January 24, 2013
January is Data Privacy Month! Highlighted in this special issue of the Tech Update are topics of interest regarding the security of your sensitive information, and how you can protect your identity, information, and privacy.
Table of Contents
AnyConnect VPN Update
On Tuesday, February 12, users connecting to the AnyConnect VPN will automatically have their client upgraded to the new version, 3.1. This update includes, among other improvements, a new interface and a change in the appearance of associated windows and the task bar icon.
If you would like to install this update earlier than February 12, you are encouraged to test it via your browser or standalone client by connecting to vpntest.drexel.edu (instead of vpn.drexel.edu).
Windows 8 users can begin using this new version right away, as it supports Microsoft’s new operating system.
Recommendations for Java Zero-Day Vulnerability
Hackers are actively exploiting the recent "zero-day" vulnerability in Web browsers that have Java 1.7 installed. Through this vulnerability, hackers can steal accounts and personal information. Many browsers are currently using this version of Java, so your computer could be at risk.
Although Oracle has released a patch intended to protect your computer from this exploit, the U.S. Computer Emergency Readiness Team (US-CERT), a division of the Department of Homeland Security, suggests disabling Java in all browsers.
Due to the needs of Drexel staff and administrators, many of whom utilize Banner services requiring Java 1.6, we have developed the following recommendations to minimize risk while allowing office operations to continue:
- If you do not use Banner, you should turn off Java in all of your Web browsers.
- If you use Banner, only run it from Internet Explorer with Java 1.6 installed, and only use Internet Explorer for internal Drexel sites. For sites outside of Drexel, use an alternate Web browser such as Firefox, Chrome, or Safari, and ensure that Java is turned off in those browsers.
- Blackboard Collaborate, Wimba, WebEQ, and the multiple file upload tool all rely on Java. If you are on a Mac using these applications in conjunction with a Drexel Learn course, you should upgrade to Java 1.7.11 (the patched version). PC users can use Java 1.6. Otherwise, Learn is unaffected by disabling Java.
- If you cannot disable Java due to a business need, you should patch it immediately by updating to Java 1.7.11. In addition, use a browser such as Chrome, which can and should be set to prompt you when a Web site wants to run Java. Unless you absolutely trust the site and understand why it needs Java, you should refuse to run it.
More information about this vulnerability is available on the Vulnerability Notes Database Web site and on ZDNet's Web site.
Beware of "Ransomware"
According to an article at CBS Local, scammers are inserting infected links into otherwise legitimate search engine results. These links install "ransomware" that demands money for a fake anti-virus program and freezes the computer until the user pays up. DO NOT pay them! If your computer is infected, first contact the IRT Help Desk at 215-895-2020 for advice. Read more on IRT's News page at http://www.drexel.edu/irt/News.
To avoid infection, don’t click on any links if:
- The URLs end in something other than .com, .net, .org, or .gov, (e.g., something like .cx or .tf). (To see where the links point to, hover over them with your mouse.)
- The descriptive text for the search results is garbled.
- Anything looks "off" about the links or descriptive text for the results.
Considerations for Departmental Computer Purchases
Are you a staff or faculty member looking for a cheap departmental computer? STOP right there.
Cheaper does not mean better when it comes to longevity, compatibility, and value. If you purchase computers for your department, and if some of your colleagues work with Enterprise software, don’t look at the consumer end of the vendors’ lines. Enterprise applications are not compatible with Windows 8, and some consumer models of PCs (e.g., Dell and HP) that now come pre-installed with Windows 8 do NOT support a downgrade to Windows 7. In addition, such home-use computers rarely stack up to models configured for business and academic processes. Many of these cheaper models come with only a one-year warranty instead of a three-year warranty.
Consumer models, despite the cheaper pricetag, are therefore not recommended for departmental purchases.
If you are looking to make a computer purchase for your department and would like advice about specifications and models, please contact IRT at email@example.com or 215-895-2020.
Data Privacy Day is January 28th
Begun in 2008, Data Privacy Day draws attention to the importance of privacy and data protection in an increasingly digital world. Held on January 28th, this annual U.S.-Canadian effort is led by the National Cyber Security Alliance, an organization focused on cyber security education for all online citizens. Learn more about what you can do and how to get involved at the National Security Alliance's Web site.
