
|
News
 |
2015-11-13 OPM background records data breach information |
|
   |
We have received a lot of questions regarding mailed letters originating from “OPM Notifications” and whether or not they are legitimate. Office of Personnel Management (OPM) has begun sending letters to individuals who were impacted by the cyber intrusion involving background investigation records. Notifications are being sent over a period of 12 weeks from start to finish.
Here is what we know and can clarify:
- Letters arrive from “OPM Notifications” with perforated edges and look like junk mail.
- ID Experts was awarded the monitoring service contract. You must receive a letter with unique pin to sign up.
- ID Experts coverage is offered for three years.
- This is not the same as credit monitoring services offered and provided by CSID.
- At this time, OPM is not aware of any misuse of personal information.
- 21.5 million individuals were impacted by this.
If the letter you receive looks like one of these two, it’s likely legitimate:
- If records indicate your fingerprints were not compromised, you notification letter will look like this: https://www.opm.gov/cybersecurity/sample-letter.pdf
- If records indicate your fingerprints were compromised, your notification letter will look like this: https://www.opm.gov/cybersecurity/fingerprint-letter.pdf
Regardless of what the letter looks like, the only place you should go to enroll for coverage or get information is https://www.opm.gov/cybersecurity/. If you receive a letter directing you to a different website, it’s a scam.
I hope this helps clarify but please let us know if you have any additional questions. Information such as monitoring services and coverage limits can be found here: https://www.opm.gov/cybersecurity/ |
   |
 |
2015-10-28 ALERT: Phishing Attack Awareness |
|
   |
This is an important awareness alert. Please read.
Those who wish to attack USDA computer systems often employ the strategy known as “Phishing” where the use official looking email messages to entice users to click links which can either install secretly install malware without the user’s knowledge or prompt them to enter their login credentials that could be captured and used later. Even a small number of customers falling for these phishing scams can lead to serious security breaches.
Over last night and this morning, we have seen two phishing campaigns targeting USDA customers. The first was a message regarding an “IT Service: Email Quota Alert”. Below is an example of the message and it included a link to update information.

The second, and most concerning, is the message sent this morning. This message was titled “Your Telework Password Has Expired” and contained many hallmarks of an official message. It also includes a link.

We’d like to take a moment to remind you how to handle messages that you suspect as Phishing.
- Do not click any links of messages which you do not immediately recognize, find suspicious, or unsusual
- Please forward any suspicious message to your IT Service Staff as an attachment and ask for guidance
- Delete the suspicious message from your mailbox
The IT Staff can assist in identifying suspicious messages. They can then forward those which appear to be phishing to SPAM.ABUSE@USDA.GOV. |
   |
 |
2015-01-21 Important Cyber Security Best Practices Reminders |
|
   |
FY2015 Security Awareness Training Reminder
REMINDER: Security awareness training is due to be completed in AgLearn no later than January 31, 2015. If you haven’t already done so, now is a great time to take that training and be reminded of important cyber security best practices.
Prevent virus outbreaks and spam
Viruses are often spread through e-mail. You can greatly reduce the spread of e-mail viruses by using antivirus software, opening e-mail only from trusted sources, opening only attachments you're expecting, and scanning attached files with antivirus software before opening them.
Spam is loosely defined as unsolicited bulk e-mail and loosely correlates to the junk mail that turns up in your home mailbox. But spam represents more than unwanted clutter. It clogs e-mail accounts--and networks and servers--while trying to sell products, spread jokes, or propagate Internet hoaxes.
Reduce the amount of spam you receive by being cautious where you post your e-mail address. Avoid publishing your e-mail address on Web sites or submitting it to every site or organization that requests it.
Never forward chain messages, which often reveal coworkers' and colleagues' e-mail addresses to other parties. Use caution when accepting e-mail offers or agreeing to accept mailings from vendors; subscribe only to Web sites and newsletters you really need.
Don't open unsolicited e-mail. If you accidentally open spam, don't click links offering to unsubscribe or remove you from the mailing list unless the sender is a trusted vendor.
Avoid phishing attacks
Phishing scams are designed to steal consumers' personal information. They often use doctored and fraudulent e-mail messages to trick recipients into divulging private information, such as credit card numbers, account usernames, passwords, and even social security numbers.
Online banking and e-commerce are generally safe, but you should always be careful about divulging personal and corporate information over the Internet. Phishing messages often boast real logos and appear to have come from the actual organization, but those messages are frequently nothing more than copyright infringements and faked addresses. If you suspect a message possesses any credibility, you are much safer calling the company directly--preferably at a telephone number printed on a paper statement or invoice--and talking to an authorized representative.
Make regular backups
A more common type of malicious software available nowadays is called ransomware. Ransomware attacks the data stored on your computer and encrypts it, thus preventing you from accessing it. The owner of the ransomware will attempt to extort money from you to decrypt those data files. Sometimes paying the ransom will get your files back, and other times not.
The best defense against malicious software like this is to maintain regular backups of your critical data files. If you don’t have a local network-based backup capability at your location, backups should be stored on a device that is not permanently attached to your computer. Ideally, the backup device is only connected to your computer when (a) a backup is running, or (b) you must restore from a backup. The backup device should be regularly scanned for viruses and malware to minimize its potential to be compromised. This step is even more critical if a backup device is shared among more than one computer. Any one of those computers that share a backup device could have a virus which infects the backup device, and then subsequently infects all other computers that use the backup device.
Keep ALL computers up to date with security patches
Many end users have multiple computers nowadays, perhaps a desktop and a laptop, or a science computer and an administrative computer. It’s important to regularly turn on each of your computers and make sure that they are receiving critical security updates from operating system and application vendors. ARS uses IBM Endpoint Manager (formerly Tivoli Endpoint Manager) to ensure that end user computers stay up to date. Please check with your local IT staff to see if IBM Endpoint Manager is installed on your computer(s). If not, please encourage your local IT staff to contact your Business Service Center IT staff for more details on IBM Endpoint Manager and how to deploy it. |
   |
 |
2014-09-18 Do not upgrade Apple devices to iOS 8 yet |
|
   |
Yesterday Apple released a new Operating System (iOS 8) for iPhone (4S, 5, 5S) and iPad (2, 3, 4, Air, mini, mini 2). This update will automatically come to your Apple devices. When prompted, please do not install the upgrade yet. MobileIron, which is our device manager for encryption, email, and management will not work with iOS 8 until the server is upgraded. It is anticipated that this will happen on October 13th, but I will let you know when it’s OK to upgrade.
