suspicious activities on NUIG account

crazy cabbage

Just got an email from IT department saying that i have received a written warning becouse of suspicious activities on my NUIG account.

I haven't a clue what i might have done on my NUIG account that would be considered suspicious.

This ever happen to anyone else?
Any ideas on who i should contact to try and see what this is about? (it isn't letting me reply to the email)

leeroybrown

The IT Department or ISS (Computer Services)? Contact whichever department issued the warning and ask to talk to the person who issue the warning. Also, if you've been looking at porn or downloading illegal material from the web they'll have tracked it as there's transparent proxy tracking all HTTP(S) activity on the network this year. If you gave your login details to someone else and they did something you'll be held responsible too.

crazy cabbage

leeroybrown wrote: »

The IT Department or ISS (Computer Services)? Contact whichever department issued the warning and ask to talk to the person who issue the warning. Also, if you've been looking at porn or downloading illegal material from the web they'll have tracked it as there's transparent proxy tracking all HTTP(S) activity on the network this year. If you gave your login details to someone else and they did something you'll be held responsible too.

Ok. thanks. Didn't download anything like that. The only thing that i can think of is bypassing the block on facebook but alot of people do that and i have never heard of people getting warning about it

Will try and contact them monday and see what it was about.

Thanks

Ficheall

You weren't so foolish as to click any of the links in the chess emails, were you?

crazy cabbage

Sorry again but do you know where i might find the email address for the IT department. I know there is the one for the college of IT or whatever but that isn't the same as the one for Internal IT matters is it?

Ficheall wrote: »

You weren't so foolish as to click any of the links in the chess emails, were you?

Links to red-heads? Of course not :pac:

Zillah

Change your password and do a virus scan as a precaution. You could be spamming people for all you know.

BhoscaCapall

crazy cabbage wrote: »

Sorry again but do you know where i might find the email address for the IT department.

Knowing NUIG they'll probably ask that you write them a letter and post it in.

TheCosmicFrog

leeroybrown wrote: »

...there's transparent proxy tracking all HTTP(S) activity on the network this year.

I'm starting to think this needs a thread all of its own.

Ficheall

Aye, can someone elaborate in plain English?

TheCosmicFrog

Ficheall wrote: »

Aye, can someone elaborate in plain English?

This article does a pretty good job of it:
http://en.wikipedia.org/wiki/Man-in-the-middle_attack

RolandIRL

Is that why some computers in the college had to be switched to "No proxy" in the browser settings over the summer? Was wondering what that was about.

Why does this actually mean to students? Is it safe to be, say, doing online banking in the college now?

Zillah

TheCosmicFrog wrote: »

This article does a pretty good job of it:
http://en.wikipedia.org/wiki/Man-in-the-middle_attack

What are they actually doing with it? Storing private data? Surely they can't see the content of https?

ethernet

Zillah wrote: »

...Surely they can't see the content of https?

Nah, you can if you really want to - especially if you manage the entire network infrastructure: can deploy the necessary certs on all the PCs in the labs so it's transparent to users. I went to use eduroam the other day for the first time in NUIG, checked the cert out of paranoia as usual and saw the extended CA chain for the NUIG snooping and refused it outright. Just not cool with that, even if it's just for DPI for some keywords or whatever.

To the OP, as already suggest, best contact IS Services (formerly Computer Services) to get a better idea of what was going on with your account.

Squeeonline

Friends of mine over at 091 Labs have informed me that it is NOT safe to carry out private exchanges (internet banking/shopping, private conversations) on the network.

Source: https://groups.google.com/forum/?fromgroups=#!topic/091labs-public/5UxCkY5zDnY


take from that what you will.

BaconZombie

Do they warn you anywhere what they are intercepting secure HTTPS traffic?
If so do you mind pasting the text here so we can review it.

Also would be nice to know what they are logging since if it is financial, medical or workers rights information they can be in breach of both Irish and EU data privacy laws.

RolandIRL

BaconZombie wrote: »

Do they warn you anywhere what they are intercepting secure HTTPS traffic?
If so do you mind pasting the text here so we can review it.

