dotCMS to upgrade in December 2011

The WebTeam

dotCMS will be upgraded December 12th through the 19th.

The plan is that the website will remain up and serving pages throughout the process. However, from the morning of Monday, December 12th until the morning of Monday, December 19th. There will be no editing allowed. (see Emergencies, below)

Forms will continue to work, gather data, and send email notification as usual. All data collected during the period between December 12 and 19 will be migrated to the new version of the website and will be available for reporting, etc.

Why an Upgrade?

Like all software, things move forward. The current version will no longer be supported in the near future. Also, there are many, under the cover, improvements that we believe will enhance the experience for both content providers and for the everyday visitors to our sites. Capabilities that we did not have previously will also become available in the area of customized development that will translate to modernized and extended capabilities that we can offer visitors to UA’s web sites.

What is changing?

All of the changes are in the back-end, visitors to our web sites will not notice any change.

Editors of websites will see a new interface for editing their pages, not a dramatic change but a better organization of the information and hopefully improved navigation throughout.

Training Available

Beginning January 1st 2012 all dotCMS training offered through Software Training Services will be conducted in the new version.

For current users, Software Training Services will provide a delta guide to help you see what has changed. While we believe that this guide will suffice for most current users, anyone who feels that they need more is welcome to attend the regularly scheduled training sessions available through Software Training Services

Emergencies

Please plan for the timing of this upgrade and have all your changes made PRIOR to Monday December 12th.

In case of a real emergency need, the WebTeam will be able to change content that is on the web. However, any changes made between December 13th and December 19th will NOT be preserved when the new version of the site becomes available on the 19th. Approved changes made during this period will have to be reproduced on the new site. The reproduction of this content will be the responsibility of the requesting college or department.

The Schedule

1. Day One: Monday December 12th

* Stop editing
* Send backups to dotCMS
* Run upgrade scripts

2. Day Two: Tuesday December 13th

* Scripts will run for up to 10 hours (it only took 8 hours in staging)
* Link new database with 1.9 installation
* Test login via LDAP
* Deploy all upgraded plugins (they need to be upgraded before the process starts)
* Start testing

3. Day Three: Wednesday December 14th

* Make changes to containers in all templates
* Check category permissions
* Check Host cms anonymous permissions
* Create CMS tabs for roles in dotCMS
* Manually fix recurrent events end date
* Apply all changes manually to VTL files

4. Day Four and Five: Thursday December 15th and Friday December 16th

* Test frontend
* Test all plugins
* Finish applying permissions

5. Day Six: Monday December 19th

* Go live
* Testing by all users and content providers.

Black Hats, The Man in the Middle and protecting yourself

Dirty Tricks and Larceny

An overview of why and how the Bad Guys do it, what it’s called, and what you can do to protect your computer. Re-Printed with permission from the SANS Institute OUCH security newsletter. SANS is widely considered the premier site for training and research in the area of online security.

Blackhats.
Hackers who use their skills for explicitly criminal or other malicious ends, such as writing malware (malicious software) to steal credit card numbers and banking data or by phishing; a.k.a. the Bad Guys.

Whitehats.
Hackers who use their skills for positive ends, and often for thwarting blackhats. Many whitehats are security professionals who spend their time identifying and fixing vulnerabilities in software that blackhats seek to exploit for criminal or other malicious purposes.

Man-in-the-middle.
An attack in which a criminal hacker intercepts information sent between your computer and the website of your financial institution and then uses that information to impersonate you in cyberspace. The hacker is able to defeat even very sophisticated security measures and gain access to your account.

Phishing.
The practice of sending out fake email messages that look as if they come from a trusted person or institution-usually a bank-in order to trick people into handing over confidential information. The emails often direct you to a website that looks like that of the real financial institution. But it is a fake and has been rigged to collect your personal information, such as passwords, credit card numbers and bank account numbers, and transmit them to the Bad Guys.

Botnet.
Botnets consist of large numbers of hijacked computers that are under the remote control of a criminal or a criminal organization. The hijacked computers-a.k.a. “zombies” or “bots” (short for “robots”) -are recruited using viruses spread by email or drive-by downloads. Worms are used to find and recruit additional computers. The biggest botnets consist of thousands and even millions of computers, most often unprotected home computers.

Virus.
A malicious program that usually requires some action on the part of a user in order to infect a computer; for example, opening an infected attachment or clicking on a link in a rigged email may trigger a virus to infect your computer.

Worm.
Self-replicating malware that, for instance, hunts down unprotected computers and recruits them for criminal or other malicious purposes. Unlike a virus, worms do not require any action on your part in order to infect your computer.