Also remember whenever you do a major Operating System upgrade like this, please make sure to backup your device (in iTunes) prior to installing. If you already upgraded to iOS 8, please let me know so we can work on restoring your device (if a backup was done). |
   |
 |
2014-06-24 Intermittent loss of email connectivity |
|
   |
We are currently experiencing intermittent loss of connectivity to both USDA email and Office Communicator. We are also unable to send and receive email to/from outside of USDA. The Enterprise Operations staff is currently working to resolve the issues. Once the issues are resolved, all email from outside of USDA will be delivered.
2014-06-24: Update from OCIO
The problem reported earlier today affecting incoming and outgoing Internet e-mail has been successfully resolved. Within the next 1-2 hours, all delayed Internet e-mail is expected to be processed and delivered. There is no expectation that any messages have been lost during the service outage.
We appreciate your patience as this problem was addressed. If you have any questions, please contact the ARS-OCIO Service Desk at HelpDesk@ARS.USDA.GOV. |
   |
 |
2014-05-02 Security Vulnerability in Internet Explorer web browser |
|
   |
The majority of you have automatic updates enabled and will not need to take any action because the update will download and install automatically. For those manually updating (or unsure if you are getting automatic updates), I strongly encourage you to apply this update as quickly as possible. To do this, go to Start > All Programs > Windows Updates > Check for updates > Install updates.
You may have heard in the media that Microsoft Internet Explorer is subject to a critical security vulnerability that is still unpatched. Furthermore, the United States Computer Emergency Readiness Team (US-CERT) has recommended that users avoid Internet Explorer browsers until this vulnerability is corrected.
ARS OCIO has confirmed that our network security tools are actively protecting the ARS network from this vulnerability. As a result, while your computers are connected to ARS’ network, you can safely use Internet Explorer even while the vulnerability still exists.
ARS OCIO recommends that employees take the following computer security precautions:
- When teleworking, please make extra certain that you are connected to the ARS Virtual Private Network whenever you must use Internet Explorer. This way, ARS’ network security tools can keep your computer protected against this vulnerability.
- On personally owned computers at home, download and install a different Internet browser, such as Mozilla Firefox or Google Chrome. Ensure that the new browser is up to date with all of its security patches. Then begin using that browser to access the Internet, and continue using it until all of the following events occur: (1) Microsoft releases a patch to correct Internet Explorer’s vulnerability, (2) you have successfully installed that patch on your personal computer, and (3) you have validated that your personal computer was not affected by the vulnerability. No employee should assume that their personal Internet provider can provide the same level of computer protection as is provided by ARS’ network security tools.
- If you have not yet upgraded your computer from Windows XP to a newer, more modern operating system, we strongly recommend that you do so as soon as possible. It is unlikely that Microsoft will release a patch to correct this vulnerability for Windows XP computers. As more security vulnerabilities are identified in Windows XP and its software applications, it will be nearly impossible to keep Windows XP safe from hackers attempting to exploit those vulnerabilities.
If you have any questions or concerns, please contact your local IT support contacts.
Your cooperation and support are greatly appreciated.
Thank you,
ARS/OCIO
Customer & Technical Services Branch |
   |
 |
2014-04-10 "Heartbleed" bug - OpenSSL vulnerability |
|
   |
Some of you have asked about the news of the “Heartbleed” bug. The intention of this email is to make you aware of what it is, how you may be affected, and what you can do about it.
What is it?
Basically, the “Heartbleed” bug is an information leak. It affects the encryption technology used to protect online accounts for email, social media, banking, etc. The bug allows outsiders to peek into personal information that was supposed to be protected from snoopers. It exposes usernames and passwords even on “secure” sites and, unfortunately, has gone undetected for over two years.
What sites have been affected?
The potential number of affected websites is huge since approximately 66% of websites use the type of encryption technology affected by this. Please use this website to check if your banking, email, social media, and ecommerce sites are vulnerable: https://lastpass.com/heartbleed/
What can you do?
Eventually, you will need to change your passwords to any affected website. Due to the nature of this bug, you will need to wait until affected sites update their servers to patch the vulnerability before you change your passwords. Changing your username and password before a site patches its servers achieves nothing. I would presume most popular websites will be patched by the end of this week. The following website lets you know which sites have patched the bug, when, and if you should update your passwords yet: https://lastpass.com/heartbleed/
What can I do to protect myself going forward?
Vulnerabilities like this highlight the importance to use different passwords for different websites. Using the same username and password on multiple sites that hold valuable information is a really bad idea. Consider using password management software to easily manage your growing number of accounts. Now is a great time to start using a password manager since you will likely be changing a lot of passwords in the next few days. For more information on this, please visit the intranet page about KeePass: http://usda.wisc.edu/software/passwords/keepass.html
The bottom line is to change your banking, email, social media, and ecommerce passwords as soon as possible, but wait until you are sure that particular website is no longer vulnerable. If you have any questions on this, please contact us. |
   |
 |
2014-01-24 Windows XP to Windows 7 migration |
|
   |
As many of you already know, Microsoft is ending support for Windows XP on April 8th, 2014. This termination applies to security updates and support services from Microsoft. Without security updates to an operating system, it leaves computers vulnerable to attacks that exploit software vulnerabilities. Following suit will be the major software vendors (Adobe, Oracle, Symantec, VMware, etc), ending support for their software running on XP as well.
With the April 8th deadline fast approaching, we have been working on migrating or replacing applicable systems throughout the location to Windows 7. Many of you have already been upgraded or will be upgraded soon. The majority of systems left to upgrade are connected to instruments. This is where we need your help.
For any computer running in your lab that is running Windows XP, please check with your instrument support vendor to see if they have software compatible with Windows 7 to work with your existing equipment. When contacting them, they will need to know which version of Windows you are running. In most cases, your answer will be Windows 7, 64-bit (unless we tell you otherwise). In the past few months we have had some vendors provide free software upgrades and others charging for the upgrade. We have also had cases where the equipment is no longer supported which means the computer cannot be upgraded until the instrument is.
For computers that require Windows XP (or older) due to software/instrument compatibility and lack of ability to upgrade, we will be creating a waiver for them. In these instances, a waiver will be submitted to headquarters and network access will be shut off to each of these computers.
Thank you in advance for your patience, help, and cooperation as we complete this migration. Please let us know if you have questions or concerns on any of this. |
   |
 |
2013-12-16 Aglearn services issue |
|
   |
From: TeamAgLearn
Sent: Monday, December 16, 2013 10:54 AM
Subject: AGLERAN SERVICE ISSUES UPDATE
Importance: High
The AgLearn issues that surfaced last week have resumed this week, though not quite as seriously as before. This is caused by an extraordinary and unanticipated number of users who are accessing the system to complete their IDPs. Everything is working properly, but the number of IDPs open at any one time, combined with the high database resource demands of the IDP process, has severely affected system speed and responsiveness.
