (or that you have ever sent to anyone else). This week’s post will deal with how to do things quickly.
There’s a variety of ways that people interact with their computers. Some are more mousy, others are more fingery. I tend to do a lot with the keyboard, reaching for the mouse only occasionally. Consequently, I really like keyboard shortcuts to do stuff. And Connect has lots of these, and they’re mostly very fast.
The keyboard shortcut I use the most is for moving messages to mailboxes. I keep a lot of my mail in mailboxes (it’s an old habit–in some senses you don’t need to do this if you are good at thinking of clever ways to search for things). For example, I set up a mailbox for every course I’m teaching, and put all correspondence with students about that course in there. Similarly, I subscribe to several linguistics listservs, and put any messages I want to keep in the relevant mailbox.
When the message is open on the screen you can go to the ‘Move’ icon:

Click it, then click on the relevant mailbox in the little box that pops up. If you have lots of mailboxes you’ll have to scroll down, which, of course, means lots of mousework. However, you can also type ‘m’, then the first letter or two of the relevant mailbox, which will probably highlight the one you want (if not, you’ll have to type more letters or move the cursor either with the mouse or with the arrows). For example, if I type m, ph, I get this:

Once the relevant mailbox is highlighted you can hit enter and it will move the message to the relevant place.

Other keyboard shortcuts that I use include ‘f’ for ‘forward’, ‘n’ to bring up a new message and one that I never remember, but would otherwise be pretty handy–switch between mail, calendar and address book with ‘g’ followed by ‘m’ for mail, ‘a’ for address book (contacts) and ‘c’ for calendar.

All of these shortcuts are listed on the ‘Preferences’ page. Click ‘preferences’, then ‘shortcuts’ on the menu on the left side.

My next blog on this topic will deal with filters and personas.

Cool Ways to Handle your Wayne Connect E-mail

It has been a long time since I’ve blogged, and I thought I’d get back in the saddle by writing something about cool things you can do with our e-mail system.
I have used the web-based version of Wayne Connect since it first came out, but I am continually learning new tricks and shortcuts, and I’m going to share some of them with you here.

With Wayne Connect, (which is based on the Zimbra e-mail program, also underneath AT&T and Yahoo’s e-mail programs) the main thing to remember is that there is no real need to carefully manage and husband your e-mails. With 10 gigabytes of storage most people can keep five or even ten years of e-mail in the system and be able to access any specific message within a few seconds, because the program comes with very powerful search tools. If you are used to desktop client e-mail programs such as Outlook or Thunderbird you will find the web-based Wayne Connect system equally powerful, once you learn how to run searches quickly.

The key is to use the search box at the top of the window:

You can write simple text in here, and it will find all e-mail messages with that text, even if the text is in an attachment (assuming the attachment has text and isn’t a graphics file such as a jpeg or certain kinds of pdf’s).
In addition, if you use mailboxes you can add a restriction only to look in certain ones by typing
in: and clicking on whatever mailbox shows up in the list.
Furthermore, if you are looking for a message from some person, you can add from: and the name of the sender.
For example, suppose that I want to find all messages from my friend Mervyn that talk about laptops, but haven’t yet been filed to my Notabene mailbox. Such a complex search would look like this:

laptop in:Inbox from: mervyn

and the result (using my mail account) looks like this after you hit enter or click search:

You can add additional search terms as well. For example, if you type has: in the box it will offer to look for attachments, phone numbers or url’s contained within all messages. So if you want Suzie’s phone number, and you remember that it’s in a message that Sam sent, you can search as follows:

from:Sam has:phone

You can also search all your mail (all 10 Gigs of it) by status. Say you want to see all unread e-mail from President Obama (perhaps something’s nagging your conscience). You can use the is: parameter, as follows:

from:Obama is:Unread

Notice that the program offers many other ‘status’ options besides ‘unread’. Just click on one to find it.
There are many other cool things you can do with the Wayne Connect interface, and I’ll write about some more in a subsequent blog entry.