News & Announcements Archive

News & Announcements

  • Apr
    07

    OpenSSL HeartBleed Vulnerability Alert

    UCIT Office of Information Security Alert Bulletin

    **OpenSSL HeartBleed Vulnerability Alert**

    A vulnerability was discovered with OpenSSL which allows anyone on the Internet to read the memory of systems that run vulnerable versions of OpenSSL, revealing the secret authentication and encryption keys to protect the traffic. User names, passwords and the actual content of the communication can also be read. The bug appears to have been in OpenSSL for 2+ years since December 2011 and exploiting this bug leaves no trace in server logs so there is no easy way to determine if a server has been compromised.

    Affected Versions

    OpenSSL 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1.

    Is There a Solution?

    OpenSSL and the UCIT Office of Information Security (UCIT OIS) recommend that users immediately upgrade to version 1.0.1g. Administrators are advised to apply the up-to-date version of OpenSSL, revoke potentially compromised private keys and reissue new keys. The newest version is available on OpenSSL’s website: https://www.openssl.org/source/.

    QualysGuard Vulnerability Scanning

    UCIT OIS uses QualysGuard, an enterprise vulnerability assessment, policy compliance, and remediation management tool that provides an extensive built-in database with the latest CVE vulnerability definitions. Monthly scans will be completed on the university’s network to ensure there are no vulnerable OpenSSL server’s on our network. If an outdated version of OpenSSL is found on the network, the IT Coordinator responsible will be contacted and told to upgrade their OpenSSL server. While upgrading however all certificates must be revoked and requested again once the upgrade is complete.

    End UCIT Office of Information Security Alert Bulletin

  • Apr
    03

    April 2, 2014 West Campus Shred Event Results

    Spring2014 Shred

    UCIT Office of Information Security (UCIT OIS) is pleased to announce the results from the campus Shred Event on Wednesday, April 2, at McMicken Commons on West campus.

    Courtesy of sponsorship from Document Destruction, UCIT OIS collected, securely shredded and recycled nearly 4,400 pounds (2.2 tons!) of documents received from 26 departments/colleges in only 4 hours at zero cost to the university.

    If you and/or your department or college were unable to participate in this first shred event, don’t worry. UCIT OIS will be hosting another one in the near future, so be looking out for a date!

    All personal and professional documents are accepted, but paper clips, hanging file folders and other metal/plastic must be removed from the documents in advance. (Staples are okay.)

    For additional information please visit the UCIT OIS website at http://www.uc.edu/infosec/services/shredding.html

  • Mar
    17

    April 2, 2014 West Campus Shred Event

    shredded-paper1

    UCIT Office of Information Security (UCIT OIS) is holding another Free Shred event on Wednesday, April 2 on West Campus in McMicken Commons. We will be accepting paper from 9 a.m. until 12:30 p.m.

    All faculty, staff, and students are invited to drop off professional or personal sensitive documents to ensure they are securely destroyed and recycled. All metal, including paper clips and hanging file folders must be removed in advance; staples are permissible. Plastic also needs to be removed - comb bindings, transparencies, Polaroid pictures, Tyvek envelopes. Anything that cannot be torn is not acceptable.

    UCIT OIS staff will remain present to ensure that all documents received are properly destroyed.

    For additional information please visit our Shredding page.

  • Mar
    03

    Microsoft End of Support Announcement

    microsoft

    Microsoft has recently announced that a number of their software products will be reaching their end of support date. The products that are ending their support this year include Windows XP, Office 2003, and Exchange Server 2003.

    When software reaches End of Support, customers are still able to utilize the product. However, Microsoft will no longer provide security updates or update online content. In short, companies are responsible for their own for support; more importantly, as no security updates are provided they accept the associated risk/s.

    Microsoft has released a helpful guide for their users showing how to upgrade from Windows XP to Windows 7. In order to receive security patches it's recommended that an upgrade to Windows 7 takes place.