Team AgLearn is monitoring the situation and will provide updates as they become available. In the interim, it is recommended to save all non-essential AgLearn usage until things calm down. Reports should be scheduled to be run after working hours, if at all possible.
In an effort to anticipate the breadth and duration of the issue, please contact Jerome Davin or John Rehberger if your agency is currently encouraging its users to take immediate action on their evaluations and IDPs. We have identified two agencies for which elevated IDP and related usage are contributing to the issue, and need to find out if there are others in order to plan an appropriate response.
Team AgLearn apologizes for any inconvenience.
Team AgLearn
aglearn.usda.gov

THINK GREEN!
Do you really need to print this e-mail?
|
   |
 |
2013-05-21 VPN Connectivity Issues |
|
   |
Last Friday, a number of you received an automatic update for the Cisco AnyConnect client software that is used to connect to the ARS Virtual Private Network (VPN). That client upgrade was unexpected and unplanned at the time.
As a result, many of you may experience a warning screen like this one when connecting to the default VPN location:

If you are seeing this screen for the first time, please click the "Change Setting…" button as highlighted above. Then on the ensuing window, please click the "Apply Change" button as highlighted below.

If you have already seen the red screen above, and clicked on the "Keep Me Safe" button, please call the ARS Service Desk on 1-866-802-4877 so that a technician can assist you in troubleshooting the issue and re-installing the Cisco AnyConnect client software if necessary.
Please note that even when the red screen above stops appearing, you will still regularly see see a screen like the one shown below:

When you see the above screen, please click the "Connect Anyway" button to access the VPN.
ARS OCIO appreciates your patience and understanding as we work with you to correct this issue. |
   |
 |
2013-04-17 US-CERT - Scams Exploiting Boston Marathon Explosion |
|
   |
Please be aware that historically, scammers, spammers, and other malicious actors capitalize on major news events by registering domain names (website url's) and social networking accounts related to the events. They do this to take advantage of those interested in learning more details about major events, or target individuals looking to contribute to fundraising efforts.
Pay attention to the information highlighted below and always remember: do not open unexpected attachments or click on links in suspicious emails. Be cautious browsing social media websites claiming to represent interests of those involved in any incident.
-----Original Message-----
From: US-CERT
Sent: Wednesday, April 17, 2013 2:51 PM
Subject: US-CERT - Scams Exploiting Boston Marathon Explosion
National Cyber Awareness System
Scams Exploiting Boston Marathon Explosion
Original release date: April 17, 2013
Malicious actors are exploiting the April 15 explosions at the Boston Marathon in attempts to collect money intended for charities and to spread malicious code. Fake websites and social networking accounts have been set up to take advantage of those interested in learning more details about the explosions or looking to contribute to fundraising efforts.
For example, the Twitter account @_BostonMarathon was created shortly after the explosions took place. The account stated it would donate $1 for each retweet and was crafted to closely resemble the legitimate Boston Marathon Twitter account (@BostonMarathon). This account has since been suspended by Twitter; however, the likelihood that similar social media accounts will surface remains high.
Phishing email campaigns are also circulating using subject lines related to the Boston Marathon explosions. Do not open unexpected attachments or click on links in suspicious emails, even if the email appears to be from someone you know.
US-CERT recommends that all persons interested in donating funds should go directly to established charities such as the American Red Cross.
Exercise caution when interacting with social media accounts that claim to represent the best interests of those involved in the incident, and directly visit established news sources rather than conducting general search engine queries, as it can be difficult to tell which search results may lead to scam sites. |
   |
 |
2013-03-12 Phishing/Spam ALERT: Increased Phishing Activity |
|
   |
**********************************>>>>>> IMPORTANT ITS SECURITY NOTICE <<<<<<******************************************
Please Be Advised:
A phishing/spam campaign is underway against USDA email addresses. It began yesterday afternoon, March 11th, at approximately 3:00 CTS.
This campaign is reaching USDA email addresses in high volumes.
No malicious payloads have been identified with this spam campaign. The messages do, however, contain highly suspicious links. A single click of a link can have severe impacts on our security. Do not click any links or attachments in emails which appear suspicious.
- The subject of the email message varies and includes but may not be limited to: Fasting, Halting, Long, From Friends, Hi Again, New, Your Friends, Your Friend, The Best, Hello Friend, Newest, Hello
- The email contains a hyperlink. The names of the link vary and include but may not be limited to: click here, check, watch that, this is what you need, see this, try.
- In many cases the attacker is spoofing USDA email addresses of separated individuals whose accounts are no longer in service. The messages often include the spoofed sender as a recipient of the message. In addition, the attacker appears to be grouping recipients alphabetically by last name.
- If you receive this message, delete it immediately. To permanently delete an email message, highlight the message and press Shift + Delete. No further action is necessary.
- If you received this message and did click the link, please contact your local IT Help Desk or Business Service Center IT Branch. Additional advice will be provided once you’ve contacted your local IT Help Desk.
|
   |
 |
2013-01-14 Update for Java security vulnerability |
|
   |
** If you are on PatchLink, no action is required since you will receive this update automatically. If you are not on PatchLink or are not sure if you are, please keep reading and follow the instructions. **
Who’s affected: Computers running Windows or Mac OS X (10.7 and higher)
What’s affected: Java version 7
When: Immediately
Why: Java recently reported a critical security vulnerability affecting Java version 7. Since then Oracle released a security update to help reduce any potential risk. If you are running Java 7, please make sure to install Java 7, update 11 as soon as possible. If you are running Java 6, no action is required. If you are unsure which version of Java you are running, please go to this website to check: http://www.java.com/en/download/testjava.jsp
How: To manually install and update your version of Java, please download the applicable update below. (Note to Windows 7 users: If you’re unsure which version to download, you can check by going to Start > right click on Computer > Properties > look at “System type”)
Windows 7, 64-bit: http://144.92.64.228/sw/win/jre-7u11-windows-x64.exe
Windows XP and Windows 7, 32-bit: http://144.92.64.228/sw/win/jre-7u11-windows-i586.exe
Mac OS X 10.7.3 and above: http://144.92.64.228/sw/mac/jre-7u11-macosx-x64.dmg (note: OS X 10.6 and earlier do not need updating as Java 7 does not run on earlier versions).
