Security Advisories

• Security Vulnerabilities in Java (2/6/2013)
• Ignore email invitations from College Collaborative Networks (8/21/2012)

---

Security Vulnerabilities in Java

February 6, 2013—This security advisory provides important information for all New School computer users. Please read the entire advisory to learn about the actions you need to take to secure your computer and information.

Recently, you may have heard about several security vulnerabilities in Java, which is a popular programming language used for writing all kinds of computer applications, including some that work inside your web browser, via a special plug-in. Most computers at The New School have some version of Java installed on them, and therefore may be vulnerable to these security issues. To ensure that the New School computing environment is protected from these Java security issues, we are asking each member of the faculty and staff to take a few minutes to ensure that his or her computer's Java version is up-to-date by following the simple instructions below.

BANNER USERS

The Banner application has special Java support requirements. If you are a Banner user, you will have received a separate email from Enterprise Applications via the Banner listserv with detailed instructions on how to update Java on your system. Please do not make any changes to your Java environment until you receive that email.

NON-BANNER USERS

Please follow the appropriate directions below:

Updating Java on Microsoft Windows computers

Follow the directions below to update Java on Microsoft Windows XP, Windows Vista, or Windows 7:

1. Open the Windows control panel by selecting Start > Control Panel
2. Double-click on the Java (or Java Control Panel) icon. If you cannot find the Java Control Panel, Java is not installed on your system and you do not need to do anything further.
3. Select the "Update" tab
4. Check the checkbox next to "Check for Updates Automatically" and then click on the Update Now button
5. If you're running Windows 7, a window may pop up from "User Account Control" asking whether to allow "jucheck.exe" to make changes to the computer. If this happens, click Yes
6. If a window pops up to say that you already have the latest version of Java installed, click OK to close the window and go to Step 11
7. When the "Java Update Available" window appears, click Install
8. When the "Welcome to Java" window appears, click Install
9. If a window appears extolling the virtues of the Ask toolbar, un-check the box next to "Install the Ask Toolbar..." to prevent installing the toolbar, and then click Next
10. When the "You have successfully installed Java" window appears, click Close
11. Click OK to close the Java Control Panel window

Updating Java on Mac OS X computers

Determine what version of Mac OS X you're running by opening Apple Menu > About This Mac.

If you are running Mac OS X 10.6.8 (Snow Leopard) or earlier, use Software Updates to update Java:

1. Open Apple Menu > Software Update...
2. When checking for updates completes, verify that "Java for Mac OS X v10.6 Update 12" appears in the list of updates
3. Click Update All or Install All Updates (one or the other, depending on which version of Mac OS X you're running)

After installing the update, the Java plug-in in Safari will be disabled. If you need the plug-in (for example, to use Banner), follow these instructions to enable it:

1. Open Safari
2. Select Safari > Preferences
3. Click on the "Security" tab
4. Check the checkbox next to "Enable Java" 

If you are running Mac OS X 10.7.5 (Lion) or Max OS X 10.8.2 (Mountain Lion) or later, follow these instructions:

1. Open Apple Menu > System Preferences...
2. Select View > Java or double-click on the Java icon to open the Java Control Panel. If you cannot find the Java Control Panel, Java is not installed on your system and you do not need to do anything further.
3. Select the "Update" tab
4. If the Update tab says that you have the recommended version of Java, click OK and go to Step 9
5. Click on the Update Now button
6. When the "A new version of Java is available!" window appears, check the checkbox next to "Automatically download and install updates in the future" and then click Install Update
7. When the "Ready to Install" window appears, click Install and Relaunch
8. Enter the administrator password if necessary
9. Close the window that says "The Java Control Panel opens in a separate window"

We ask that all New School faculty and staff take a few minutes right now to perform the steps in this security advisory. This will help ensure that New School computers, and more importantly New School information, are protected against these serious security vulnerabilities.

If you have any problems or questions while performing the steps described in this advisory, please contact the Help Desk at helpdesk@newschool.edu or (212) 229-5300 x2828.

Ignore email invitations from College Collaborative Networks

August 21, 2012—New School faculty, staff, and students are advised to ignore email messages they may have received recently inviting them to accept a "free membership" to College Collaborative Networks. The emails advertise that "The College Collaborative Networks at http://www.ccnets.org is now open for sign up (choose 'NewSchool')," however, very little information is available about the service or the organization behind it. While there is no reason at present to think that the site has any malicious intent, it is not an official New School social media site, and should not be used for any official university work. We suggest avoiding it for personal use as well.

The New School offers several ways to obtain official communications and network with colleagues, including MyNewSchool, New School News, New School blogs, Facebook, and Twitter. For more information about connecting with The New School, visit www.newschool.edu/connect.

The Information Security Office offers these reminders for email users:

• Always be suspicious of e-mails asking for sensitive information. Email is not a secure form of communication. Organizations you do business with (including The New School) already know your account information, and will never request it from you via email.
• Never respond to an email request for personal information. If you think the message might be legitimate, look up the organization's phone number (don't trust the phone number in the email), call them on the phone, and provide the information that way.
• Never click on the links in a suspicious email. If you're unsure about a link to a site you receive in an email, hover your mouse over it. If the link text in the email doesn't match the link address, do not click on the link.

For assistance and information on computer security issues, the first point of contact is the IT Help Desk: 212.229.5300 x2828 or helpdesk@newschool.edu. Additional information can be found at www.newschool.edu/information-technology/security/.

Back to top

Related Links

NetID
Office Computing
Lock Your Workstation