CNS Systems Status Report

Incidents

Scheduled Maintenance

Notices

For any OS Software upgrades (desktop/phone/tablets), please consult with IT before proceeding. If you wish to self-manage, please back up your data prior to upgrading. We have received many reports of failed attempts that have generated loss of data.

it blog 2015-01

Subscribe to blog

  • High Sierra Root Vulnerability Macs Under CNS-OIT Management

    Dec 11, 2017 If you own a Mac, you have probably heard by now that Apple introduced a serious bug into High Sierra by which anybody could log into a Mac using 'root' as the username and no password, and get full access to the system. If your Mac is under CNS-OIT management, then a workaround has been applied: a root password has been set on your machine. Additionally, owners of managed machines will receive an email[…]

    Read more...
  • High Sierra Root Vulnerability: Known Issue Migrating From 10.13.0 to 10.13.1

    Dec 4, 2017 If you own a Mac, you have probably heard by now that Apple introduced a serious bug into High Sierra by which anybody could log into a Mac using 'root' as the username and no password, and get full access to the system. You may have also heard that Apple released a patch to fix this vulnerability. But have you heard that the bug 'silently' reappears on systems that are subsequently upgraded from 10.13.0 to 10.13.1? […]

    Read more...
  • Changes to Duo Two Factor Authentication

    Nov 27, 2017 As of Friday, 17 November 2017, UT Austin's Two-Factor Authentication service (2FA) Duo has stopped reporting possible security issues to its push clients when they authenticate.  What does that mean?  The Duo App, from 20 July 2017 until last week reported, based only on release date of the software on the device, that the system was insecure and in need of updates.  This confused many users, or just plain infuriated them in that their[…]

    Read more...
  • Controlled Phishing Campaign by ISO

    Nov 20, 2017 On 1 November 2017, the Information Security Office announced that it would "soon begin a controlled phishing assessment in an effort to continue to improve security awareness around this particular attack vector. All faculty and staff are potential recipients." According to the announcement, "you may receive fake phishing emails designed to look like ones that bad guys are sending. However, instead of harming you, these emails will provide the ISO with data and teach[…]

    Read more...
 

Archived Blog Posts