Fake Anti-Virus.
Fake anti-virus software purports to be a helpful program than can find and remove malware, but in fact it is malware–the very thing that it’s supposed to eliminate. After taking over your computer, it pretends to do security scans, tells you it has found malware, and then asks you to pay to have the non-existent malware removed. Whether or not you pay, fake anti-virus is likely to install more malware.

Drive-by Download.
A kind of malware that installs itself automatically when you visit a booby-trapped website. Symptoms of a drive-by download
include: your homepage has been changed, unwanted toolbars have been added, and unfamiliar bookmarks appear in your browser.

Anti-virus and anti-malware.
Helpful software applications that scan your computer for certain patterns of infection. The patterns they scan for are the signatures, or definitions, of known forms of malware. Since Bad Guys are creating new forms of malware continuously, it is important that you keep your anti-virus and anti-malware definitions updated. See the “Patches and Updates” section below.

Security suite.
A set of software applications designed to protect your computer that consists of anti-virus, anti-malware and a personal firewall.

Personal firewall.
Software that monitors incoming and outgoing traffic on your computer and checks for suspicious patterns indicating the presence of malware or other malicious activity. A personal firewall alerts you to these threats and attempts to block them. Like anti-virus and anti-malware software, personal firewalls require frequent updates to provide effective protection.

Updates.
Security software relies on frequent updates in order to be able to counteract previously undetected forms of malware. Consequently, your computer may suffer a “window of vulnerability” between the time a new form of malware is identified and the time when your security software can block it or remove the infection. Set your security software to update automatically.

Patches.
Operating systems, like Windows and OS X, and software applications, such as Internet Explorer and Firefox, may be found to contain security flaws or holes that make your computer vulnerable to attack. Their makers release patches to plug the holes. The fastest and surest way to get these installed quickly is to use auto-updating via the Internet. Some software applications require manual updating. See the “Patches and Updates” section below.

Black Tuesday a.k.a. Patch Tuesday.
On the second Tuesday of each month Microsoft releases security patches for Windows, Internet Explorer, Office and its other software products. You can have these installed automatically using Microsoft Update. See the “Patches and Updates”
section below.

Auto-updating.
A software tool built into Windows (“Microsoft Update”) and OS X (“Auto Update”) and many other applications which can download and install important security updates and patches for software installed on your computer automatically. See the “Patches and Updates”
section above.

Enjoy your computing experience by staying up to date and safe!
Should you have questions regarding products available through the University or questions regarding your PC use on the campus, contact the Support Desk at (330) 972-6888 or visit the Support Wiki

-The WebTeam

More information:
http://www.binaryfarm.com/jargon.html
http://besafe.more.net/sam/resources/jargon.pdf
http://ittraining.iu.edu/workshops/win_security/terminology.html

***********************************************************************

Patches and Updates Roundup

Operating Systems & Applications

Windows & PC Office: http://update.microsoft.com & http://www.microsoft.com/security/updates/bulletins/201010.aspx

Mac Office:
http://www.microsoft.com/mac/help.mspx?CTT=PageView&clr=99-0-0&ep=7&target=ffe35357-8f25-4df8-a0a3-c258526c64ea1033

OS X: http://support.apple.com/kb/HT1338

iPad: http://www.ehow.com/how_6256127_update-restore-apple-ipad.html

iPhone, iPod & iPod touch: http://support.apple.com/kb/HT1414

iPod: http://support.apple.com/kb/HT1483

Windows Adobe Reader:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
OS X Adobe Reader:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh

Flash Player: http://get.adobe.com/flashplayer/

Firefox: http://www.mozilla.com/en-US/firefox/update/

Safari: http://www.ehow.com/how_2033324_update-safari.html

Opera: http://www.opera.com/

Chrome: http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95414

Java: http://www.java.com/en/download/manual.jsp

Windows iTunes: http://www.ehow.com/how_2016273_update-itunes-pc.html
OSX iTunes: http://www.ehow.com/how_2016270_update-itunesmac.html

Security Suites

Symantec:
http://service1.symantec.com/SUPPORT/sharedtech.nsf/docid/2002021908382713

Norton:
http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=n95

McAfee: http://www.mcafee.com/apps/downloads/security_updates/dat.asp

Kaspersky: http://www.kaspersky.com/avupdates

AVG: http://free.avg.com/us-en/download-update

Panda: http://www.pandasecurity.com/homeusers/downloads/clients/

PC Tools:
http://www.downloadatoz.com/pc-tools-internet-security/smart-update.html

