Microsoft has announced that they are increasing the URL path length restriction from 256 units to 400. The new limit section will apply to the total length of the URL path. This includes all SharePoint Online and OneDrive for Business URLS. In addition, Microsoft is now supporting # and % characters in the file and folder names. This will allow you to more effectively organize your files. In the past, you would receive an error if you used those characters in folder or file names.

To understand this limitation, it is important to also understand what comprises a URL. There are four parts to URLS.

Protocol: http:// or https://
Server name: pitt.sharepoint.com
Folder or file path: Manager Files/New Projects/May 2015
File Name: Projections for 2016 Fiscal Year.xlsx

Secure your home computer to help protect yourself, your family, and our organization!

secure-your-home-network

Get ahead this fall and follow this Digital Spring Cleaning Checklist!!

digital-spring-cleaning-checklist

Take this quiz, Workplace Security Risk Calculator,  to find out if you activities while at work are risky and what you can be doing on the front lines to protect our organization!

top5scamsrnd3

Welcome to FIS’s 5 days of Cyber Security! October is national cyber security month. This is an initiative to help keep our online community safer and all citizens more informed. Over the next 5 days, we will highlight everything from types of scams to a checklist to complete cyber spring cleaning. Follow along with all of our information, videos, and quizzes! We are going to start with basic tips and advice to be safe online. Be sure to watch the YouTube video to gather 3 easy tips to stay safe on the go.


basictipsandadvice_page_1

The FBI and Apple are currently locked in a legal battle surrounding the iPhone left behind by one of the San Bernardino mass shooting suspects, Syed Farook. Stay informed with FIS on the timeline, details, and stakes in the world of cybersecurity in this pivotal case.


Browse the Article

Introduction
What Is a Backdoor?
What is the All Writs Act of 1789?
Who Else Has Weighed in on the Issue?
What Might This Mean for Smartphone Users?
Update: iPhone Unlocked without Assistance from Apple


Introduction

The case from which the below letters stem, the San Bernardino shooting in December of 2015, has led Apple and the FBI into an intense legal battle concerning the FBI’s demand that Apple build a “backdoor” into Syed Farook’s iPhone, which was upheld by a federal judge. The phone, according to the FBI, could contain information related to the San Bernardino attack and Farook’s wife, Tafsheen Malik’s pledge to ISIS on Facebook.

On February 16th, Apple CEO Tim Cook posted the following letter on the Apple website stating,

“The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand. This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake. … While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.”

Click on the letter below to read more.

On February 21st, FBI Director James Comey posted the following letter on The Lawfare Blog, a blog dedicated to “…that nebulous zone in which actions taken or contemplated to protect the nation interact with the nation’s laws and legal institutions.” The Lawfare Blog is published by the Lawfare Instritue in cooperation with the Brookings Institute.

James Comey writes,

We simply want the chance, with a search warrant, to try to guess the terrorist’s passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That’s it. We don’t want to break anyone’s encryption or set a master key loose on the land.”

Click on the letter below to read more.

 


What Is a Backdoor?

Kim Zetter at Wired penned the article Hacker Lexicon: What Is a Backdoor? in December 2014. The quote that follows is a summary of the article that was posted within it:

TL;DR:

A backdoor in software or a computer system is generally an undocumented portal that allows an administrator to enter the system to troubleshoot or do upkeep. But it also refers to a secret portal that hackers and intelligence agencies use to gain illicit access.

In the case of the iPhone, the FBI is requesting that Apple build software that disables the feature that wipes all data from the iPhone after too many incorrect password attempts. In this case, the backdoor that the FBI is requesting falls under the latter half of Zetter’s definition: “A secret portal that hackers and intelligence agencies use to gain illicit access.”

Apple is arguing that in making such a backdoor would compromise the security of all of Apple’s devices, if not more. Tim Cook, Apple CEO states:

The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

Conversely, James Comey, Director of the FBI, states:

We simply want the chance, with a search warrant, to try to guess the terrorist’s passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That’s it. We don’t want to break anyone’s encryption or set a master key loose on the land.

Thus, one could summarize the FBI vs. Apple legal battle as such: Apple feels the FBI’s request compromises their commitment to encryption and could create a gap in security wide enough to be applicable across devices and accessible to hackers with malicious intent, compromising the personal data (such as photos, financial data, and passwords) of their customers. The FBI states that their intention is to enter one phone, Syed Farook’s, with the hopes of reaching a conclusion regarding the presence of information on the phone that could shed light on the attack and potentially lead to more terrorists, and specifically, members of the group ISIS.


