Hi everyone,

As I write this we’re entering the fifth(!) week of lockdown, and if you’re like me, you’re starting to find Zoom to be a little boring. We all know the regular tricks; tidying one corner of the room so your background appears spotless, holding up the cat for admiration, and wishing that it was illegal for someone to eat without muting their mic. To help you engage with each other, ITS has made the Snap Camera application available for installation via Software Center on your University Windows PC or laptop.

Snap camera is a fun tool that lets you change your background or yourself into some rather strange and wonderful things:

If you’d like to give this a try yourself you can now install Snap Camera on your University PC yourself. There are a few steps to follow to set everything up:

Installation
Installation is pretty easy. First, connect to the University using the Forticlient VPN application. Sign in using your regular username and password, and don’t forget the Duo authentication!

Once you’re connected, load Software Center on your computer. The easiest way is to click the magnifying glass at the bottom left and type “Software Center” into the search box. Load Software Center (remember to do this AFTER connecting to VPN).

Inside Software Center, click on Applications on the left-hand side of the Window. Find Snap Camera and install it.

Then, restart your PC. Once you’re logged back in, it’s time to start looking for great filters for your upcoming meetings. Load your new Snap Camera application from the Start menu, and you should be able to start exploring the huge number of filters available to you. When you’ve selected the one you want to use in Zoom, follow these steps:

1. Open up Zoom on your computer and log into your account.

2. Go to Settings (the gear icon in the top right) > Video > Camera.

3. Next, select Snap Camera from the dropdown menu.

4. You should see your currently selected filter is now applied to your Zoom video.

You can only change your current Snapchat filter within the Snap Camera application on your desktop. You can’t do it directly in your Zoom meeting. So when you want something different, you can browse in the Snap Camera application. To go back to normal, just unselect the currently selected Snap filter by clicking on it again. You can change filters during the Zoom call by simply clicking a different filter inside the Snap window. It’s very easy and intuitive with a little practice.

Ngā mihi

Augmenting and improving our Zoom experience on campus

The (rather excellent) Zoom video conferencing software has become the default standard for our staff, but as with any software-based conferencing solution, there are a number of ways to automate and improve our user’s experience with the tool.  If you’re supporting a Zoom conference or setting one up for your own use there are a number of things that can make the process easier.

Single Sign-on
There are multiple methods of logging into the Zoom client, but only one method gives full access to our hosted Zoom environment.  When a user loads the Zoom client directly (instead of just clicking on a Zoom meeting invitation they’ve received) they are invited to sign in:

For a first-timer, it isn’t immediately obvious what should be done here.  Our ICT Self Help page has great documentation but most people are exposed to this screen long before they get to our helpful guide.  While any of these options will work to login to Zoom, the preferred method is to use the Sign In with SSO option.  Doing so will display a request for the company domain, which in our case is “waikato.zoom.us”.  Clicking Continue after this will take the person to our standard sign-in page in their browser, eventually leading to the web console where meetings can easily be booked, configured, and communicated.

Scheduling a meeting
While the web-based console can be used to create a scheduled meeting and send out Google Calendar invitations to invitees, there is an easier method.  Zoom has a Chrome extension – Zoom Scheduler.

After installation, the Scheduler adds extra options to your Google Calendar environment.  Using this you can easily create a meeting in a meeting room or office, and send the Zoom invitation to everyone else.

Rights in a scheduled meeting and audio
The most common support issues with Zoom calls (aside from the eternal game of canyouseeme/canyouhearme common to all software video conferencing) are the access rights to the meeting and the functionality of the mute option.  

When a person schedules a meeting, we suggest that if they are unable to attend themselves or are booking a conference on behalf of someone else they select the option to allow others to start the meeting on their behalf.  This can be found in the web-based Zoom console after login, and more easily located under the options in the Zoom Scheduler. Using the Alternative Host option and designating other attendees can make the launch process much easier to support.

The other common issue we see is the accidental muting of participants.  The symbol for mute in Zoom is very subtle, and often the meeting host will mute participants while adjusting their own audio, leading to confusion about who can hear whom and on which side the problem lies.  When troubleshooting such issues, look first for a mute symbol overlayed on the camera window of any participants, and check the host’s mute options are not silencing the audience.