Once downloaded, run and install accepting all defaults except do not allow or agree to any installations of toolbars, third-party software, web browsers, etc.
There may be more to come on this. |
   |
 |
2013-01-04 EMM Certificate Update Affecting iOS Devices |
|
   |
TO: All Customers With iPhone/iPad Devices Linked to USDA Mailboxes
We’ve received word that at 9pm CT on Friday, Jan 4th, the department will be updating a security certificate on the McAfee Enterprise Mobility Management system. This system allows your Apple mobile device to synchronize with your mailbox.
This change will require you to take action on your mobile device in order to maintain service after the update.
Please review the attached document which describes the steps that you must take after the update occurs to allow your device to continue syncing with your mailbox. If you do not follow the directions attached, you will not be able to send and receive mail from your device until it is re-enrolled in the system. The steps for re-enrollment are also included in the attached document.
If you have any questions about this upcoming change, please contact your local IT staff or the ARS Help Desk at helpdesk@ars.usda.gov. |
   |
 |
2012-05-21 DFRC scheduled power outage - May 24th |
|
   |
DFRC has a scheduled power outage on Thursday, May 24th starting at 6:00pm. The outage could last 2 hours and requires a shutdown of some servers and network equipment in the building. In preparation for this, we will begin shutting down services starting at 3:00pm Thursday afternoon.
Please make sure you shut down your lab computers, office computers, and equipment before you leave Thursday. Please do so in this order:
- Shutdown computers
- Turn off other devices such as printers, monitors, external hard drives, lab equipment, etc
- Turn off UPS battery backups attached to computers/equipment (if applicable)
The following services may be unavailable starting Thursday around 3:00pm through the duration of the power outage:
File servers (Public drive/Dropbox, lab drives, user drives, scan drives, etc)
Location intranet site
DFRC website/email
Daisy repository
Admin file servers
Admin VPN
FileMaker databases
DairyComp
SysAid
RefMan/Endnote server
Licensing services (ArcGIS, DNAstar Lasergene, Prism, Creo, Aligner)
VMware virtual remote desktops
CLC genomics server and client workstation
Zimbra calendars
All blog websites
Remote FTP server access
Once power has been restored to the building, network access will be restored first followed by servers. If everything goes well, all services will be restored Thursday night. |
   |
 |
2012-05-16 DFRC scheduled power outage - May 19th |
|
   |
DFRC has a scheduled power outage on Saturday, May 19th starting at 8:00am. The outage could last 3-6 hours and requires a shutdown of some servers and network equipment in the building. In preparation for this, we will begin shutting down services starting at 5:00pm Friday evening.
Please make sure you shut down your lab computers, office computers, and equipment before you leave Friday. Please do so in this order:
- Shutdown computers
- Turn off other devices such as printers, monitors, external hard drives, lab equipment, etc
- Turn off UPS battery backups attached to computers/equipment (if applicable)
The following services may be unavailable starting Friday night around 5:00pm through the duration of the power outage:
File servers (Public drive/Dropbox, lab drives, user drives, scan drives, etc)
Location intranet site
DFRC website/email
Daisy repository
Admin file servers
Admin VPN
FileMaker databases
DairyComp
SysAid
RefMan/Endnote server
Licensing services (ArcGIS, DNAstar Lasergene, Prism, Creo, Aligner)
VMware virtual remote desktops
CLC genomics server and client workstation
Zimbra calendars
All blog websites
Remote FTP server access
Once power has been restored to the building, network access will be restored first followed by servers. If everything goes well, all services will be restored Saturday afternoon. |
   |
 |
2012-05-09 DFRC scheduled power outage - May 10th |
|
   |
DFRC has a scheduled power outage on Thursday, May 10th starting at 6:00pm. This power outage requires a shutdown of some servers and network equipment in the building. In preparation for this, we will begin shutting down services starting at 2:00pm Thursday afternoon. Once everything is down, you will not have network access or remote access to the services below for the duration of the outage.
Please make sure you shut down your lab computers, office computers, and equipment before you leave Thursday. Please do so in this order:
- Shutdown computers
- Turn off other devices such as printers, monitors, external hard drives, lab equipment, etc
- Turn off UPS battery backups attached to computers/equipment (if applicable)
The following services will be unavailable starting Friday night around 5:00 pm through the duration of the power outage:
File servers (Public drive/Dropbox, lab drives, user drives, scan drives, etc)
Location intranet site
DFRC website/email
Daisy repository
Admin file servers
Admin VPN
FileMaker databases
DairyComp
SysAid
RefMan/Endnote server
Licensing services (ArcGIS, DNAstar Lasergene, Prism, Creo, Aligner)
VMware virtual remote desktops
CLC genomics server and client workstation
Zimbra calendars
All blog websites
Remote FTP server access
Once power has been restored to the building, network access will be restored first followed by servers. If everything goes well, all services will be restored Friday morning.
Once you get into the office following the outage, turn on your UPS (if you have one) and wait at least one minute, then turn on computer, monitor and other devices. If you have any questions, please let me know. |
   |
 |
2012-05-04 DFRC scheduled power outage - May 5th |
|
   |
DFRC has a scheduled power outage on Saturday, May 5th. This power outage requires a shutdown of servers and network equipment in the building. In preparation for this, we will begin shutting down services starting at 5:00 pm on Friday evening (May 4th). Once everything is down, you will not have network access or remote access to any of the services below for the duration of the outage.
Please make sure you shutdown your lab computers, office computers, and equipment before you leave Friday. Please do so in this order:
- Shutdown computers
- Turn off other devices such as printers, monitors, external hard drives, lab equipment, etc
- Turn off UPS battery backups attached to computers/equipment (if applicable)
The following services will be unavailable starting Friday night around 5:00 pm through the duration of the power outage:
File servers (Public drive/Dropbox, lab drives, user drives, etc)
Location intranet site
DFRC website/email
Daisy repository
Admin file servers
Admin VPN
FileMaker databases
DairyComp
SysAid
RefMan/Endnote server
Licensing services (ArcGIS, DNAstar Lasergene, Prism, Creo, Aligner)
VMware virtual remote desktops
CLC genomics server and client workstation
Zimbra calendars
All blog websites
Remote FTP server access
Once power has been restored to the building on Saturday, network access will be restored first followed by the servers. If everything goes well, all services will be restored Saturday evening sometime.