What is the All Writs Act of 1789?

The All Writs Acts of 1789, which was invoked by the federal judge upholding the FBI’s request that Apple build a backdoor into the iPhone, is summarized according to Laura Sydell of NPR thusly:

That law, the All Writs Act, is all of two sentences in length. It gives judges the authority to issue any order necessary — within the law — to further litigation before the court. The relative clause says:

“The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”

A “writ” is defined by Merriam-Webster as “an order or mandatory process in writing issued in the name of the sovereign or of a court or judicial officer commanding the person to whom it is directed to perform or refrain from performing an act specified therein .” Its origin is Middle English, from Old English, with its first known use dating to before the 12th century.

The All Writs Act has been previously used in legal cases involving phones in 1977, in a case involving the FBI and the New York Telephone Company. In this case, the Supreme Court ruled in favor of the FBI, requiring the New York Telephone Company to install a “pen register,” a device that records calls to and from specific phone numbers, in this case, two numbers that were suspected in an illegal gambling case.


Who Else Has Weighed in on The Issue?

Bill Gates

In an interview with Financial Times, Bill Gates, founder of Microsoft, has stated,

“This is a specific case where the government is asking for access to information. They’re not asking for some general thing, they’re asking for a particular case…Apple has access to the information, they’re just refusing to provide the access, and the courts will tell them whether to provide the access or not.”

However, in a later interview with Bloomberg, Gates stated that he was “disappointed” with headline that stated he sided with the FBI in the case but that he does “…believe that with the right safeguards there are cases where the government, on our behalf — like stopping terrorism, which could get worse in the future — that that is valuable” and that “These issues will be decided in Congress.”

Microsoft

Microsoft as a company began their involvement in the FBI vs. Apple legal battle by offering only mild support to Apple, stating on February 18th:

Reform Government Surveillance companies believe it is extremely important to deter terrorists and criminals and to help law enforcement by processing legal orders for information in order to keep us all safe. But technology companies should not be required to build backdoors to the technologies that keep their users’ information secure. RGS companies remain committed to providing law enforcement with the help it needs while protecting the security of their customers and their customers’ information.”

As of February 25th, however, according to Chris Welch at The Verge:

Microsoft president and chief legal officer Brad Smith has announced, “We at Microsoft support Apple and will be filing an amicus brief next week.” An amicus brief is a “friend of the court” filing that allows parties not directly involved in the case to weigh in.

Mark Zuckerberg and Facebook

Facebook CEO Mark Zuckerberg issued this formal statement regarding the FBI and Apple’s current case:

“We condemn terrorism and have total solidarity with victims of terror. Those who seek to praise, promote, or plan terrorist acts have no place on our services. We also appreciate the difficult and essential work of law enforcement to keep people safe. When we receive lawful requests from these authorities we comply. However, we will continue to fight aggressively against requirements for companies to weaken the security of their systems. These demands would create a chilling precedent and obstruct companies’ efforts to secure their products.”

Edward Snowden

Former NSA contractor and current director at Freedom of the Press tweeted:

Google CEO Sundar Pichai and Twitter CEO Jack Dorsey


What Might This Mean for Smartphone Users?

Some parties, such as Edward Snowden, given his statement above and others on Twitter, suggest that the real goal of the FBI is to expand surveillance on phones and online correspondence, using the rhetoric of stopping terrorism and terrorists to achieve this goal.

Additionally, the use of the All Writs Acts is under scrutiny for its age, with opponents questioning whether a law in created in 1789 can apply to the iPhone and cybersecurity. Pundits also suggest that if the FBI succeeds in requiring Apple to construct the backdoor at the federal or Supreme Court level, then other world powers’ governments could do the same, at the advantage or expense of citizens.

Finally, while it can be argued that common people do not have much control in the actual legal proceedings between the FBI and Apple, it can be argued that Apple stands to lose thousands of customers if the FBI succeeds in their case against Apple. In a democratic system such as the United States, the people do have some level of social power in the form of free speech and the rights to assemble and support or protest either Apple or the FBI. It is important to consider government dialogue as well as multinational business goals when considering whether or not to support a specific side of the argument: Apple and their supporters or the FBI and their supporters. At the same, it’s important to stay mindful of your rights and responsibilities as a consumer and citizen of the American political and technological worlds.