    Products Reaching End of Support April 8, 2014

    • Windows XP
    • Office 2003
    • Exchange Server 2003

    Products Reaching End of Support July 14, 2015

    • Windows Server 2003

    Products Transitioning to Extended Support July 8, 2014

    • SQL Server 2008
    • SQL Server 2008 R2
  • Jan
    06

    "McAfee Security" to transition name to "Intel Security"

    McAfee Logo

    Intel CEO Brian Krzanich announced at the Consumer Electronics Show (CES) in Las Vegas on Monday, January 6 2014 that Intel will begin phasing out the "McAfee" name and will be transitioning to the "Intel Security" name.

    Per CNET's Seth Rosenblatt, "The software will remain unchanged except for changing the name from McAfee Security to Intel Security. The iconic red McAfee shield will remain, for now, and some components of the mobile versions of the software will be free to use on iOS and Android devices. The rebranding is expected to take up to a year to complete."

    Additional information is available in the article on the CNET website.


  • Oct
    28

    Information Security Awareness Week 2013 Re-Cap

    UCIT OIS ISAW 2013

    The fifth annual Information Security Awareness Week (ISAW) has unfortunately now come to a close. This year we had an impressive turnout and some great vendors to help out as well! If you walked through the Tangeman University Center this past week (October 21-23) you would have seen the UCIT Office of Information Security, Student Safety Board, Dell, Insight Global, TekSystems, and Apple.

    This year students were given awareness on mobile device security, QR codes, URL shorteners, social media safety, and phishing. Many of these topics are "hot" in the technology world when it comes to security, so educating our users will hopefully prepare us for potential attacks in the future.

    UCIT OIS will continue to publish documentation on multiple topics in security on our Awareness & Training page throughout the year. So, if you missed us in person, check us out on the web!

  • Oct
    28

    October 24, 2013 West Campus Shred Event Results

    UCITOIS_WestShred

    UCIT Office of Information Security (UCIT OIS) is pleased to announce the results from the campus Shred Event on Thursday, October 24, at McMicken Commons on West campus.

    Courtesy of sponsorship from Document Destruction, UCIT OIS collected, securely shredded and recycled nearly 7,500 pounds (3.7 tons!) of documents received from 32 departments/colleges in only 4 hours at zero cost to the university.

    If you and/or your department or college were unable to participate in this first shred event, don’t worry. UCIT OIS will be hosting another one in the near future, so be looking out for a date!

    All personal and professional documents are accepted, but paper clips, hanging file folders and other metal/plastic must be removed from the documents in advance. (Staples are okay.)

    For additional information please visit the UCIT OIS website at http://www.uc.edu/infosec/services/shredding.html

  • Oct
    18

    Information Security Awareness Week (ISAW)

    staysafeonlineorg

    This year marks the tenth anniversary of National Cyber Security Awareness Month sponsored by the Department of Homeland Security in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center.

    UCIT Office of Information Security (UCIT OIS) is one of many entities that participate. UCIT OIS has held Information Security Awareness Week (ISAW) annually since 2009 to help promote the month and spread awareness to the university community so that UC may work towards a more secure future.

  • Oct
    18

    October 24, 2013 West Campus Shred Event

    shredded-paper1

    UCIT Office of Information Security (UCIT OIS) is holding another Free Shred event on Thursday, October 24th on West Campus in McMicken Commons from 9 a.m. until 11:30 a.m.

    All faculty, staff, and students are invited to drop off professional or personal sensitive documents to ensure they are securely destroyed and recycled. All metal, including paper clips and hanging file folders must be removed in advance; staples are permissible. Plastic also needs to be removed – comb bindings, transparencies, Polaroid pictures, Tyvek envelopes.  Anything that cannot be torn is not acceptable.

    UCIT OIS staff will remain present to ensure that all documents received are properly destroyed.

