Archive for the ‘Uncategorized’ Category
Please see the below announcement from ANL Cybersecurity. As noted, it’s recommended you disable automatic MMS retrieval on your device if you use Android. Depending on your MMS application, the instructions for doing this may vary. I’ve included instructions for two Google messaging apps. Check the settings in your SMS/MMS app if it’s not one of these.
For “Messenger” from Google (https://play.google.com/store/apps/details?id=com.google.android.apps.messaging&hl=en): Click the “overflow menu” (three dots, top right corner), choose “Settings”, choose “Advanced”. Under “MMS” uncheck “Auto-retrieve”.
For “Hangouts” from Google (https://play.google.com/store/apps/details?id=com.google.android.talk&hl=en): Click the “Hamburger menu” (three horizontal lines, top left corner), choose “Settings”, choose “SMS”. If SMS is enabled, scroll to Advanced and uncheck “Auto retrieve MMS”.
Dear IT Admins:
A vulnerability has been discovered that can affect Android versions 2.2 through 5.1, about 95% of all Android devices in use. It is located within the Stagefright media library, which is used to render Multimedia Message Service (MMS) content, such as images or videos. By default, most Android devices automatically retrieve MMS messages. Thus, an attacker can perform malicious acts (enable microphone, copy files, turn on camera, etc.) without any action on the part of the recipient. This vulnerability can also be exploited through other means, such as visiting malicious websites.
Google has created patches to address this vulnerability, and most Android devices receive updates through phone manufacturers and cell service providers (Samsung, HTC, ATT, T-Mobile, etc.). When this security patch becomes available, please update your devices. In the meantime, you can reduce your exposure to this vulnerability by disabling auto-retrieval of MMS messages.
The Cyber Security Program Office recommends that all Laboratory employees take steps to protect the data on their mobile devices by practicing safe computing:
· Require a PIN to gain access to the device.
· Enable automatic updates to receive timely software patches.
· Install software from reputable sources.
· Be cautious of strange text and e-mail messages.
If you have any question about Stagefight or best mobile devices security practices, please contact the Cyber Security Program Office at email@example.com or ext. 2-3456.
The previously announced networking issue has been resolved for the time being, however, we do not yet have a root cause. We don’t expect another outage at the moment, but we’re keeping an eye on things in case they go down again.
As part of us trying to make our hostnames make a little more sense, we’ve moved Jira from xjira.mcs.anl.gov to jira.cels.anl.gov (this aligns with the collab.cels.anl.gov). The old URL should redirect seamlessly. If you notice any issues, please report them to firstname.lastname@example.org.
CIS is proposing the following dates for maintenance weekends. These weekends can typically involve some amount of unavailability for lab systems, including e-mail, networking, etc. They do not typically affect MCS/CELS systems, but they can if the outage is related to networking.
At the moment, the following weekends are proposed. If you know of some critical work you have happening on those dates that would be adversely affected, let me know by July 2.
November 6-8, 2015
January 15-17, 2016 (APS Maintenance period)
May 13-15, 2016 Network Maintenance (APS Maintenance period)
August 26-28, 2016
We’ve been getting multiple reports of a phishing mail that came in last night with a subject of "Suspension Alert!". It’s obviously bogus, but best to just let everyone know not to click the "CLICK HERE" link. Your account isn’t going to be suspended. :)
Thanks to all who reported it.
Consider this a "mostly all clear" message. The work was completed, and we’ve got most systems up and running. There are a handful of systems giving us trouble at the moment (including some that didn’t go down during the outage, but started acting up when things came back), and we’re working on them.
Those of you who sit in 240 may need to reboot your linux desktop in the morning. If things aren’t working as expected, that’s your first step.
Keep an eye on @mcssys on Twitter (http://twitter.com/mcssys) for specific updates as we bring back the straggler services. Also, stand by for announcements relating to specific larger systems – they are not back yet. This announcement only pertains to the general computing environment in CELS/MCS.
Please report any issues to email@example.com. Thanks.