Update: iPhone Unlocked without Assistance from Apple

In a statement from the Justice Department on Monday, March 28th, the FBI has dropped their case against Apple seeking to unlock the final remaining iPhone in the San Bernardino mass-shooting. The decision to drop the case seems to be linked with U.S. law enforcement’s claim that the iPhone has been unlocked without assistance from Apple, but with help from an undisclosed company outside of the FBI.

If the iPhone has been unlocked, some are now worried about the overall security of the iPhone and are interested in learning the process used to unlock the iPhone in question. Apple’s lawyers have expressed public interest in this information with the intent of strengthening the overall security of the iPhone. However, the government could choose to classify the information, barring Apple and others from accessing it.

No information regarding the contents of the iPhone has been released. Meanwhile, the possibility of not finding relevant information is still a potential.

Both Apple and the FBI have stated that they will continue working towards their goals, Apple regarding securing users’ data from interpersonal and governmental attacks, and the FBI regarding their ability to “obtain crucial digital information to protect national security and public safety” with or without “cooperation from relevant parties.”

Source: U.S. Says It Has Unlocked iPhone Without Apple

CSSD has announced an Enterprise Exchange email service upgrade for all Faculty and Staff. This upgrade will automatically take effect and preferences need to be set by July 11th. There are many benefits including the ability to request your own email quota increases.

Your Action Required by July 11th:

Please take the necessary steps to set your preferences before the upgrade period begins.

  1. Log in to my.pitt.edu
  2. Select the link on the upper right side of the page stating, Please set your preferences today
  3. On the next page, choose Set Email Preferences
  4. The Email Preferencesscreen will appear. Choose the first option, I want to receive my email in my My Pitt Email (Exchange 2013) mailbox
  5. Click Next
  6. The next screen displays the options to delete or keep the legacy IMAP mailbox. This is the mailbox that opens when you choose “Webmail” in my.pitt.edu. If you no longer use this mailbox (most people do not), choose the option Delete my legacy email (IMAP/ Webmail) mailbox
  7. If you want to copy the emails from the IMAP mailbox to your Exchange mailbox, select the checkbox next to Move existing messages in my IMAP/Webmail mailbox to My Pitt Email
  8. Click Submit when finished
  9. A confirmation message should appear. Click Finish.

Things that will not change:

  • Your email address and aliases
  • Outlook 2010 client on the computer
  • How you access email on my.pitt.edu
  • Your calendar and mailbox permissions
  • Your mailbox size

The Benefits of Upgrading to Exchange 2013

  • Enjoy an enhanced Web interface with new features
  • Increase your email storage space as needed
  • Share your calendar with others and schedule meetings
  • Schedule online video conferences with Microsoft Lync
  • Search an address book of everyone at Pitt
  • Reply to emails inline (that is, without opening a new window to compose a message)
  • Receive an alert before you send an email if you forget to include an attachment.
  • Use a consistent email interface across all of your devices
  • Set an out-of-office notification when you are unable to respond to email
  • Work and compose emails while offline
  • Install Web apps
  • Enjoy constant access to your personal contacts, University address book, calendar, and tasks regardless of whether you access your email through My Pitt, on your mobile device, or using an email client.

For more information, please see CSSD’s Article and Frequently Asked Questions concerning this upgrade.

If you still have questions, let us know!

 

What is Heartbleed?

This security bug, which was discovered and disclosed last week by Google Security, affects the OpenSSL cryptographic library which secures a large percentage of the Internet’s traffic. While you may have never heard of OpenSSL, you’ve more than likely encountered it on the web. If this vulnerability was to be exploited, a hacker could capture usernames, passwords and other sensitive information from affected websites.

How does it affect the University?

FIS and CSSD have conducted separate, detailed audits of the enterprise systems to ensure appropriate security has been maintained. CSSD and FIS have applied security updates where needed.

Do I need to change my passwords?

Yes. Please change your University Computing Account password immediately. (Directions below) You do not need to change your FIS Login account password. It’s also recommended that you change your passwords to other well-established websites. Here is a compiled list of social networking sites, online stores and email providers that could be affected.

  1. Log into the My.Pitt portal
  2. Under the My Resources menu, please choose Change Password.

 

 

 

 

 

Follow one of these links to read more:

CSSD: What you need to know about the Heartbleed Vulnerability

TechCrunch: Security Bug in OpenSSL

Heartbleed Bug


Archives