 

This week ITS at the University of Waikato made one of it’s largest School donations ever; with more than 80 computers and other devices gifted to Schools from the Coromandel to the Bay of Plenty.  We’re excited at the opportunities and education potential these devices will offer to our community and young students.  If you have old devices in your office you’d like to get rid of, log a request in our Kuhukuhu site (use the Disposal template) and we’ll arrange a great new home for them.  So far, we’re delivered:

Hillcrest Normal School
1 x Mac Mini
4 x Macbook Pros

Pirongia School
5 x Dell laptops

Tatuanui School
4 x Dell Laptops

Te Rapa School
4 x Dell Desktops
10 x LCD Monitors
1 x Mac Mini
4 x Macbook Pro

Maeroa Intermediate School
4 x iMacs

Te Wharekura o Te Rau Aroha
4 x iPads
7 x Dell Laptops
5 x LCD Screens

Bombay School
4 x iPads

What does a Ransomware attack look like?
The usual way a person becomes infected with Ransomware is inadvertently clicking on a “dodgy” link or installing rogue software from an untrusted website. Once Ransomware takes hold of your machine it will begin to encrypt selected files on your device. These encrypted files cannot be recovered without a code purchased from the Ransomware creators, usually at a significant cost. After this happens the malware solicits you to pay this fee, usually with a strict deadline before your files are unrecoverable. Ransomware typically uses strong encryption methods that make it impossible to get your files back without the original key, which only the Ransomware creators hold.

In summary, the Ransomware nasty is holding your files hostage and asking for a payment to unlock them, hence the name Ransomware.

Attackers usually only accept payments in the form of Bitcoin, providing an anonymous Bitcoin wallet address to send to. One of the attractive aspects for malware creators of Bitcoin is that the currency doesn’t provide any method of recovering the funds and all transactions are final. This means that the victim is powerless to retrieve any money paid even if they successfully recover their files, and the transaction is totally anonymous.

In Florida, June 2019, three government agencies were infected with Ransomware. In all three cases, the origin of the Ransomware was an employee opening an email attachment from a malicious sender. Once open the software is capable of traversing through a person’s local network and spreading to other machines. In one of these cases, Lake City paid out $460,000 USD in Bitcoin to the attackers with no guarantee this would actually result in their files being restored.

What you can do to stay safe?
Make sure that email attachments come from someone that is trustworthy and the attached file is something you would expect to come from them. Remember, if you don’t trust an email, please contact the ITS helpdesk on 4008 or forward your email to help@waikato.ac.nz where one of our friendly consultants can verify it’s authenticity and safety.

Max Gernhoefer

If you’re like most of us you mainly use Google Chrome or Firefox to access your online tools, resources, and email. They’re both great browsers, but sometimes things seem to change on their own. You might open a new tab and see a strange new search engine, or start getting strange popups from websites you’ve previously visited but which aren’t currently open. More alarmingly, you might notice strange downloads happening you didn’t initiate, or your email tells you someone else is logged in from another location. What’s going on?

In many cases the answer is malware, but unlike the really nasty stuff that contaminates your computer, this variant lives entirely inside the Chrome web browser. This might seem innocuous, but considering how much of your personal, financial, and private information passing through the web it’s worth taking seriously if you think you might be “infected”.

Browser-based malware is a form of unwanted software that modifies a web browser’s settings without your permission. The usual result is the placement of unwanted advertising into the browser, and possibly the replacement of an existing home page or search page with a new page entirely. The idea is to make you visit certain websites whether you want to or not so the hijacker receives advertising revenue. Worse, browser hijackers and malware may also contain spyware to obtain banking information and other sensitive data.

How can I tell if I have browser-based malware?

Signs that your browser is hijacked by malware include:

• searches that are redirected to different websites
• multiple pop-up advertisements
• strange new toolbars in the browser

Or if you see any pages referencing any of the following:

• Ask Toolbar
• GoSave
• Coupon Server
• CoolWebSearch
• RocketTab

How did this happen?

Unfortunately what happens in your web browser is difficult for our Trend virus scanner to detect, as there are many extensions and Chrome apps that are entirely desirable and useful, and distinguishing between them and malicious variants is difficult. The good news is your browser is actually very secure, each tab you open is entirely separate from any other tab and they cannot cross contaminate each other (a technology called “sandboxing”). In all cases of browser malware, you must click a button to agree to install the extension or app before the infection can occur. Examples of these prompts look like this, and if you see one you almost certainly want to hit “Cancel”.

An example of a Chrome extension installation request

 

The dreaded Ask Toolbar malware

What do I do if I think my browser is infected?

It’s time to ask for some expert help! Log into our Self Service portal at https://kuhukuhu.waikato.ac.nz and look for the Software Assistance option. FIll in the form and a friendly IT consultant will get in touch. We can remove the problematic extension or app and give you some advice on how to stay safe online.

Nga Mihi,
ITS Service Operations

First, what is “Phishing”?

Phishing is the vernacular for an attempt by a person to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication (usually an email). Here at the University of Waikato these messages usually claim to be from ITS, another colleague, social web sites, auction sites, online payment processors, or IT administrators.

Phishing emails often contain links to websites that masquerade as an internal Waikato login page, and can look quite convincing. Falling for a Phishing email can be quite devastating, and can involve personal financial loss to the staff member involved as well as the loss of corporate or student data.  Once a “Phisherman” has access to your University account, they have access to your email and Google Drive.  Ever emailed your credit card or bank account details to anyone?  Now the hacker has those too!

