ITS will be pushing out the patch to all CUNET workstations starting today, Friday, May 2^nd. We ask that you install this patch and reboot as soon as you are notified the patch is available on your workstation.

Although support for Windows XP has been discontinued, due to the severity of the issue Microsoft has released a patch for Windows XP. ITS strongly recommends that all Windows XP users download and install this patch, as well.

Please contact the ITS Service Desk at 520-3700 or its.service.desk@carleton.ca if you have any questions regarding this statement.

Once the vulnerability was disclosed a fix was issued.  ITS is currently implementing the fix to our servers and we believe that our exposure to this vulnerability has been very limited.

For peace of mind, you may wish to  after 6 am Friday morning once the fix is complete.

If you have any questions, please contact the ITS Service Desk at 520-3700.

If you have already clicked on the link or responded to this email, please ����������徱���ٱ����.

How can you tell if an email is a phishing attempt?

• It asks you for your password or directs you to a web form asking for your password
• The subject line is in all caps
• There is a call for immediate action – “download this now” or “confirm you email identity now” or “click on the link below”
• There are spelling or grammatical errors in the email

How you can reduce Spam?

• Do not open an email that looks like Spam.
• Just delete it. Simply opening the message can send a read receipt message back to the spammer confirming that your e-mail account is active.

Do not reply to a Spam message.

Spammers will regard this as a ‘hit’ and your e-mail account will be confirmed as active.

Do not make your e-mail address available on web pages.

Use an alternate e-mail address when using Usenet newsgroups. Spammers use harvesting software that surfs the Internet to glean e-mail addresses from web sites and newsgroups. An alternate e-mail address will protect your �Ӱ�ԭ�� e-mail address and help reduce the amount of spam received at �Ӱ�ԭ��. Free e-mail services are readily available from many sources.

Guard your e-mail address carefully.

Do not give your e-mail address to web sites unless you are sure what they are going to do with it. Read any terms of use and privacy statements. Many greeting card and joke-of-the-day websites gather e-mail addresses for spam use. Never subscribe your friends to a web site as you may be giving their address to a spammer.

To protect yourself from computer viruses:

1. Keep your system up to date.
2. Install an antivirus program on your computer and install any recommended updates.
3. Back up your files to your departmental ( W: ) or personal (P: ) drives.  The network drives are backed up and if a document is compromised, it can be restored.

If you believe your workstation has been infected with a Ransomware virus, or any virus, contact the ITS Service Desk at extension 3700.

If you have already clicked on the link or responded to this email, please immediately.

How can you tell if an email is a phishing attempt?

• It asks you for your password or directs you to a webform asking for your password
• The subject line is in all caps
• There is a call for immediate action – “download this now” or “confirm you email identity now” or “click on the link below”
• There are spelling or grammatical errors in the email

How you can reduce Spam?

• Do not open an email that looks like Spam.
• Just delete it. Simply opening the message can send a read receipt message back to the spammer confirming that your e-mail account is active.

Do not reply to a Spam message.

Spammers will regard this as a ‘hit’ and your e-mail account will be confirmed as active.

Do not make your e-mail address available on web pages.

Use an alternate e-mail address when using Usenet newsgroups. Spammers use harvesting software that surfs the Internet to glean e-mail addresses from web sites and newsgroups. An alternate e-mail address will protect your �Ӱ�ԭ�� e-mail address and help reduce the amount of spam received at �Ӱ�ԭ��. Free e-mail services are readily available from many sources.

Guard your e-mail address carefully.

Do not give your e-mail address to web sites unless you are sure what they are going to do with it. Read any terms of use and privacy statements. Many greeting card and joke-of-the-day websites gather e-mail addresses for spam use. Never subscribe your friends to a web site as you may be giving their address to a spammer.

Portable Storage Devices (PSDs) are small, portable devices capable of storing and transferring data. They include USB/Flash drives, smart phones, iPods, and portable hard drives.

The portability of data in the digital age is convenient, however, these small media types are often not protected appropriately. If the PSD is lost or left unattended, the data on the device is at risk.

To mitigate the risk associated with using PSDs, Information Technology Services (ITS) strongly encourages that data be stored and shared on network drives. ITS does not prohibit the use of PSDs on workstations; however, if you must use a PSD:

• Store the device in a safe place.
• Delete all data off the device before you dispose of it.
• Use only one USB drive to avoid misplacement.
• If you must store sensitive data on a drive, use a secure USB drive.

If you do experience a theft of a portable storage device containing sensitive material, please contact the Department of University Safety or ITS as soon as possible.

 Thank you for your patience.

If you have already opened this attachment or responded to this email, please contact the ITS Service Desk immediately.

How can you tell if an email is a phishing attempt or contains a virus?

The subject line is in all caps

There is a call for immediate action – “download this now” or “confirm you email identity now” or “click on the link below” or “open an attachment”

There are spelling or grammatical errors in the email

How you can reduce Spam?

Do not open an email that looks like Spam.

Just delete it. Simply opening the message can send a read receipt message back to the spammer confirming that your e-mail account is active.

Do not reply to a Spam message.

Spammers will regard this as a ‘hit’ and your e-mail account will be confirmed as active.

Do not make your e-mail address available on web pages.

Use an alternate e-mail address when using Usenet newsgroups. Spammers use harvesting software that surfs the Internet to glean e-mail addresses from web sites and newsgroups. An alternate e-mail address will protect your �Ӱ�ԭ�� e-mail address and help reduce the amount of spam received at �Ӱ�ԭ��. Free e-mail services are readily available from many sources.

Guard your e-mail address carefully.

Do not give your e-mail address to web sites unless you are sure what they are going to do with it. Read any terms of use and privacy statements. Many greeting card and joke-of-the-day websites gather e-mail addresses for spam use. Never subscribe your friends to a web site as you may be giving their address to a spammer.

After August 1st, if you wish to access your workstation from off campus, please use the service.

VPN software provides a secure, encrypted channel from your home to the campus and allows you to access resources that are restricted to on-campus use (for example, network drives).  VPN software is available for MS Windows, Apple OSX and Linux.

RDP Blocking for Increased Security
At ITS it is our mandate to protect computers and campus users against hackers and computer viruses.  We do so by blocking access to vulnerable services, databases, known virus ports and Microsoft Windows ports.

By blocking RDP at our internet border, we are providing further protection against brute force password attacks, denial of service, man-in-the-middle and keylogging viruses.  This combination of blocking RDP and using a VPN eliminates most off-campus threats to workstations.

If you have any questions regarding RDP and the VPN service, please contact the Service Desk.