Once you get into the office following the outage, turn on your UPS (if you have one) and wait at least one minute, then turn on computer, monitor and other devices. If you have any questions, please let me know. |
   |
 |
2012-03-23 Critical Microsoft patch MS12-020 |
|
   |
Microsoft has released a patch to address a critical vulnerability (MS12-020) in Windows’ Remote Desktop Protocol. This vulnerability applies to all versions of Windows. Please run Microsoft/Windows updates (http://update.microsoft.com/microsoftupdate/) as soon as possible. This includes Mac users with Windows running as a virtual machine (VMware View, Fusion, or Parallels). Again, if you’re on PatchLink, you will receive this update automatically between this afternoon and Monday.
--------------
One of the March Microsoft security bulletins issued last week, MS12-020 is a “Critical” patch to correct a vulnerability in Windows’ Remote Desktop Protocol (RDP). MS12-020 should to be patched immediately, as proof-of-concept exploit has been discovered online and a known exploit has now been released in the wild to be used against vulnerable systems.
Since Remote Desktop is a significant component of ARS’ current telework environment, it is critical that MS12-020 gets deployed to all devices supporting the patch, both workstation and server alike. Please include infrequently used computers (laptops, netbooks, Government-furnished telework computers, etc) as well. They should be turned on and updated through your normal enterprise means as soon as possible.
Ideally, personally owned equipment has already received this and all other critical updates through use of the Automatic Updates feature provided by Microsoft.
The following information was provided by SANS:
--Microsoft Patches Critical Remote Desktop Protocol Flaw (March 13 & 14, 2012) Microsoft is urging users to apply a fix released Tuesday, March 13, for a critical vulnerability in the Remote Desktop Protocol (RDP). Microsoft says hackers are likely to release an exploit for the flaw within the next month. In all, Microsoft patched seven vulnerabilities in its monthly security update.
http://www.infoworld.com/t/windows-security/microsoft-urges-firms-focus-severe-rdp-flaw-188693
http://www.computerworld.com/s/article/9225160/Experts_sound_worm_alarm_for_critical_Windows_bug?taxonomyId=85
http://krebsonsecurity.com/2012/03/rdp-flaws-lead-microsofts-march-patch-batch/
http://www.h-online.com/security/news/item/Microsoft-closes-critical-RDP-hole-in-Windows-1471581.html
http://www.darkreading.com/vulnerability-management/167901026/security/application-security/232602627/microsoft-flaw-demonstrates-dangers-of-remote-desktop-access.html
UPDATE: ISC infocon went yellow over the release of exploit code.
https://isc.sans.edu/diary/INFOCON+Yellow+-+Microsoft+RDP+-+MS12-020/12805 |
   |
 |
2011-10-12 Intermittent Global Blackberry Outage |
|
   |
Please be aware that there is a widespread outage occurring globally related to Blackberry devices so you may not be able to rely on Blackberry communications as you are accustomed to doing. Personally, my Blackberry service has been intermittent all day today. This has caused a major battery drain as well as communication disruptions. More info is below to give you details about the situation:
From CNET:
“BlackBerry subscribers throughout the world continued to experience disruptions in service for a third consecutive day as problems with Research In Motion's equipment in its data centers appears to now be affecting North American subscribers as well.
Customers using Research In Motion's BlackBerry smartphones in the U.S. and Canada are now also without access to e-mail and BlackBerry messaging in an outage that has already plagued subscribers in Europe, the Middle East, and Africa since Monday.
RIM said it has fixed the problem on Monday. But service disruption continued Tuesday with only spotty access to e-mail, BlackBerry Messenger, and Web. At first the problems only affected subscribers mainly in Europe, the Middle East, India, and Africa.
But the issues spread to other parts of the world including parts of South America. And this morning customers in the U.S. and Canada also began complaining of e-mails being delayed and sent in batches. One user in the Boston area said he began seeing e-mail delays early this morning. And when batches of e-mail arrived, they were about three hours old.
Earlier RIM blamed the disruption to service that affected Europe, the Mideast, India, Latin America, and Africa on a failed switch and backup. The company said the problem had been fixed. But it also added that it might take some time to work through the backlog of data, which had not yet been sent to subscribers' devices. E-mail started to trickle in for some users late yesterday.
"Although the system is designed to failover to a backup switch, the failover did not function as previously tested," the company explained in a statement on Tuesday. "As a result, a large backlog of data was generated and we are now working to clear that backlog and restore normal service as quickly as possible. We apologize for any inconvenience and we will continue to keep you informed."
It's not yet clear whether the issues plaguing customers overseas are what is also affecting service in North America. RIM has acknowledged that there is a problem with its service in the U.S. and Canada. But it didn't provide specific information. "BlackBerry subscribers in the Americas may be experiencing intermittent service delays this morning," the company said. "We are working to resolve the situation as quickly as possible and we apologize to our customers for any inconvenience. We will provide a further update as soon as more information is available." BlackBerry users in Canada and parts of Central and South America also suffered service disruption last month, when RIM's e-mail and messenger services were down.
RIM's BlackBerry network architecture is its strength as well as its biggest weakness. Unlike other smartphone platforms, RIM routes all e-mail and messaging traffic through its BlackBerry servers in network operation centers throughout the world. This centralized architecture for the service means that additional encryption and security can be added to the messages that traverse the network. And for many corporate customers, this added security is the main reason they use the service. But the architecture also means there are single points of failure throughout the network. This means that when there is a major infrastructure disruption, it can affect entire regions of service, potentially knocking out service for tens of millions of customers. By contrast competing smartphones, such as the iPhone and Google Android devices, do not suffer from the same types of outages because there is no single point of failure in the network.” |
   |
 |
2011-07-22 LincPass cards |
|
   |
USDA has enabled e-Authentication (e-Auth) with the ability to login to the web portal using your LincPass card. You may already be familiar with some of the e-Auth applications, such as WebTA, myEPP, e-OPF, AgLearn, FMMI, and GovTrip. You can now access those applications with your LincPass card, your PIN and a card reader. If you do not yet have an active LincPass card, you can continue using your regular e-Auth ID and password to access the applications.
Make sure that your LincPass card is activated. By now, you should have a card, be enrolled and know your secret Personal Identification Number (PIN). Your LincPass PIN should be protected like your banking ATM PIN. The LincPass PIN will never expire, so make sure you remember it. If you have forgotten your PIN or need a LincPass card, contact your Area Location LincPass Sponsor. Go to www.afm.ars.usda.gov/lincpass/ and open the “Area LincPass Sponsor and Security Officer” document to find your LincPass sponsor.
Visit www.afm.ars.usda.gov/lincpass/ for a quick overview on what you need to start using your LincPass card. You will find several useful documents there, but start with the “Ready, Set, Go LincPass” document. A link to USDA’s Frequently Asked Questions (FAQs) is also included.
