Dispatches From The Geeks

News and Announcements from the MCS Systems Group

Author Archive

Cyber Security Alert: Android Devices

Please see the below announcement from ANL Cybersecurity. As noted, it’s recommended you disable automatic MMS retrieval on your device if you use Android. Depending on your MMS application, the instructions for doing this may vary. I’ve included instructions for two Google messaging apps. Check the settings in your SMS/MMS app if it’s not one of these.

For “Messenger” from Google (https://play.google.com/store/apps/details?id=com.google.android.apps.messaging&hl=en): Click the “overflow menu” (three dots, top right corner), choose “Settings”, choose “Advanced”. Under “MMS” uncheck “Auto-retrieve”.

For “Hangouts” from Google (https://play.google.com/store/apps/details?id=com.google.android.talk&hl=en): Click the “Hamburger menu” (three horizontal lines, top left corner), choose “Settings”, choose “SMS”. If SMS is enabled, scroll to Advanced and uncheck “Auto retrieve MMS”.


Dear IT Admins:

A vulnerability has been discovered that can affect Android versions 2.2 through 5.1, about 95% of all Android devices in use. It is located within the Stagefright media library, which is used to render Multimedia Message Service (MMS) content, such as images or videos. By default, most Android devices automatically retrieve MMS messages. Thus, an attacker can perform malicious acts (enable microphone, copy files, turn on camera, etc.) without any action on the part of the recipient. This vulnerability can also be exploited through other means, such as visiting malicious websites.

Google has created patches to address this vulnerability, and most Android devices receive updates through phone manufacturers and cell service providers (Samsung, HTC, ATT, T-Mobile, etc.). When this security patch becomes available, please update your devices. In the meantime, you can reduce your exposure to this vulnerability by disabling auto-retrieval of MMS messages.

The Cyber Security Program Office recommends that all Laboratory employees take steps to protect the data on their mobile devices by practicing safe computing:
· Require a PIN to gain access to the device.
· Enable automatic updates to receive timely software patches.
· Install software from reputable sources.
· Be cautious of strange text and e-mail messages.

If you have any question about Stagefight or best mobile devices security practices, please contact the Cyber Security Program Office at cyber@anl.gov or ext. 2-3456.

Written by Craig Stacey

July 30, 2015 at 2:45 pm

Posted in Uncategorized

CELS Wired networking outage resolved

The previously announced networking issue has been resolved for the time being, however, we do not yet have a root cause. We don’t expect another outage at the moment, but we’re keeping an eye on things in case they go down again.

Written by Craig Stacey

July 29, 2015 at 3:05 pm

Posted in Uncategorized

Networking to CELS wired hosts seems to be down at the moment. Investigating.

Written by Craig Stacey

July 29, 2015 at 2:47 pm

Posted in Uncategorized

RDP maintenance is complete, however another maintenance window will be scheduled later this week.

Written by Craig Stacey

July 22, 2015 at 2:40 pm

Posted in Uncategorized

RDP maintenance taking longer than expected. New estimate is 2PM.

Written by Craig Stacey

July 22, 2015 at 12:59 pm

Posted in Uncategorized

xjira.mcs.anl.gov is now jira.cels.anl.gov

As part of us trying to make our hostnames make a little more sense, we’ve moved Jira from xjira.mcs.anl.gov to jira.cels.anl.gov (this aligns with the collab.cels.anl.gov). The old URL should redirect seamlessly. If you notice any issues, please report them to help@cels.anl.gov.

Thanks!

Written by Craig Stacey

June 29, 2015 at 5:58 pm

Posted in Uncategorized

2016 CIS Maintenace Weekends Schedule Proposal

CIS is proposing the following dates for maintenance weekends. These weekends can typically involve some amount of unavailability for lab systems, including e-mail, networking, etc. They do not typically affect MCS/CELS systems, but they can if the outage is related to networking.

At the moment, the following weekends are proposed. If you know of some critical work you have happening on those dates that would be adversely affected, let me know by July 2.

Proposed Dates:
November 6-8, 2015
January 15-17, 2016 (APS Maintenance period)
May 13-15, 2016 Network Maintenance (APS Maintenance period)
August 26-28, 2016

Thanks!

Written by Craig Stacey

June 17, 2015 at 2:51 pm

Posted in Uncategorized

Phishing e-mail

We’ve been getting multiple reports of a phishing mail that came in last night with a subject of "Suspension Alert!". It’s obviously bogus, but best to just let everyone know not to click the "CLICK HERE" link. Your account isn’t going to be suspended. :)

Thanks to all who reported it.

Written by Craig Stacey

June 5, 2015 at 9:09 am

Posted in Uncategorized

Power work generally complete

Consider this a "mostly all clear" message. The work was completed, and we’ve got most systems up and running. There are a handful of systems giving us trouble at the moment (including some that didn’t go down during the outage, but started acting up when things came back), and we’re working on them.

Those of you who sit in 240 may need to reboot your linux desktop in the morning. If things aren’t working as expected, that’s your first step.

Keep an eye on @mcssys on Twitter (http://twitter.com/mcssys) for specific updates as we bring back the straggler services. Also, stand by for announcements relating to specific larger systems – they are not back yet. This announcement only pertains to the general computing environment in CELS/MCS.

Please report any issues to help@cels.anl.gov. Thanks.

Written by Craig Stacey

June 1, 2015 at 5:02 pm

Posted in Uncategorized

Power Outage work has begun

I will send an all-clear when things are back to normal. Updates will be posted to our blog (https://mcssys.wordpress.com) and twitter (@mcssys). Thanks!

Written by Craig Stacey

June 1, 2015 at 6:18 am

Posted in Uncategorized

Follow

Get every new post delivered to your Inbox.

Join 55 other followers