Security in Mac OS X Lion

According to technical communicator, Phil Stokes, "Security in OS X Lion is a big problem that not many people are aware of." In a recent blog post Stokes wrote:

Security in OS X Lion is a big problem that not many people are aware of, and here’s why: your Lion computer contains the install/recovery disk on the internal drive. That means anyone with a basic knowledge of Mac and Lion can start up your mac and reset your passwords, thereby accessing your user accounts and all your personal data.

Stokes informative post suggests ways to secure a Lion system including removing the install/recovery disk, setting a firmware password and/or using FileVault 2 (FV2). Stokes said, "Apple, of course, thought about this problem. Their own solution is to encourage you to use FV2 to encrypt all your data. Indeed, this is the BEST solution."
If you support Mac OS X you need to read this!

SJSU Alerts: SJSU Dorms Intruder

Sent to the campus community:


Alert S J S U 12:58 p.m.
Update regarding Joe West Hall intruder. Suspect in custody. Reminder: Please immediately call University Police at 924-2222 to report suspicious persons and activities. Remember to always lock your dorm room door and be aware of your surroundings.

ALERT S J S U 8:19 a.m.
This is a follow up to our emergency communication regarding a male dressed in black trying doors, entering rooms and groping the victim in Joe West Hall. University Police have completed an extensive floor by floor search. The suspect is still at large. However, at this time, you may resume normal activities. Immediately call University Police at 924-2222 if you see suspicious persons or activities and remember to keep your dorm rooms locked.

Alert SJSU 5:04 a.m.
Male suspect in his twenties dressed in black tried doors in Joe West, entered room and groped victim. Suspect last seen on third floor. Please ensure that your doors are locked. University Police on scene.

Cool things I saw at Adobe yesterday

Here are some cool things to check out for folks interested in the worlds of animation and electronic publishing:

• Adobe Edge
  No, this animation was NOT done in Flash. This is Adobe Edge. Edge works on a timeline interface you may recognize from Flash Pro, After Effects and Premiere. It uses HTML5 + CSS + Javascript to produce animations without Flash, animations that will run on iOS devices like iPads and all other devices that use modern browsers. Adobe Edge is currently in development and can be downloaded for free.
• Liquid Layout
  Scroll down to the post Dynamic Liquid Layout in InDesign (MAX Sneak Peek) to see one of the most exciting developments for electronic magazines I have ever seen! Watch Kiyomasa Toma, giving you a sneek peak on Liquid Layouts in InDesign. Sorry, the permalink to the specific post did not show the same video.
• iBooks Author
  We also saw a presentation of Apple's iBooks Author. The presenter said, this will give you an idea of some of the functions we can expect to see in CS6.

This is turning out to be one of the most exciting and game changing periods in electronic publishing since electronic publishing rendered the world of hot wax and rubber cement obsolete. Maybe, even more so!

Sexually biased user interface for SJSU employee e-mail?

Click on the image above to see image larger.

Am I being over sensitive? I don't think so. The user interface for employee e-mail provide for employees by Google at SJSU includes this (un)Funny Quote of the Day - James Russell Lowell - "On one issue at least, men and women agree; they both distrust women."
Remember, this is for work e-mail at our university that teaches diversity and gender sensitivity.
Is this what we have to put up with when we contract out?
Is it really appropriate for us to have to ignore our core values to get a product and/or service for free?

Safety Alert: Robbery At SJSU Duncan Hall Shuttle Bus Stop

This was sent to the campus community by the university via AlertSJSU:

San Jose, CA - On Wednesday, January 18, 2012, at approximately 12:45 PM, a robbery occurred in front of the SJSU Duncan Hall shuttle bus stop located at the corner of S. 5th St. and San Salvador St. The victim reported that he was walking near the shuttle bus stop when one suspect hit him on the head and a second suspect took his cell phone. The victim was not injured during the incident and there were no weapons seen. The suspects were last seen running westbound on San Salvador St. away from the campus.

The first suspect was described as a black male, adult, in his early 20's, 6'02" -6'03" tall, wearing an orange or red jacket. The second suspect was described as a black, male adult, in his early 20', 5'11" - 6'00" tall, wearing dark clothing.  The victim did not report the incident until approximately 3:30 PM that afternoon.

Anyone who may witnessed this incident or has information regarding the incident is urged to call the San Jose State University Police Department.  Those wishing to remain anonymous can email/text their information to: sjsu@tipnow.org or text/call: (408) 337-2919.

The SJSUPD reminds campus community members to be aware of their surroundings, and to immediately report crimes to the police department. In an emergency, always Dial 9-1-1 or use a campus blue light phone.

UPD reminds campus community members to be aware of their surroundings, to avoid walking alone at night, and to immediately report crimes and suspicious activity to the police.  Evening Guide Escorts can be requested by calling the UPD directly at (408) 924-2222. 

In an emergency, life threatening situation, or crime in progress, always Dial 9-1-1, or use a campus blue light police phone. 

