Carlin named interim vice provost for information technology
by the editors, InfoTech Tuesday
published June 5, 2007
Lynn Carlin has been named interim vice provost for information technology, effective July 1.
Carlin is currently the special projects assistant to the provost/dean of the libraries. Prior to that,
she served as the director of Data and Information Administration. Before coming to Kansas
State University in 2005, Carlin worked at the Library of Congress and National Archives
and Records Administration.
Update Mozilla applications to patch security vulnerabilities
by Harvard Townsend, IT security officer
published June 5, 2007
K-Staters who use Mozilla applications like Firefox and Thunderbird need
to update to the latest version in order to patch known
vulnerabilities. On May 31, US-CERT issued a technical
cyber security alert warning of these
vulnerabilities and encouraging people to update.
- In Firefox and Thunderbird, pull down the Help menu and select Check for Updates
to apply any available updates.
- It is also advisable to configure these applications to automatically check for and apply
updates. This can be enabled in the Tools | Options | Advanced | Update tabs.
Note that Thunderbird version 2.0.0.4 referenced in the US-CERT security alert
is not yet available for general release from Mozilla. If you configure Thunderbird
for automatic updates, you will get it as soon as it is released.
If you are running version 1.5 or older of Firefox or Thunderbird,
you should upgrade now to version 2.0. Mozilla will cease to support
Firefox 1.5 this month (June 2007) and will end support for Thunderbird 1.5 on Oct. 18.
After those dates, Mozilla will no longer produce security patches for those versions.
Protecting credit card information at K-State
by Harvard Townsend, IT security officer
published June 5, 2007
As a "merchant" that accepts credit cards for payment, K-State must
comply with the Payment Card Industry (PCI)
Data Security Standards (DSS) (PDF).
PCI DSS are detailed security requirements applicable to all "system components" where the credit card number
is "stored, processed, or transmitted." An annual PCI self assessment and quarterly network scans are also required to
ensure compliance with the DSS.
Credit card numbers are frequent targets of hackers, so it is critically important that K-State remains diligent
in protecting this sensitive data. While complying with the PCI DSS takes considerable resources, it is far less
costly than recovering from a security breach in both the financial sense as well as the damage to K-State's reputation.
An audit of campus offices that accept credit card payments is currently under way to ensure credit card numbers and
associated cardholder data is properly handled and protected. Questions regarding credit card processing should be referred
to the Controller's Office at 532-6210.
K-State Online 7.0 pre-release training starts June 18
by Cathy Rodriguez, Information Technology Assistance Center
published June 5, 2007
All K-State faculty/staff are invited to attend pre-release training
sessions for the new K-State Online features coming Aug. 6. The first
session is Monday, June 18. All sessions will be in
Fairchild 202 and require pre-registration. Detailed descriptions of
each session can be found on the
registration page.
This is an opportunity to get hands-on time with the completely
redesigned system in a lab setting, gain insight into the coming
changes, and give feedback on the new features. Session topics are listed below.
Session 1 topics: Gating. Create Course. Quick links.
Session 2 topics: Attendance. Create Practice Assignment. Submit an Assignment.
Session 3 topics: Wimba Voice. Message Board. File Drop box. Course Statistics.
Course Organizer (Recent activity; Reorder courses; My enrolled courses).
Enroll in these sessions by going to the
registration page and
selecting the desired sessions. These training sessions will
be repeated in August after the new version is released. More
details will be announced near the end of July regarding August
training sessions.
C2C award nominations due June 15
by Dennis King, Fort Hays State University
published June 5, 2007
Colleague to Colleague (C2C) is excited to once again recognize those
individuals who are making a significant difference in digital learning
and instructional technology in Kansas and Missouri. Awards will again be
presented at this year's SIDLIT (the Summer Institute on Distance Learning
and Instructional Technology), which will be Aug. 2-3 at
the University of Kansas-Edwards campus. The annual awards include the following:
- Outstanding Online Teaching Award
- Outstanding Technical Support Award
- Outstanding Online Course Award
- Jonathan Bacon Award for Excellence in Leadership
Please consider nominating your colleagues both at your institution and at
other Kansas and Missouri institutions of higher education. See the
criterion for the four awards.