BitDefender:
http://www.bitdefender.com/site/view/Desktop-Products-Updates.html

Avast: http://www.avast.com/download-update

Webroot: http://support.webroot.com

Trend Micro:
http://esupport.trendmicro.com/Pages/How-to-update-Trend-Micro-Internet-Security-Pro-2010.aspx

Microsoft Security Essentials:
http://www.microsoft.com/security/portal/Definitions/HowToMSE.aspx

Safer Social Networking

The SANS Institute is widely considered the premier site for training and research in the area of online security. From time to time, we will reprint news from them when we think it will be of interest to our communities. We hope you’ll find this post, from their monthly OUCH! newsletter, of interest.

The WebTeam

OUCH!
July 2010
SANS Institute Security Newsletter for Computer Users
***********************************************************************
Get security advice online at http://www.sans.org/newsletters/ouch/updates/
Safer Social Networking
Patches and Updates Roundup
***********************************************************************
Safer Social Networking

[Editor’s Note (Wyman): The number of Facebook users has surpassed 400,000,000, dwarfing its sibling MySpace, and making it No. 1 of the Top Ten social networking sites worldwide with a 55% market share. (1) While the world has fallen in love with Facebook, its popularity is not without problematic consequences. For example, psychotherapists and Facebook users alike talk openly about being addicted to Facebook (2), and a recent study suggests that 21% of women ages 18-34 get up to check Facebook in the middle of the night (3).

Articles about Facebook tips and tricks are proliferating (4), as are lawsuits alleging, among other things, that Facebook’s operators misappropriate its users’ personal information for commercial purposes and change users’ security and privacy settings arbitrarily. German authorities are looking into Facebook’s practice of saving information about people who do not even use the site. (5) Facebook is illegal in China (6), has been outlawed for blasphemy in Pakistan (7), taken Africa by storm along with Colombia, Argentina, Venezuela, Mexico, and Chile (8), and recently opened an office in Moscow (9).

Any online organization with nearly half a billion members worldwide is bound to be the subject of curiosity, controversy and mythology, as well as a too-good-to-pass-up target for hackers, crackers, spammers and scammers. This month we offer some security tips for safer social networking with special attention to Facebook.]

Think about how you want to use social networking. Facebook is an all-purpose, come-as-you-are social medium. The community is gigantic, and anybody with an email address can join. It’s best to limit your use of Facebook to sharing news, photos, music, videos, etc. casually with friends and family. For business, consider using a service like LinkedIn that caters specifically to professionals.

Follow the Golden Rule. Assume that the personal information and photos you display are available to everyone and anyone, not just to your friends.

Do not display your full birth date. Listing a full birth date – month, day and year – makes you an easy target for identity thieves who can use it to obtain more of your personal information and potentially gain access to bank and credit card accounts. Choose to show only the month and day, or even better, no birthday at all.

To protect children from online predators, do not post a child’s name in a photo tag or caption. If someone else does, delete it if you can, or ask the member who owns the photo to remove the name.

Do not mention being away from home. Doing so is like putting a “Nobody’s Home” sign on your front door. Be vague about the dates of your travel plans and vacations.

Restrict searches for your information. Find out what your options are for restricting public searches. At a minimum, you should be able to prevent your information from being searched for by anyone other than your designated online friends.

Do not permit youngsters to use social networks unsupervised. Most sites limit membership to ages 13 and older, but children younger than that find ways to use them anyway. If there’s a young child or teenager in your household using Facebook, an adult in your household should become one of their online friends and use their email as the contact for the account in order to monitor their activities.

Think about whom you are allowing to become your online friend. Once you have accepted someone as your online friend, they will be able to access a lot of information about you, including photographs and other material you have marked as viewable by your friends. Find out if and how you can remove a friend in case you change your mind about someone or discover they aren’t who they claim to be.

Make sure you have an up-to-date web browser and comprehensive security software on your computer. This includes anti-virus, anti-spyware, anti-phishing, and a software firewall.

Adjust your privacy settings to help protect your identity. Facebook and some other social networking sites provide options to protect you online, but it’s up to you to understand what they do and how to use them, and to be aware that they change over time.

Set and review your privacy settings regularly. Familiarize yourself with the site’s current privacy policies. For example, with the latest changes in May 2010, Facebook forces some of your information (e.g., your name, profile picture, gender and the networks to which you belong) to be publicly accessible.

Make only a cut-down version of your profile visible to everyone. Reveal the rest of the information in your profile only to people you choose to have as online friends.