Next, ensure that your computer has the ability to read a LincPass card. Some computers have a card reader built into the keyboard like the one pictured below. Look for a slot that may accept your LincPass card or ask your local IT specialist for assistance.

If your computer does not have a card reader or if you need a portable card reader for your laptop, a USB card reader, like the one pictured below, can be supplied and plugged into your computer’s USB port. Please contact your local help desk to have one installed.

When you are ready to use an e-Auth application, do the following steps:
1. Insert your LincPass card in your card reader
2. Start up your web browser
3. Click on the e-Auth application you want to use
4. Read the login banner and click on “I Agree”
5. Click on the “Login with my LincPass” button
6. You will be presented with a “Confirm Certificate” box. Click OK
7. At the next box, enter your secret PIN. Click OK
8. Start using your application
Future Functionality: Access to ARS’s email and IAS
Please note that we are developing a technological solution to enable remote access to ARS’s email with your LincPass card, but it is not yet available for the Beltsville Area Office and those outside of the National Capital Region Area. Only the employees at the George Washington Carver Center, South Building, Portals, Whitten Building and at the National Agricultural Library can access ARSnet email directly with their LincPass card. Also, USDA’s Integrated Acquisition System (IAS) will soon be accessible through e-Auth. Rather than having to remember a complex password, all you would need is your PIN. As more applications are added to e-Auth, you should start using your LincPass cards to ensure your LincPass card works and to become familiar with the log-in process.
If you have any questions about your LincPass cards, please contact your local LincPass sponsor.
If you have any questions regarding card readers, please contact your local ARS Help Desk. |
   |
 |
2011-04-29 Upcoming Email Spam/Virus Filtering Change |
|
   |
In mid-December, ARS transitioned our incoming message scanning from the previous MessageScreen system to the USDA IronMail service. This action was taken as a required, preliminary step for the upcoming migration to the new USDA Enterprise Messaging System – Cloud Service (EMS-CS). Based upon your feedback, we have found that the IronMail system has been unable to meet the business needs of ARS.
Beginning at 8pm ET on Monday, May 2nd, OCIO staff will begin rerouting inbound mail so that it will again be filtered by the MessageScreen gateways. When completed Monday evening, IronMail will no longer filter incoming email for ARS.
For customers who still have the MessageScreen plug-in installed in their Outlook client, they will be able to again access their quarantined mail with no changes. For customers who no longer have the MessageScreen plug-in or are using Entourage, they may access their quarantines by using the URL https://messagescreen1.ars.usda.gov and entering their email address and their ARSnet password.
This change is not expected to result in any email delays for inbound messages and no messages will be lost in the transition. There are changes which you should be aware of.
- ZIP and other Compressed Formats – Compressed file formats such as ZIP, ARC, RAR will not be directly delivered to your mailbox. Instead, the attachment will be quarantined by MessageScreen and may be downloaded by clicking the link added to the message.
- Higher Incoming Size Limit – The limit for incoming attachments will return to 100MB vice 50MB. (Attachments larger than 10MB will be parked on the MessageScreen gateway but can be downloaded by clicking the link added to the message. Incoming attachments exceeding 100MB in size will be returned to the sender as undeliverable.
- User Quarantine Access – You will again have access to quarantined mail by either using the MessageScreen plug-in or visiting https://messagescreen1.ars.usda.gov
- Personal Trusted/Blocked Senders Lists – The Personal Trusted/Blocked Senders lists which you had in place prior to the switch to IronMail will remain in place and active for your account.
If you have any questions about this change, please contact your location IT Staff, Area IT Staff or helpdesk@ars.usda.gov. |
   |
 |
2011-04-27 George Washington Carver Center (GWCC) Power Outage - Saturday, April 30th |
|
   |
The General Services Administration (GSA) has scheduled a power outage and electrical maintenance for the George Washington Carver Center (GWCC) on Saturday, April 30th. This power outage requires the shutdown of the GWCC computer room.
The maintenance window will begin at 6am ET Saturday, April 30th and services will be restored by 11pm ET, barring any unforeseen circumstances. During this time Exchange, ARIS, SharePoint, VPN, eVault, eForms, REE Directory, and all ARS websites will be unavailable. The HQ, BA, NAA, SAA will not have Internet service.
HQ staff will not be permitted access to GWCC during the outage.
If you have questions regarding this schedule, please contact the ARS Service Desk at 1-866-802-4877.
Thank you,
ARS/OCIO
Customer & Technical Services Branch |
   |
 |
2010-10-08 FY11 Annual Security Awareness Training - Due January 31, 2011 |
|
   |
The Federal Information Security Management Act (FISMA) and the Office of Management and Budget (OMB) Circular A‑130 require Federal agencies to provide annual security awareness and rules of behavior training to all employees, contractors, and students.
This year’s training, “FY2011 USDA Information Security Awareness and Rules of Behavior”, is now available in all employees’ AgLearn learning plans. The link to access this training is: http://www.aglearn.usda.gov.
All ARS employees, contractors, and students are to complete this training by January 31, 2011. Failure to comply with this requirement will result in the loss of network access. Though it is not necessary to print a certificate because it is recorded in AgLearn. If you would like a certificate of completion, you must go to your learning history to print it. For any technical assistance required, please contact your local IT Helpdesk.

|
   |
 |
2010-10-04 ARSnet Password Self-Reset |
|
   |
Please don’t forget to sign up for the ARSnet password self-reset option. You must enroll yourself in order to take advantage of the service.
Website to enroll: https://reset.ars.usda.gov
Enrollment instructions on intranet: http://www.mlit.wisc.edu/software/passwords/arsnetreset.html
If you have any questions on this, please let me know.
From: ARS-MWA-ALL
Sent: Tuesday, September 07, 2010 8:26 AM
Subject: ARSNet Password Self-Reset
*************************************************
* The following message is being transmitted to you as a *
* service to all Midwest Area employees. *
* *
*** Please do not respond to this mailbox. Thank you. ***
*************************************************
ARS has implemented a self-service option for changing user passwords. This will work for ALL users.
It is a two-step process. First, you can either place a shortcut on your desktop named ARSnet Password Reset. The “location of the item” is https://reset.ars.usda.gov . Alternately, you can create a shortcut in Internet Explorer.
Second, you must enroll to use the service. Instructions for enrollment are attached.
This is a very straight-forward package, but I want to warn you that you must click in either the box for “Forgot Your Password?” or “Is Your Account Locked?” to make appropriate changes.