Spotting a Phishing Email

1. The message contains a mismatched address 2. Addresses contain a misleading or misspelled domain name 3. The message contains poor spelling and grammar 4. The message asks for personal information 5. The offer seems too good to be true

6. You didn’t initiate the action 7. You are asked to send money to cover expenses 8. The message makes unrealistic threats 9. The message appears to be from a government agency

Still not sure if that message is legit?  Forward the email to help@waikato.ac.nz and well check it out for you.

Hi everyone, we’re going to talk about a fun topic today – but hopefully one with teaching and research uses.

Have you ever looked at a picture of the supercontinent Pangea and wondered where your current address would have been 250 million years ago? A new online map provides this very service, allowing us to see modern locations across 750 million years of our planet’s history.  It’s like using Google Earth in a TARDIS!

This awesome 3D map is the invention of Ian Webster, curator of one of my favorite sites, Dinosaur Database. It defaults to 240 million years ago, when our planet was dominated by the giant Pangea supercontinent, and it makes little sense from our current perspective.  To overcome this, Webster overlays the map with modern political boundaries, and you can even search for present-day addresses to pinpoint specific locations. Using the left or right cursor keys, you can scroll back or forward in time to see the shifting of the continents. In all, the map goes from 750 million years ago to the 21st century, so you can watch how a specific location on Earth changes across the Devonian, Jurassic, Neocene, or whichever period strikes your fancy.

It’s got pride of place on a laptop in my office, with my house as it as 500 million years ago rotating serenely.  Technology can be a complicated, confusing and often dangerous thing – but sometimes it’s great to be reminded that it can also be a work of art and provoke us to experience moments of wonder and joy.

Ngā Mihi,

Paul.

If I told you that the wireless networks at our Hamilton and Tauranga CBD campuses were fast, reliable and (relatively) easy to connect to would you be skeptical?  It’s true! In this post, I’ll attempt to explain how our Wifi works and provide some troubleshooting tips for navigating the common problems people have connecting their devices to the Internet.

First, let’s cover the somewhat confusing list of wireless network choices you will encounter when you click the wifi icon on your device.  This is not a concise list, as there are some specific purpose networks only available in certain spaces or on event days. But in general you’ll see the following:

• Waikato: This wifi network is for guests and contractors using their own equipment, or conferences on campus.  When you connect to it a screen will load on your device asking you to identify yourself.  Supply the requested information and you’ll have full access to the Web.  File shares, some enterprise applications, and direct printing are not available on this network.
• Lightwire: This is something of a legacy from a period when a third party company provided Internet access to students.  This network also requires no password, but it will load a splash screen asking for a credit card after you connect.  You almost certainly don’t want to select this option.
• eduroam: Are you a staff member or a visitor from another University?  This is the network for you! When you select this network for the first time you’ll be promoted to authenticate yourself, please make sure you use your entire username@waikato.ac.nz email address (don’t use firstname.lastname@waikato.ac.nz) and your usual password.  Your device might throw up a request for you to accept a certificate as part of the initial login too, it’s OK to tell your device to trust it.
• UOW Students: As you might expect this is the wireless network for all our enrolled students.  The only difference compared to eduroam is the username to use for the student wifi is username@students.waikato.ac.nz (please note the plural of students).

Still having issues?  Most likely you’ve selected one of the other password-less wifi networks in the past and your device is confused about which one it should be using.  Most wireless issues on campus can be easily solved by simply deleting the waikato, Lightwire and UOW Guest networks from your trusted wifi list on your device.  Once you’re down to either eduroam or UOW Students (whichever is appropriate) you should find your connectivity works pretty much campus wide.

Finally, your device saves your password into an internal database so it can connect again later without bothering you.  When you change your Waikato password you’re also resetting the connection details to eduroam and UOW Students, so the saved password on the device is no longer valid.  You’ll need to forget and rejoin the network on most devices after doing so, which is another great reason to sign up for two-factor authentication and never worry about changing your password again!

For technical guides on connecting to our wireless networks, please consult our ICT Self Help portal.  Staff/Guest Wifi & Student Wifi documentation is available.

Nga mihi,

Paul.

 

Kia Ora, from Te Manaaki Rauhanga

If you’re like me, you’ve lately been receiving the odd call from unknown numbers on your cell, home or work landline.  Usually, when you answer the call you’ll hear a recording of strange noises, perhaps someone speaking in a foreign language, or silence.  Occasionally you’ll also get a call that rings once and hangs up, and when you call back you’re greeted with the same kind of bizarre audio.  What’s going on?

In short, it’s a rather clever scam.  A very profitable one that can generate a significant bill for the University or you personally.  Here’s how it works, and what you need to know to protect yourself from these callers of dubious virtue.