Nominations must be received by Dennis King (dking@fhsu.edu)
no later than June 15.
Alternative uses for K-State Online
by Rebecca Gould, Information Technology Assistance Center
published June 5, 2007
Across campus, K-State Online is used for a variety of purposes. It is more than a learning
management system. From the beginning, developers of K-State Online have created the
tool and developed features to enhance its versatility. Some examples to consider in your
own units:
- For search committees, K-State Online is a secure space to store letters of application,
vitaes, and references lists, so that only search committee members have access to the
materials.
- For unit needs, K-State Online can be used as an intranet. The modules are a place to
store unit policies and procedures, position descriptions, departmental documents, and other
information that is not appropriate for a webpage.
- For project needs, K-State Online can be used as a collaborative space for researchers to
store and edit articles, edit grants, discuss research possibilities, e-mail the membership, etc.
This summer Tandalayo Kidd, assistant professor in Human Nutrition, is using K-State Online to
conduct a Wellness Challenge for faculty and staff in Human Ecology. Kidd set up a course
so that participants in the program can review health and wellness information, document
the progress toward their goal, and review personal progress.
If your unit uses K-State Online in a unique way, send the details to
TellTuesday@k-state.edu for posting in subsequent issues.
IT survey results: Attendance at iTAC training sessions
by Aimee Hagedorn, Information Technology Assistance Center
published June 5, 2007
Results from this year's IT Services Satisfaction Survey are shared in InfoTech Tuesday and on the
IT surveys webpage. The results will be used to improve IT at K-State.
This week's IT services survey question:
Have you attended an IT training session offered by iTAC?
| Attendance at iTAC training sessions | Number |
| Yes, I attended one training session | 162 (11.55%) |
| Yes, I attended more than three training sessions | 60 (4.28%) |
| Yes, I attended more than five training sessions | 7 (0.5%) |
| No | 695 (49.54%) |
| I did not know iTAC offered training | 343 (24.45%) |
| No Response | 136 (9.69%) |
Security tip: Don't send credit card information in e-mail
by Harvard Townsend, IT security officer
published June 5, 2007
Recently, a K-State employee e-mailed another K-Stater and asked them to
"bill my Visa State of Kansas Procurement Card" for a service/product and then included
the credit card account number, expiration date, security code, and the name on the card.
To top it off, the e-mail was sent from a laptop using K-State's wireless network.
Do not under any circumstances use e-mail to send credit card information. E-mail is not secure:
- It is transmitted and stored in plain text.
- It is easily forwarded on to others.
- It may sit in the recipient's e-mailbox indefinitely.
- Copies are stored in your Sent folder and on back-up tapes.
- Deleted e-mail doesn't necessarily disappear right away (see your Trash folder).
- E-mail can go to someone else if you mis-type the e-mail destination.
- The e-mail system could hiccup and reject an e-mail, which may send a copy to the e-mail system administrator.
The Payment Card Industry's Data Security Standard
(PCI DSS), which is mentioned in a credit card article above,
also prohibits sending unencrypted credit card numbers by e-mail (see
PCI DSS requirement 4.2 in PDF format).
Furthermore, K-State's wireless network is not adequately secure and does not comply with PCI DSS requirement 4.1.1.
It is fairly trivial to intercept wireless network traffic and see your credit card information
as it flies through the air in an e-mail message.
In the future, K-State's wireless network will provide strong security, and K-State's e-mail system
will support secure messaging. Until then, do not send institutional or personal credit card information in e-mail.
The risk is too great.
IT by the numbers: K-State central website use
by Nancy Becker, Computing and Telecommunications Services
published June 5, 2007
K-State central website use,
March 5-12, 2007 | Number |
| Hits on the central web server | 29,440,742 |
| Views on the central web server | 7,332,621 |
Visits on the central web server
(how many times the website was visited) | 1,664,319 |
| Disk space used for webpages | 87.2 gigabytes |
| Webpages (total files) | 829,220 |
| HTML pages (.html + .htm) | 232,445 |
| Text files | 6,472 |
| PDF pages | 31,803 |
| Image files | total 371,977
.jpg 214,437
.gif 148,187
.png 9,353 |
|