Sharing Too Much on Social Networks
Every day, users post a lot of seemingly innocuous information on social networking sites: where friends went to eat or on vacation, political views, complaints about work or personal relationships, or a friend’s favorite book, animal, or birthday.
Unfortunately, this information can be used against you by malicious individuals. These "cyberstalkers" can use the information to find out where you are, or when you're not at home. They can even use it to answer your security questions, reset your passwords, steal your identity, or tailor phishing scams specifically to you.
Additionally, data mining companies or organizations can buy and sell your information, or use it to target the ads you see not just on Facebook, but on other sites you browse. The "innocuous" information you posted is suddenly being used to lure you into more than you bargained for.
Many people assume that posting their information is safe—after all, it's only being shared with friends and family, right? However, social networking sites, especially Facebook, are always changing. Options you might not be aware of can be turned on by default, even though the site provider did not inform you adequately. It is therefore up to you, as the user, to check your privacy settings frequently AND be careful about what you post to prevent the misuse of your personal information.
Take a moment to review your privacy settings in any social networking site you frequent—not just Facebook, but sites such as MySpace, Foursquare, Classmates.com, LinkedIn, Google+, and others. Ensure that you are sharing information only with people you trust, or don’t share such information at all.
Cloud Storage, Privacy, and You
If you’re not familiar with cloud storage, here is a quick definition: cloud storage services such as DropBox, Google Drive, and Microsoft SkyDrive allow users to store and back up data files and folders on an off-site server. These services are great for sharing files, backing up data on a local drive, storing large files off-site to save on hard drive space, and accessing important files from any computer or device. There are two types of cloud storage services: private (on-site), and public (off-site).
For instance, did you know that some companies' privacy policies allow law enforcement to seize data on public cloud storage servers, and that the service provider does not need to inform the owner of the data? Other providers, such as Apple, can also delete data at its discretion if it finds stored data in "violation" of its terms of service—without informing the user.
More information about cloud storage and privacy can be found in Infosec Island’s article entitled "Can You Have Privacy on Public Cloud Storage?"
At Drexel, there are many ways to store your digital content in the cloud for easy, secure access anywhere and anytime. To find out more, attend the "Storing Files in the Cloud" workshop on January 31, from noon to 1 p.m. in Korman 116. Sign-up by emailing firstname.lastname@example.org.
Faculty and staff also have SharePoint My Sites as an additional option. My Sites is more than a business profile page; within My Sites is an area called "My Content." There, you can store and share lists and libraries that contain created and uploaded items. To learn more about My Sites, sign-up for one of our regular trainings.
Bb Vista Access Restricted as of January 31
As of January 31, 2013, users will no longer be able to access the Bb Vista system. Please make sure you log in before the end of the month to download any files you may need. If you need any content migrated to Drexel Learn, please fill out the migration request form. Contact the Instructional Technolgy Group at email@example.com or 215-895-1224 with any questions.
Copying Content from One Course to Another in Learn
To copy content from one course to another:
- Navigate to the course in Learn from which you would like to copy content (i.e., your fall or migrated course).
- Under Control Panel, click “Packages and Utilities,” then “Course Copy.”
- Under “Select Copy Options,” click the “Browse” button.
- Click the radio button next to the course you want to copy, then click “Submit” at the bottom of the screen. The target course will be selected.
- Click the “Select All” button and uncheck any content areas you don’t want to copy.
- If copying an “Assessments” folder, be sure that “Tests, Surveys, and Pools” is also checked.
- Under “File Attachments,” ensure that "Copy links and copies of the content (Include all Course Files)” is selected.
- To include unlinked files in the course Content Collection, uncheck the box to “Limit package to only files linked into the selected content areas.” See the article below for more information about this option.
- Click “Submit.” You will see a green confirmation bar and receive an email when the copy process has completed.
Note that if you are copying to a course that already has content, the new content will be added below the existing content (it will not be overwritten). The only exception is if a content area has a non-unique name, in which case copied items will be added to the existing content area beneath existing items.
A brief movie about the course copy process is available on Learn’s Web site.