    For additional information please visit http://www.uc.edu/infosec/services/shredding.html


  • May
    17

    May 16, 2013 East Campus Shred Event Results

    Image of UCIT OIS at May 16 Campus Shred Event

    UCIT Office of Information Security (UCIT OIS) is pleased to announce the results from the second campus Shred Event of 2013, held Thursday, May 16, at the rear of Eden Garage in Lot 13 on East Campus.

    Courtesy of sponsorship from Shred-Safe, UCIT OIS collected, securely shredded and recycled 15,200 pounds (7.5 tons!) of documents received from 16 departments/colleges in only 2.5 hours at zero cost to the university.

    If you and/or your department or college were unable to participate in the recent shred events, don’t worry. UCIT OIS will offer additional shredding events in the Fall!

    All personal and professional documents will be accepted, but paper clips, hanging file folders and other metal or plastic must be removed from the documents in advance. (Staples are okay.)

    For additional information please visit the UCIT OIS website at http://www.uc.edu/infosec/services/shredding.html

  • May
    06

    May 16, 2013 East Campus Shred Event

    Image of shredded paper

    UCIT Office of Information Security (UCIT OIS) is holding another Free Shred event on Thursday, May 16th on East Campus at the rear of Eden Garage in Lot 13 from 9 a.m. until 11:30 a.m.

    All faculty, staff, and students are invited to drop off professional or personal sensitive documents to ensure they are securely destroyed and recycled. All metal, including paper clips and hanging file folders must be removed in advance; staples are permissible. Plastic also needs to be removed – comb bindings, transparencies, Polaroid pictures, Tyvek envelopes.  Anything that cannot be torn is not acceptable.

    UCIT OIS staff will remain present to ensure that all documents received are properly destroyed.

    For additional information please visit http://www.uc.edu/infosec/services/shredding.html


  • Apr
    26

    April 25, 2013 West Campus Shred Event Results

    Picture of UCIT OIS at April 25 Shred Event

    UCIT Office of Information Security (UCIT OIS) is pleased to announce the results from the first campus Shred Event of 2013, held Thursday, April 25, at McMicken Commons on West campus.

    Courtesy of sponsorship from Shred-Safe, UCIT OIS collected, securely shredded and recycled nearly 13,000 pounds (6.5 tons!) of documents received from 29 departments/colleges in only 4 hours at zero cost to the university.

    If you and/or your department or college were unable to participate in this first shred event, don’t worry. UCIT OIS is hosting another one on Thursday, May 16, from 9 a.m. until 1 p.m. on East Campus at the rear of Eden Garage in the Lot 13 parking lot.

    All personal and professional documents are accepted, but paper clips, hanging file folders and other metal/plastic must be removed from the documents in advance. (Staples are okay.)

    For additional information please visit the UCIT OIS website at http://www.uc.edu/infosec/services/shredding.html

  • Apr
    12

    MainStreet Stride 2013

    Picture of UCIT OIS at Mainstreet Pride 2013

    UCIT Office of Information Security (UCIT OIS) represented UCIT in the 2013 version of the annual parade.

  • Mar
    05

    Two shred events, coming right up!

    UCIT Office of Information Security (UCIT OIS) will be having two shred events this Spring. 

    • Main Campus, April 25th from 9 a.m. to 1 p.m.
    • East Campus, May 16th from 9 a.m. to 11:30 a.m.

    For more information, view the flyers here.

  • Jan
    25

    Follow us on Twitter!

    UC_OIS

    The UCIT Office of Information Security is now on Twitter!  Follow @UC_OIS for information security tips, fun facts, and alerts.


  • Jan
    24

    Welcome to the new UCIT Office of Information Security Site

    We have designed our website to be easier for you to find the information you need quickly. If you can't find something in the navigation, try the search box. And if you still can't find it, let us know so we can make improvements via email at infosec@uc.edu.

  • University of Cincinnati UCIT Office of Information Security
  • University Hall
  • 51 Goodman Drive
  • Cincinnati, OH 45221