Friday, October 17, 2014

Yosemite is here!

Yesterday Apple released OSX 10.10 Yosemite. We've tested the new OS with our IT systems and it all seems pretty good.

The main thing to be aware of is accessing your filestore. If you want to connect to a Peak District named server, e.g. Ladybower, Ogston, Redmires, you'll need to install a new 'fix' before following the instructions to connect. It only takes a couple of seconds to do and you can get it from our web pages. If you are connecting to STUDATA, STFDATA or UOSFSTORE you don't need the fix, just follow the instructions online.

For the fix or to find out how to connect to filestore go to: https://www.sheffield.ac.uk/cics/mac/novell

And for everything else Mac, visit: https://www.sheffield.ac.uk/cics/mac

Wednesday, October 15, 2014

Sand Poodle: the latest threats

If you follow technology news or even the BBC, you will have spotted that yet more security vulnerabilities have been announced. And that they come complete with branding.


So far this year we've had Heartbleed and Shellshock. Now we have Sandworm and Poodle.



SSL 3.0 vulnerability, aka “Poodle”


Poodle is a flaw in the Secure Sockets Layer version 3 (SSL 3) which sends and receives encrypted traffic over the internet. SSL 3 is a good 15 years old and was deprecated long ago. In reality current browsers and devices don't need SSL 3; the closest thing we've found is Internet Explorer 6.0 and I'm not sure anyone could argue that it's a current browser.


The likelihood of someone exploiting Poodle on our critical systems is low and we’ve taken steps to reduce it further still by disabling SSL 3.



Sandworm Windows vulnerability

Sandworm is just one of three zero-day vulnerabilities on Windows desktops and servers. It’s another that might sound worrying, but normal good practice will keep you safe.


  • If you're using the University Desktop there's nothing to worry about. We take care of your security updates for you. Just make sure you let them install when you turn your computer off.
  • If you are using a standalone Windows computer at work or at home, make sure you download and install any available updates. If possible it's always a good idea to have automatic updates turned on to help with this.
  • Any Windows servers managed by us will be patched as part of our normal processes.

As always, be really cautious when visiting new websites and opening emails. If you discover a webpage or email that you have any doubts about, then don't hesitate to get in touch with us.

Tuesday, October 7, 2014

Keeping safe in the crossfire: Shellshock and heartbleed

So far this year there have been two widely publicised vulnerabilities affecting a large number of web services.

In April the Heartbleed vulnerability was disclosed, affecting OpenSSL implementations used by many web services. In late September the Shellshock vulnerability was disclosed, this affected the Bash shell used by many Linux, Unix and Mac systems. Within hours of each vulnerability being announced they were actively being exploited.

Events like this highlight the importance of keeping the security of any computers you are responsible for up to date both here at the university and at home. And especially any machines running services visible to the web. You should be running a supported operating system and ensuring that you are up to date with security patches.

If you would like to speak to anyone about vulnerabilities, keeping your machine secure or alternatives to hosting systems yourself then please contact helpdesk@sheffield.ac.uk and they will direct you to the correct team.

Read our blog posts about the vulnerabilities:
OS X patch for Shellshock

IP Phone software update

On Thursday 9th October, we'll be updating the software on the IP phones around campus. You won’t be able to use your phone for a 5-10 minute period between 18:30 and 20:00 as your phone is updated. The whole update will be automated, and your phone will sign you back in after it has restarted. Just be sure to leave your phone plugged in.

Thursday, October 2, 2014

myCiCSnews Autumn 2014


CiCS is pleased to announce the publication of the Autumn edition of myCiCSnews.

This edition contains articles on 10 great features in MOLE that will engage students and enhance their learning experience, Sheffield on iTunes U, the Research Infrastructure Project and Integrated Research Information Systems, developments to Customer Relationship Management (CRM) and engagement with prospective students, the review of Student Systems, Management Information and Data Quality, Identity Management, Passwords, 4 things you can do in Google Groups to make your life easier, the Media Production Room exclusively set up for staff, and delivering excellent customer service in CiCS.

There is a link from the CiCS home page, or it can be accessed directly from the link below.



Wednesday, October 1, 2014

OS X patch for Shellshock

Just a quick update on the Bash vulnerability we mentioned in this post.

Apple have released Bash fixes for OS X Lion, Mountain Lion and Mavericks. The fixes are expected to be available from Software Update in the next day or so (it already appears to be available in the US) and standalone patches are also available if you don’t want to wait.

Apple are confident that the vast majority of users will not be affected by the vulnerability (see New York times blog post for more info); anyone who has fiddled with settings is the most at risk.

Standalone patches: Lion , Mountain Lion , and Mavericks.

Thursday, September 25, 2014

Bash vulnerability (aka Shellshock)

A new security vulnerability has been discovered in Bash. Known as the Bash Bug, or Shellshock bug, the flaw allows malicious network based attacks against *nix servers and potentially other Unix, Linux and Macintosh computers.


The scenarios in which this bug can be exploited are complex and not just limited to the use of bash from terminal. If you are responsible for any systems which may be affected by the bug, you must patch them as soon as the fix becomes available, if you’re not sure then please contact us.

This re-emphasises the need to ensure that all systems are patched promptly; you should have a process in place to make sure systems are kept up to date.  We will take care of the patching of server operating systems hosted on the CiCS VMWare estate, e.g. Ubuntu.


Vendors are now working to release patches that negate this vulnerability and they should be your first port of call if you require information about a particular OS. As yet Apple haven’t made a statement regarding OS X; we would expect any patch to be part of the normal automated updates.



Please feel free to contact us at helpdesk@sheffield.ac.uk if you’d like further information about this vulnerability, general good practice, hosting systems with CiCS or indeed any other security related matters.