The basic idea is to entice you to call the scammer back using your phone or device, which initiates the call from your end.  There are usually some sophisticated techniques employed that makes the number the call originates from appear to be a New Zealand cell number, or something else reasonably local.  However, regardless of what you dial, the call will be received by what you might recognize as a “0900” number – one of those nineties-era relics where you pay an extra fee to call for the weather or some other service.  Except instead of $0.99 a minute to hear the latest royal gossip you’re charged a slightly less reasonable $10-$50 a minute. This is a good deal more complicated than the good old days of Nigerian Kings asking for your bank account number!

So what can you do to stay safe?

• If you receive a call that’s obviously a recording or in a language you don’t recognize hang up immediately.
• If you get a missed call from a number you don’t recognize, don’t return the call.  If it’s an actual person calling they’ll call again or leave you a message.
• Use your phone’s ability to block callers when you receive a robocall you suspect is from a scammer.  Android instructions.  iOS instructions.

There are a great many scams via email, phone, malware and social media these days – this is only the latest iteration in an increasingly confusing and sophisticated field of IT security where there’s little risk to the scammers and great potential gain (ie. your money).  We’ll do our best to keep you in the loop as these things pop up, but for now our best advice is to assume that any strange communications you receive are dodgier than a ten dollar iPhone.

There’s a great podcast you can listen to in your browser that does a deep dive on one instance of this scam.  It’s very non-technical and a really interesting listen: https://www.gimletmedia.com/reply-all/long-distance

Finally, there’s been a bit of media coverage on this issue.  Feel free to read it, but have some sympathy for some of the reporters who get a bit confused on exactly what’s going on.

https://www.tcf.org.nz/consumers/mobile/phone-scammers/

https://www.radionz.co.nz/news/national/354292/new-international-phone-scam-affecting-kiwis

https://www.odt.co.nz/news/national/phone-scam-hitting-kiwi-users

Have a great weekend,

Paul.

Kia Ora, from Te Manaaki Rauhanga

This will be something of a long post.  I’ll attempt to be as concise as possible, but today we’re going to explore the really interesting new features Google is rolling out to it’s Gmail web interface.  Gmail is the tool we use at the University of Waikato for our browser-based email service.  When you load Chrome and access your inbox you’re using a version of the Gmail interface, so all these wonderful new features will be impacting you in the next little while.  If you primarily receive your email via a third party tool like Outlook or Apple Mail you may never see these changes, and if this describes you, then this might be a good opportunity to revisit the web version.  These new changes are already available (if you opt in) in any personal Gmail account you have, and our staff and students will be receiving the new interface in a few weeks.

Wait, is that my Calendar?

Let’s talk about the most significant change (from my perspective) first.  A new pane on the right side of the new Gmail interface contains buttons for Google Calendar, Google Keep, and Google Tasks.  The last two options are handy tools, but it’s the Google Calendar integration that really shines.  Now, you can generate a new Calendar appointment directly from an email, see your calendar for a given day before replying and view a co-workers calendar – all from within your email.  I refer to my Calendar as my “Brontosaurus Brain”, in that it takes care managing all the things I might otherwise forget to do (like eating, breathing, and sleeping).  Having it right there alongside my email is a fantastic convenience.

Confidential mode for messages you send

Ever want to send someone a message they can’t (easily) copy, that evaporates from the recipients’ Inbox after a set period of time or send someone a message you can remotely destroy like those really expensive looking Mission Impossible explody briefing documents?  The new Confidential Mode gets you most of the way there, without the hazard of potential bodily harm.

 

Hover Buttons

Now you no longer need to open an email to archive, delete or mark it as unread.  Simply hover the mouse pointer over the message in your Inbox and new options will appear as buttons on the right of the thread.  The handiest is the new “Snooze” option, which allows you to temporarily dismiss a message that you may not have time to deal with currently in the sure and certain knowledge that it will be back to vex you again.

 

Improved detection of dodgy email

Are you as sick of phishing scams as I am?  Google is too, and they’re rolling out a new warning system for telling you about messages they think may actually not be from the son of a wealthy, deposed African despot.  Trust the scary red banner, not Prince T’Challa.

And the rest

And a few additional sweeteners if you need them,

• Computer-generated Smart Replies like those seen in the mobile Gmail app (the suggested reply buttons with waaaaay too many exclamation marks).
• A new “Nudge” feature will point out emails that have sat untouched in your inbox for some time.
• View and download attachments without needing to actually open the email.
• New ways to filter and sort your default Inbox view.
• Using Raiser’s Edge, Trello or another productivity tool?  The new add-ons and features can help you do things faster on all your devices directly from your email with just one download.

Feel free to ask us any questions about Gmail, how it works and how you can make the best use of it.

Nga mihi,

Paul.