I you have questions, please contact your local IT contact or the MWAHelpDesk@ars.usda.gov . |
   |
 |
2010-10-01 October is National Cyber Security Awareness (NCSAM) month |
|
   |

About NCSAM 2010
Our Shared Responsibility
We lead Web-based, digital lives.
The Internet has become pervasive; we are online at home, school, work, and play. In addition to the traditional laptop or desktop computer, we now have many more gateways to the Internet. Mobile devices of all shapes and sizes connect us to increasingly complex and useful tools almost everywhere and at anytime. Even when we are not directly connected, the Internet supports our everyday lives through our financial transactions, transportation systems, power grids, emergency response systems and a constant flow of communication, to name a few. This reliance will only increase as digital technology becomes further entwined with how we live.
If we are to achieve the potential of a digital society for robust and widely available content, community, communication, commerce, and connectivity we must protect the resource that makes it possible.
The Internet is a shared resource and securing it is our shared responsibility.
Ultimately, our cyber infrastructure is only as strong as the weakest link. No individual, business, or government entity is solely responsible for securing the Internet. Everyone has a role to secure their part of cyberspace, including the computers, devices and networks they use. We all need to understand how our individual actions have a collective impact on cybersecurity and protecting the Internet.
Our Shared Responsibility means each of us must do our part. The actions we take may differ based on our personal and professional responsibilities. However, if each of us does our part—whether it’s implementing stronger security practices in our day-to-day online activities, making sure the right tools are in place, raising awareness in the community, educating young people or training employees—together we will be more resistant and resilient, protecting ourselves, our neighbors and our country.
About National Cyber Security Awareness Month
National Cyber Security Awareness Month (NCSAM), conducted every October since 2004, is a national public awareness campaign to encourage everyone to protect their computers and our nation’s critical cyber infrastructure.
Cyber security requires vigilance 365 days per year. However, the Department of Homeland Security (DHS), the National Cyber Security Alliance (NCSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), the primary drivers of NCSAM, coordinate to shed a brighter light in October on what home users, schools, businesses and governments need to do in order to protect their computers, children, and data.
What are you doing for National Cyber Security Awareness Month?
The success of National Cyber Security Awareness Month rests on all of us doing what we can do to engage those around us to be safe and secure online. There are opportunities for everyone, from home users and small businesses to major corporations and government entities, to get involved.
|
   |
 |
2010-08-04 Critical Microsoft Update |
|
   |
** If you are on PatchLink you will receive this update automatically **
Microsoft has released an update to address a critical vulnerability in all versions of Windows. Please run Microsoft/Windows updates (http://update.microsoft.com/microsoftupdate/) asap or at the very least, go to the following site and download the applicable patch: http://www.microsoft.com/technet/security/bulletin/MS10-046.mspx. This includes Mac users with Windows running as a virtual machine (Fusion or Parallels). Again, if you’re on PatchLink, you will receive this update automatically sometime today.
Details from Microsoft (http://www.microsoft.com/technet/security/bulletin/MS10-046.mspx):
This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Windows. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses the vulnerability by correcting validation of shortcut icon references. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.
This security update addresses the vulnerability first described in Microsoft Security Advisory 2286198. |
   |
 |
2010-07-06 Phishing Alert: USDA Cyber Incident Scam |
|
   |
From: Miller, Andrea
Sent: Tuesday, July 06, 2010 11:28 AM
To: ARS-MWA-3601-ALL
Cc: ARS-MWA-ITCONTACTS-ALL; ARS-MWA-AO-ALL
Subject: FW: Phishing Alert: USDA Cyber Incident Scam
Importance: High
Please take note that a particularly well-crafted email phishing attack has been blocked within ARS. If you receive an email and have ANY questions regarding its validity, please do not Reply To or click on any of the links in the email. Rather, forward it to mwahelpdesk@ars.usda.gov and we can verify its validity.
Thank you,
Andrea
From: Butler, Rob
Sent: Tuesday, July 06, 2010 11:23 AM
To: ARS-HQ-OCIO-CTSB-All; ARS-IT Specialists-All
Subject: Phishing Alert: USDA Cyber Incident Scam
Importance: High
All,
Please be aware of an unusually well-crafted phishing attack which has been seen today. Note that the From: address is a Gmail account and the actual URL in the “EAuth” hyperlink directs the user to http://www.eauthgov.com/change.php?id=4IN8W86LBXY8P3YH7B2S.
The ARS MessageScreen filters have been adjusted and further copies of this particular message will now be blocked.
Please let me know if you have any questions. Any users that may have fallen for this scam should immediately change their eAuth passwords and Cybersecurity should be notified.
Thanks,
Rob
From: USDA Security Operations Center [mailto:cyber.incidents@gmail.com]
Sent: Tuesday, July 06, 2010 10:50 AM
To: Popham, Holly
Subject: ASOC00000001372 : USDA-ARS - Improper Usage: eAuthentication
USDA Cyber Incident; ASOC00000001372 has been created for your Agency. Available details and information are listed below.
Incident No.: ASOC00000001372 Incident Date/Time Reported: 7/05/2010 1:59:16 PM
For security reasons your eAuthentication account has been locked due to multiple failed login attempts.
Please visit http://www.eauth.egov.usda.gov/ to reset your password.
NOTES: Required Action: Complete the password reset form at the URL above within 24 hours.
The ASOC Incident Number should be retained for reference purposes and contained in the subject line for all email communications sent to the ASOC. Please send all questions, updates, information or reports about this to Cyber.incidents@ocio.usda.gov
To report an incident or inquire about an incident or event: call 1-866-905-6890 or email Cyber.incidents@ocio.usda.gov 24 hours a day.
Yours sincerely,
ASOC |
   |
 |
2010-06-11 GovTrip 2.0 Travel System Application Upgrade June 12, 2010 |
|
   |
From: Announcement@newsbox.usda.gov [mailto:Announcement@newsbox.usda.gov] On Behalf Of GOVTRIP
Sent: Thursday, June 10, 2010 8:36 PM
To: ANNOUNCEMENT@newsbox.usda.gov
Subject: GovTrip 2.0 Travel System Application Upgrade June 12, 2010
The GovTrip 2.0 Travel System Application upgrade is scheduled to take place for USDA on June 12, 2010. The Govtrip Production application will be unavailable from 6:00amEDT to 12:00pmEDT on June 12, 2010 to implement this system upgrade.
The GovTrip Travel System is the Web based system which USDA travelers currently use to Authorize, Book and Voucher for Temporary Duty Travel to conduct official USDA business. Over the last year, user studies were conducted with federal travelers in the GovTrip community. These travelers and preparers guided the development of the GovTrip 2.0 project, with additional feedback from the government travel administrators.
