Very serious macOS bug in “High Sierra”, version 10.13.0 or 10.13.1

There is a very serious macOS bug which you should fix immediately.

See

https://www.macworld.co.uk/how-to/mac-software/how-stop-someone-getting-root-access-your-mac-3668317/

for step-by-step details.

 

Below is a message that was written for users in the Department of Cell & Systems Biology (thank you to Ryan MacDonald).

An extremely serious flaw in the latest version of Mac OS was publicized today. If you have a Mac running “High Sierra”, version 10.13.0 or 10.13.1, your computer is vulnerable. Please follow the steps below to protect your data.

“High Sierra” was released in September. Any new Mac purchased in the past two months has it. Previous versions of Mac OS, including “Sierra”, are not known to be affected. You can confirm which version you have by clicking the Apple menu / About This Mac.

Apple will certainly issue a patch in the next day or two, but until then we strongly recommend taking the following mitigating steps. This changes your machine’s root (master) password from blank to something you know. If you wish you can use the same as the password you use on your own account.

 

– Run the built-in Terminal app. It is in the Applications / Utilities folder, or search for Terminal using Spotlight.

– A terminal window will appear with a prompt, such as:
Somebody’s iMac:~ jonyappleseed$

– Into this window, type or paste:
sudo passwd root

– At the Password: prompt, enter your regular account password. No characters will be displayed as you type.

– Next you will be asked to enter a new password, and then to confirm it:
Changing password for root.
New password:
Retype new password:

– If this completes without error, you can close the Terminal program and relax. If it fails for any reason, repeat the steps. Note that the password you are creating won’t be needed to use the machine, it is only there to protect your computer from local and remote attack.

Over the next couple of days, check your computer’s App Store / Updates page for a proper fix from Apple.

 

Contact us if you have questions or need assistance with the steps above.

thanks

Office 365 Migration on Dec 6, 2017 at 5pm

The University is moving to a cloud-based Office 365 service due to the desire to decommission the UTORexchange and UTORmail email servers and to provide more modern communication and collaboration services.

This will not affect the departmental mail service (your email ending “@math.toronto.edu” or “@math.utoronto.ca“) which you can access with pine or Thunderbird (for example) or as always with a web browser at:

Webmail

The current schedule is for the migration of people with UTORexchange accounts in our department to start at 5pm on Wednesday December 6, 2017 and finish by 9am the following morning.  UTORmail users will be migrated at a future date.

Once migrated, users should use:

https://mail.utoronto.ca/

to access their “@utoronto.ca” email via webmail.

Please see:

http://office365.utoronto.ca/faq/

for general information about this move and what you should do before and after the migration (upgrading to Office 2016 if you have an earlier version will be the main task for most people).

http://help.ic.utoronto.ca/content/8/2048/en/utmail-for-faculty-librarians-and-staff.html

has information about accessing your “@utoronto.ca” email after the migration.

There is documentation about using Office 365 at:

http://office365.utoronto.ca/help/online-training/getting-started-with-office-365/

 

Bell Centrex system to be replaced by VoIP

The University is moving from the current Bell Centrex system for telephones to a new VoIP (Voice over IP; essentially using computer networks to replace telephone networks) system.  The change will provide enhanced communication features and significant cost savings.

The main University website for this changeover is VoIP at U of T.

Currently the Faculty of Arts and Science is in discussions about this changeover with the central people and the departments within the faculty.

More updates will be posted on this blog as the project progresses.

University Campus Agreement for Microsoft Software

The University has an agreement with Microsoft to provide software for equipment which is owned by the University of Toronto.  Please see:

https://microsoft.utoronto.ca/

for more information (you will need your UTORid and password to access that site).  Here is a paragraph from that page:

The Campus Agreement provides CORE CAL licenses, Microsoft Windows, Microsoft Forefront Endpoint protection (for Windows), System Center Endpoint Protection 2012 (Windows, Linux amd Mac) and Microsoft Office Professional for Windows or Macintosh for installation on University of Toronto owned equipment only.

For personally-owned machines, the website mentioned above has a link to the Home Use Program where you can purchase an inexpensive Microsoft Office Professional license if you wish.

Do not use Outlook to access departmental mail

We are investigating reported issues with Microsoft Outlook having problems handling mail from our IMAP server.  The issue can result in failures to update folders and even the deletion of some email.

Until the issue is resolved, please use a different email client (Thunderbird or Apple Mail or pine, for example) or our webmail client (SquirrelMail).  There is a second, unsupported, webmail client, roundcube, which some people prefer (especially on mobile devices).

sphere update on 2017oct11 was completed early; coxeter should be done by 4:45pm

sphere has already been updated.

coxeter will be updated starting at 4:15pm and should be back up by 4:45pm.

coxeter and sphere updates on Wednesday October 11, 2017

The departmental servers coxeter and sphere will have software updates applied on Wednesday afternoon, October 11, 2017 which will require rebooting (the servers will be unavailable starting at 4:15pm). Since some updates will be applied while the servers are still up there may be some temporary issues with some software. We hope that any such issues will be minor and by doing most of the upgrading before bringing systems down the shorter downtime will be worth the potential minor problems. Please restart any programs if you observe problems during the upgrades (and please let us know at requests@math.toronto.edu, so we can investigate). We expect the systems to be back up by 4:45pm.

UTSend service for transferring/sharing files

The University now has a UTSend service for sharing files between users.  This can be used to share files with users at UofT and also with outside users.

Important things to know:

  1. You should encrypt all files that you upload to this service, since links to access files are sent in plain text which could be intercepted.
  2. Files will be deleted after 14 days.  The files uploaded to this service are not backed up.

For more information see their help page.

We are planning to retire our share.math.toronto.edu server now that there is a University-supported service.

Useful information about phishing

The UofT securitymatters.utoronto.ca website has more information about phishing as well as general data/email security suggestions.  Please see what they have to say about phishing.

Email Fraud and Phishing

This is a reminder to be very careful to avoid email fraud, in particular phishing attacks.  These days spammers can target individuals much more easily and deliver emails which seem to come from trusted sources and may use your personal name (including nicknames).  They usually send you to a webpage that asks for passwords for email and/or bank accounts.

Please see the UofT webpage about this at Avoiding Email Fraud.

As usual, if you have any questions please send email to requests@math.toronto.edu.