Also would be nice to know what they are logging since if it is financial, medical or workers rights information they can be in breach of both Irish and EU data privacy laws.

No, we haven't got such a warning afaik on our own computers or in their computer suites. I did get something on a college computer that would save its own settings (it's networked but doesn't have the Zenworks client application), telling me to set it to "no proxy" in the browser connection settings but I can't seem to recreate that on my own laptop. I'll go to said computer later today and see if that gives any info.

BaconZombie

Is this only collage issued systems or did you have to install anything on your own desktop/laptop it get it on the network?

Have a look in your Certification store and see if there is any ROOT Certs installed with the College name in it.

RolandIRL wrote: »

No, we haven't got such a warning afaik on our own computers or in their computer suites. I did get something on a college computer that would save its own settings (it's networked but doesn't have the Zenworks client application), telling me to set it to "no proxy" in the browser connection settings but I can't seem to recreate that on my own laptop. I'll go to said computer later today and see if that gives any info.

RolandIRL

BaconZombie wrote: »

Is this only collage issued systems or did you have to install anything on your own desktop/laptop it get it on the network?

Have a look in your Certification store and see if there is any ROOT Certs installed with the College name in it.

There's two wifis available here (that I've used anyway), NUIGWiFi and the eduroam network. For NUIGWiFi, you don't need to install anything to get on it (as far as I can remember, I've had the same laptop for the past 3 years), but for the eduroam network, you had to install this. If I recall correctly as well, I may also have had to switch to "No proxy" when I was using an ethernet cable with my laptop (in the same room as the other computer whose settings had to be changed as well).
I'll check this out later when I'm in that room and report back what happens.

I'll get a list of certs when I go on my laptop later. Have to run for a lecture now.

RolandIRL

On that computer now and this is what any webpage redirects to when you change the proxy settings.

Attention ....

NOTE: As a result of the recent proxy upgrade,
your Internet Broswer need to be re-configured

You are attempting to access this website: http://en-gb.www.mozilla.com/en-GB/firefox/central/

Following the recent implementation of the new proxy service, you need to change your browser settings

See below for instructions how to do this.

It contains instructions for all the most popular browsers.

If this procedure does not work, please contact the ISS Service Desk ( servicedesk@nuigalway.ie ) and provide the following details:

My IP Address is: XXXXXXX

URL: http://en-gb.www.mozilla.com/en-GB/firefox/central/


<instructions to change settings, removed for display purposes>

Regarding the certs, what would I be looking for?

FreeT

I've just spoken with ISS.

Apparently they've only updated the wired computers; WIFI proxy setup is unchanged.

According to them, no info is/can be stored through it, it's just an extra layer of protection against anyone trying to mess with the computer labs' computers.

Can anyone verify this? Those new women in ISS scare me and I didn't want to ask too many more questions!

ethernet

BS.

Proper group policies and Deep Freeze (and similar localised soluations) stop lab machines from being messed with; not interception of secure websites viewed on those machines.

BaconZombie

Connect to your Bank and them any online medical records you have.
This can even be an email to your Doctor.

Then ask them for all Information they have digital stored on you.
If they have either of the above they are, as far as I know in break of Irish and EU data privacy and protection laws.

FreeT wrote: »

I've just spoken with ISS.

Apparently they've only updated the wired computers; WIFI proxy setup is unchanged.

According to them, no info is/can be stored through it, it's just an extra layer of protection against anyone trying to mess with the computer labs' computers.

Can anyone verify this? Those new women in ISS scare me and I didn't want to ask too many more questions!

joeKel73

The ISS Service Desk has/had an account on boards and was giving some support about Blackboard problems last year.

Would be great if they logged in again to reply to some of these queries...

Edit: PM Sent

ISS Service Desk

Regarding suspicious activities on NUIG account, ISS (Information, Solutions and Services) did not send the email. This is possibly a phishing email, please delete and reset your password to your student email account. For more information on phishing if you are still concerned you can drop into the ISS Service Desk or email servicedesk@nuigalway.ie.