###

San Jose State University Police Department
One Washington Square, San Jose, California 95192-0012
Phone: (408) 924-2222 -- FAX: (408) 924-2229
E-mail: police@sjsu.edu -- Website: http://www.sjsu.edu/police

TipNow Anonymous Reporting :
Text / Email: sjsu@tipnow.org or Text / Voicemail: (408) 337-2919

Why I'm not going to tomorrow's staff breakfast

If you are really interested, the reason is here on my union blog.

When the official password format fails!

Steve Sloan’s Recommended (Unofficial) SJSUOne Password Format Suggestion. These are not requirements, only my personal suggestions. If you have a current SJSUOne account, and the official SJSUOne Password Format fails, this works. Please do not tell anybody I (or anybody) said these suggestions were requirements. It is suggested by me that your SJSUOne password have the following attributes:

• From eight to eleven characters
• No spaces
• One upper case letter minimum
• One lower case letter minimum
• One number minimum
• Just one (and only one) exclamation mark (do not use any other so-called "special" characters)

Example: 1Porcupine!

Why? My best guess as to why this may make a difference is that you are trying to get a Linux server (Google) to work with a password from a Microsoft Active Directory Domain Controller (SJSUOne). This is not official; it is a suggestion, but it usually works.

No, you cannot reuse your old password. Just forget that idea.

About Yesterday's IT Service Interruption at SJSU

The following was sent to the SJSU IT community:

All services have been restored. Access to www.sjsu.edu was restored around 3:20pm. The rest of the services including SSO were restored successfully and tested around 5pm. The issue was related to firewall policies pushed out to our server farm firewall cluster around 12:35pm this afternoon (Potential bug on the management system). This caused several services to stop working. This included access from external and some of our internal networks to www.sjsu.edu, applications that required SSO access and access to a couple of our monitoring systems. Again, access has been restored to all services.

We continue to investigate for a root cause. Over the last couple weeks we have been working with our firewall vendor on a suspected bug that may cause additional information to be pushed out/changed to the policies. As soon as we have an update we will provide one to this distribution list. In the meantime, please let us know if you see any issues with access to the above services from on/off campus.

Again, our apologies for any inconvenience this may have caused

Regards,
Jaime (Sanchez)

We received over 40 phone calls and walkups at the ITSS Help Desk during this period, about ten percent of what we would experience had the semester already started.

Oracle gives OpenOffice.org to Apache

According to a June 1 post on ZD Net by David Meyer, "Oracle has ceded control of the OpenOffice.org code base to the Apache Software Foundation Incubator project." This opens up some interesting possibilities for universities and others looking to reduce their dependence on proprietary software. According to Meyer:

OpenOffice.org is the most popular free productivity suite, and a major rival to Microsoft Office. The software giant said it was 'donating' the open-source code so as to "demonstrate its commitment to the developer and open source communities".

If folks look at OpenOffice.org they may find it offers all the features they need without having to deal with licensing fees and complex activation schemes.

Yet another SJSU Phishing Scam

Please be aware of this latest phishing attempt (below). Any e-mail asking for your e-mail password and username are scams. Victor Van Leer of SJSU's University Technology Services has sent out the following:

Q. What can I do if I receive a scam message?
A. If you receive a scam message, please do the following to help stop the scam: Press the down arrow next to the "Reply" button. Click "Report Phishing" This action will move the message to your spam folder, block further attempts and alert the Google anti-phishing team to act on this phishing attempt.

A sample of the latest scam message is included below. It is a scam. Users should not reply to it and they should click "Report Phishing" if they receive the phishing scam email.

Below is a sample of the latest scam message:
Note: This message is a scam.
---------- Forwarded message ----------
From: (ITSS) Help Desk
Date: Wed, Jun 1, 2011 at 8:18 AM
Subject: 2011 Webmail Upgrade to prevent Account Being Disabbled
To: (deleted)


Attention San José State University email user!

This message is from Information Technology Services, San José State University to all its email Users.We are upgrading to a new email version to help increase the storage megabyte and are therefore deleting all unused email account.

Also be informed of the serious technical difficulty at hand. Our Webmail Database that records your webmail data and profile has just been contrasted by a serious circulating internet virus. As a result we are upgrading to a new email version to help increase the storage megabit and are therefore deleting all unused email account as a result of the nonexistence of users.

To confirm the your account is currently in use and to integrate the recent maintenance carried out in e-mail system and also help in resetting your space in our database and erase the virus circulation in our webmail . reply back with the information as required below;

Username:...
Email:.......
Password: ...
Re confirm Password:....
Date of Birth:....


Warning! Webmail owner that refuses to update their account by providing the requested details above after reading this mail will loose his / her account permanently.

Account Alert Code: X3XX00178SU Thank you for using San José State University®

University Help Desk


A unit of Academic Technology
Clark Hall, Room 102
San José State University
One Washington Square
San José, CA 95192-0026


San José State University - Home of the Spartans
One Washington Square - San José, California USA, 95192
408-924-1000

Please remember, we do not ever ask for passwords via e-mail!