Disable options, and then add them in one by one. If you are using a social network just to keep in touch with people, consider turning off the bells and whistles you don’t need or use. Disable unfamiliar options until you understand what they do and have decided that you do need and want them.

Join groups and networks cautiously. Assume that all members of a group will be able to see all of your information unless and until you restrict access to it deliberately.

Understand what happens when you quit the site. It’s usually easy to deactivate your account, but some sites, like Facebook, will retain all your information including pictures, friends, etc. even if you do. Find out how you can delete all of your information. You may have to request that the operators of the site delete it for you. When quitting Facebook, you must submit a deletion request, and that, too, comes with some gotcha’s.

* There will be a delay of unspecified length between submitting your delete request and the actual deletion.
* If you login to Facebook after submitting your request, your deletion request will be cancelled automatically.
* There’s no easy way to confirm that your deletion request has been completed.
* Even after deletion, copies of your photos may remain on Facebook servers for technical reasons.

More information: http://www.takesontech.com/?p=16952
http://www.facebook.com/security?v=app_7146470109
http://www.sophos.com/security/best-practice/facebook/
http://www.makeuseof.com/tag/the-complete-guide-to-facebook-privacy/
http://learn.linkedin.com/what-is-linkedin/

Notes: (1) http://www.marketingcharts.com/categories/social-networks-and-forums/
(2) http://www.cnn.com/2009/HEALTH/04/23/ep.facebook.addict/index.html
http://newsfeed.time.com/2010/07/08/its-time-to-confront-your-facebook-addiction/
http://blog.guruofnew.com/featured-home/seven-signs-you-may-be-ready-for-a-social-media-detox
(3) http://mashable.com/2010/07/07/oxygen-facebook-study/
(4) http://www.hongkiat.com/blog/20-facebook-tipstricks-you-might-not-know/
(5) http://www.mediapost.com/publications/?fa=Articles.showArticle&art_aid=116330
http://www.betanews.com/article/Class-action-suit-in-Canada-only-the-latest-of-Facebooks-woes/1278621631
(6) http://www.utilitycomputing.com.cn/china/facebook-blocked-in-china
(7) http://www.asianews.it/news-en/Facebook-blocked-by-blasphemy-regulations-18452.html
(8) http://www.rnw.nl/africa/article/facebook-taking-africa-storm
http://www.examiner.com/x-30835-South-America-Headlines-Examiner~y2010m3d22-Facebook-increase-productivity-and-popularity-in-Latin-America
(9) http://en.rian.ru/world/20100409/158494575.html

New Site Designs

Websites get old and when they get old they get tangled and gnarly. In the past, the solution to this dilemma often was to put up pretty new pictures and change all of the navigation on the site. This would work for a while until the site visitors began to realize that they still couldn’t get to / find what they needed and the shine quickly wore off.

Today, we want to consider what we are changing and why. Who are we trying to reach with our site? How will the experience of the visitor improve? The answers to these questions are about the site architecture, how the site is organized and the content of the pages and not so much about the look and feel.

Beginning in May of 2007 the University engaged a nationally known, educationally focused consulting firm, Dotmarketing. In the ensuing time span we have worked with Dotmarketing to dissect every piece of the current University site at www.uakron.edu. The site at www.uakron.edu is better known as our homepage and comprises our forward looking face. In other words, the primary audience for this site are visitors who are, generally, from outside the University community; prospective students and their parents, corporate and university researchers, potential employees, the press, etc.

Today, the fruit of that labor is ready to show as we have New Web Page Designs, layered over a much improved architecture available to view and a Design Feedback Survey so you can tell us what you think.

Passwords at the University of Akron

UA Logo

Password policy at the University has changed. There are many good reasons this is being done, but, the most important is to protect your data from people who would steal it.

Passwords now expire
Back in the day, if you were particularly daring, you could get through your entire college career without changing your UANet password. No more.

Beginning June 1st of this year, passwords expire every 180 days. An email will be sent to remind you to reset your password as the 180-day expiration
period draws near.

To change your password, go to https://gozips.uakron.edu/zid/app/, login with your
UAnet ID and current password. Select the “Password” tab and click on “Change the
password of my UAnet ID.”

Make a strong password
The basic rules for you new UANet password are:

  • Minimum of 8 characters consisting of at least one letter and one number.
  • Mixed case (upper and lower) and special characters ($ # (& * @, etc.) are acceptable, but not required.
  • NO Spaces.

There are many sites out there that can help with strong password creation like:

Strong passwords: How to create and use them
Password strength – Wikipedia
The Strong Password Dilemma – from the Center for Password Sanity