Copying Course Content – a New Wrinkle
Following the most recent update to Learn, unlinked files in the Content Collection are no longer copied by default. The new option to "Limit package to only files linked into the selected content areas," (checked by default under "File Attachments" in step 5a of the above article), is useful if your Content Collection includes obsolete documents with links that are no longer relevant, or if you only need to copy over part of your course.
If you need to include obsolete documents and their links, uncheck this box on the "Copy Course" screen. You can also copy over files individually.
Instructors Can Now Add TAs, Co-Instructors, and Course Builders in Learn
A Building Block was recently installed in Learn that allows anyone enrolled as a course Instructor to add and remove users. Users can be added as Teaching Assistants, Instructors, or Course Builders.
To access the Building Block, click on "Course Tools" in the Control Panel, and then click the "Manage Users" link.
To add a user, click the "Add Users by Role" link. Use the Search bar at the top of the screen to look up a username, or type it directly into the "Username" box. Use commas to separate multiple usernames. Finally, select the role you would like to assign the user. When you click "Submit," the user will be added to the course with the selected role.
To remove a user, click on the "Remove Other Users by Role" link, select a role, and click "Submit." You will be shown a list of users you can remove. Select the checkbox next to the user's name, and then click "Submit" to remove them. (Note: In Google Chrome, you will need to click "Submit," click "OK" at the prompt, and then click "Submit" again.)
If you have many enrollments to process (especially in multiple courses), you can always send them to the Instructional Technolgy Group at firstname.lastname@example.org to have them processed in bulk. See our Web site at http://www.drexel.edu/irt/coursetools/toolList/learn/enrollta for more information about this option.
If you have any questions about the new Building Block, contact the Instructional Technolgy Group at email@example.com or 215-895-1224.
Turnitin Direct Now Available in Learn
The Turnitin Direct Building Block was recently installed in Drexel Learn. Turnitin Direct seamlessly integrates Turnitin's Originality Checking and GradeMark functionality into the Blackboard environment. Student papers submitted to Turnitin Direct are stored both in Blackboard and Turnitin.
To create a Turnitin Direct assignment, select "Turnitin Direct Assignment" from the Assessments menu on any content page in Learn. On the next screen, enter the assignment name, description, point value, and any additional settings as desired.
Although Turnitin Direct does not currently include PeerMark, there are plans to include it in the future. Instructors who wish to use PeerMark should select the regular "Turnitin Assignment" type from the Assessments menu.
Please note that Turnitin Direct assignments are only accessible via the content page on which they were created, and not via the "Turnitin Assignments" link under Course Tools (from which regular Turnitin assignments can be accessed).
If you have any questions about the new Turnitin Direct Building Block, contact the Instructional Technolgy Group at firstname.lastname@example.org. For more information about Turnitin Direct, including a list of differences between Turnitin Direct and Turnitin Basic (i.e., regular Turnitin), see Turnitin's Web site.
Sign Up for OLT Workshops
The Instructional Technolgy Group conducts training sessions on Learn, Camtasia, DragonDrop, Web basics, Mac OS X, Respondus, SharePoint, and more. In addition, several brown bag lunches and workshops on technology products of interest are held each month. These training sessions are open to members of Drexel’s community as well as the general public.
To reserve a spot at any of these workshops, email us at email@example.com with your name, institution (if other than Drexel), contact information, and the name of the workshop(s) you would like to attend.
Below is a sampling of workshops taking place in January and February:
Learn Basics Workshop
Monday, January 28, 9:00 a.m. – noon
Thursday, February 21, 9:00 a.m. – 11:00 a.m.
SharePoint My Sites
Wednesday, January 30, 3:00 p.m. – 4:00 p.m.
Storing Files in the Cloud
Thursday, January 31, noon – 1:00 p.m.
Introduction to Sitecore
Thursday, February 14, 2:30 p.m. – 4:00 p.m.
Visit our Web site for our complete training schedule and workshop descriptions. If you need a separate workshop for your department or faculty group on a specific topic, you can email the Instructional Technolgy Group to coordinate a session.
Unless otherwise noted, all training sessions will be held in room 116 of the Korman Center (off the Quad on Drexel's University City Campus, 33rd Street between Market and Chestnut Streets).