Updates at 4:15pm on Wednesday June 19, 2019

The departmental servers coxeter and sphere and the mail, web, share, and ptr servers will have software updates applied on Wednesday afternoon, June 19, 2019 which will require rebooting (most servers will be unavailable starting at 4:15pm).  Since some updates will be applied while the servers are still up there may be some temporary issues with some software.  We hope that any such issues will be minor and by doing most of the upgrading before bringing systems down the shorter downtime will be worth the potential minor problems.  Please restart any programs if you observe problems during the upgrades (and please let us know at requests@math.toronto.edu, so we can investigate).  We expect the systems to be back up by 5pm.

Serious Windows 7 Vulnerabilities

Microsoft has issued advisory which describes a serious Remote Desktop (RDP) vulnerability.  Attacks can occur with no passwords needed.

According to SANS:

Title: Microsoft patches 79 vulnerabilities, 22 critical
Description: Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 79 vulnerabilities, 22 of which are rated “critical,” 55 that are considered “important” and one “moderate.”

NOTE: Windows 7 is end of life in 7 months.  Please update to Windows 10 now.

Spear Phishing Warning and General Digital Security

MORE INSIDIOUS EMAIL PHISHING

In addition to the usual reports of both internal and external email/website phishing we are seeing a rise in “spear phishing” where an attempt is made to compromise a specific user using publicly-available information to appear to be a trusted entity. The end of this email describes such an attack initiated with a telephone call that happened recently in our department.

If you receive a suspicious email please feel free to report it to:

requests@math.toronto.edu

The University also has a reporting system centrally at:

report.phishing@utoronto.ca

Here are some tips to avoid a phishing attack:

http://main.its.utoronto.ca/news/10-tips-to-avoid-a-phishing-attack/

In general we all need to be careful with our digital security. Please see:

https://securitymatters.utoronto.ca/

for the University’s suggestions for various groups for security.

RECENT CASE REPORTED BY A FACULTY MEMBER

Someone finds an online poster for a future conference. They look up a speaker’s office phone number and email address. They call the speaker’s office, and tell them that they are booking the hotel for them for the conference (they know the conference location and dates). They ask the speaker to provide their credit card information to secure the room; they say that the credit card will not be charged, that this is just to secure the room. However, the organizers of conference confirmed they did not place the call to the speaker.

Updates at 3:45pm on Wednesday August 15, 2018

The departmental servers coxeter (sphere has already been updated), and the mail, web, share, and ptr servers will have software updates applied on Wednesday afternoon, August 15, 2018 which will require rebooting (most servers will be unavailable starting at 3:45pm).  Since some updates will be applied while the servers are still up there may be some temporary issues with some software.  We hope that any such issues will be minor and by doing most of the upgrading before bringing systems down the shorter downtime will be worth the potential minor problems.  Please restart any programs if you observe problems during the upgrades (and please let us know at requests@math.toronto.edu, so we can investigate).  We expect the systems to be back up by 4:30pm.

Updates at 4:15pm on Wednesday May 23, 2018

Because of the continuing Spectre branch prediction vulnerabilities in modern microprocessors yet another update of the departmental servers coxeter, sphere, and the mail, web, share, and ptr servers will be applied on Wednesday afternoon, May 23, 2018 which will require rebooting (most servers will be unavailable starting at 4:15pm). Since some updates will be applied while the servers are still up there may be some temporary issues with some software. We hope that any such issues will be minor and by doing most of the upgrading before bringing systems down the shorter downtime will be worth the potential minor problems. Please restart any programs if you observe problems during the upgrades (and please let us know at requests@math.toronto.edu, so we can investigate). We expect the systems to be back up by 5:00pm.

Useful information about phishing

The UofT securitymatters.utoronto.ca website has more information about phishing as well as general data/email security suggestions.  Please see what they have to say about phishing.