This GovTrip Upgrade modernizes the Web site’s “look and feel” in line with commercial Web sites making it more intuitive and easier to use. Streamlines, but makes no significant changes to current processes for: Planning travel, requesting and approving authorizations and vouchers, and obtaining system reports. It is designed to reduce/eliminate need for detailed training.
We hope you enjoy your experience with the New and Improved GovTrip Travel System. |
   |
 |
2010-05-10 ARIS updates |
|
   |
Systems affected: 
Software affected: 
On May 17th , a change will be made to the way you access your ARIS applications. You will no longer be using Jinitiator to access ARIS, but will be using Java instead. Since this is a change at the server level, all ARIS users must make this change. The change is relatively minor, but if you are using Windows 7 you may notice a quicker response from the system after the cutover. And, this process will work for Mac users. However, not all ARIS applications have been tested with the Mac.
What you need to do:
Before May 17th, use the following link to install Java. Instructions are attached for your convenience. Please note that you may experience minor differences depending on your PC configuration. In addition, you will need to close your browser during the install (the attached instructions include this step).
Java install link: https://arisapp.ars.usda.gov/jinit/JRE.exe
After May 16th, you will not be able to access ARIS without doing the install.
If you have problems with the installation contact your local IT Specialist or email us at aris@ars.usda.gov. |
   |
 |
2010-01-21 Internet Explorer update |
 |
  |
Systems affected: 
Software affected: 
Microsoft has released an update to address a critical vulnerability in all versions of Internet Explorer. Please run your Microsoft/Windows updates (http://update.microsoft.com/microsoftupdate/) asap or at the very least, go to the following site and download the applicable patch: http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx. This includes Mac users with Windows running in Fusion or Parallels.
Details from Microsoft (http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx):
This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported releases of Internet Explorer: Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, Internet Explorer 7, and Internet Explorer 8 (except Internet Explorer 6 for supported editions of Windows Server 2003). For Internet Explorer 6 for supported editions of Windows Server 2003 as listed, this update is rated Moderate. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles objects in memory, validates input parameters, and filters HTML attributes. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection under the next section, Vulnerability Information.
This security update also addresses the vulnerability first described in Microsoft Security Advisory 979352.
|
  |
 |
2010-01-14 Critical Adobe software updates |
 |
  |
Systems affected: 
Software affected: 
Adobe has released software updates to address critical vulnerabilities in Acrobat and Acrobat Reader versions 8 and 9 on Windows, Mac, and Unix computers. The vulnerability that has been exploited can allow an attacker to take control of a system and was recently used in attacks on more than 30 US organizations.
For those of you on PatchLink, the software updates will be installed on your computer automatically. For everyone else, please make sure you run Adobe updates or download and install the updates manually using the following links:
Adobe Reader (Windows, Mac, Unix): http://get.adobe.com/reader
Acrobat Standard and Pro (Windows): http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
Acrobat Pro Extended (Windows): http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows
Acrobat Pro (Mac): http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh
For detailed information, please visit: http://www.adobe.com/support/security/bulletins/apsb10-02.html
Further prevention measures:
Disable JavaScript in Adobe Reader and Acrobat
Disabling JavaScript may prevent some exploits. Acrobat JavaScript
can be disabled using the Preferences menu (Edit -> Preferences ->
JavaScript; un-check Enable Acrobat JavaScript).
Prevent Internet Explorer from automatically opening PDF documents
Disable the display of PDF documents in your web browser
Preventing PDF documents from opening inside your web browser will
partially mitigate this vulnerability. By applying this workaround,
you may also lessen the possibility of future vulnerabilities.
To prevent PDF documents from automatically being opened in a web
browser, do the following:
1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the preferences option.
4. Choose the Internet section.
5. Un-check the "Display PDF in browser" check box.
Do not access PDF documents from untrusted sources
Do not open unfamiliar or unexpected PDF documents, particularly
those hosted on websites or delivered as email attachments. |
  |
 |
2009-12-01 ARS email/internet update and undeliverables |
 |
  |
There are many problems with ARS email and internet activity. You are probably receiving undeliverable messages to anyone outside of ARS. This is due to firewall configuration problems in Fort Collins. Any messages you sent yesterday to outside of ARS will need to be resent once the problems have been resolved. Do not resend the messages now, as they will just be returned again.
There is no estimate of when the problems will be resolved. I will keep you informed as I receive information.
***Update***
ARS OCIO staff is troubleshooting a communications issue preventing the Colorado-based Blackberry users from being able to send and receive e-mail. This issue is ongoing with staff actively working to identify and resolve the problem. The following Areas are affected: MWA, MSA, NPA, and PWA.
In addition, mail sent from Colorado-based Exchange users to Internet recipients is not currently being delivered. The messages are being queued and will be delivered once communications have been restored. There are approximately 7,100 currently in the message queues.
Staff members are working on this issue as quickly as possible and hope that it will be resolved soon. Unfortunately, there is no estimate on when full services will be restored.
We apologize for the inconvenience.
Dave Chab, acting Deputy CIO
Office of the Chief Information Officer, ARS
phone: 301-504-1124
fax: 301-504-1139
email: dave.chab@ars.usda.gov |
  |
 |
2009-10-30 Fiscal Year (FY) 2010 Annual Security Awareness Training - Due January 31, 2010 |
 |
  |
The Federal Information Security Management Act and the Office of Management and Budget Circular A-130 require Federal agencies to provide annual security awareness and privacy basics training to all employees, contractors, and students.
This year’s training, “FY 2010 United States Department of Agriculture Information Security Awareness" and "Rules of Behavior,” was placed in all employees’ AgLearn learning plans on October 1, 2009. The link to access this training is: http://www.aglearn.usda.gov.
All ARS employees, contractors, and students are to complete this training by January 31, 2010. Failure to comply with this requirement will result in the loss of network access. In order to receive credit for this training both modules of the course must be completed. Though it is not necessary to print a certificate, if you want a certificate of completion, you must go to your learning history in order to print this. For any technical assistance required, please contact your local Information Technology Helpdesk. |
  |
 |
2009-10-13 Alert: Bogus "System Upgrade" Warnings |
 |
  |
Some of you have received the “System upgrade” message below. It is NOT legitimate. Please do not click on the link in the message. Delete the message and empty it from your trash.
New messages from this sender have now been blocked.
-----Original Message-----
From: System [mailto:System@ars.usda.gov]
Sent: Tuesday, October 13, 2009 6:49 AM
To: *****
Subject: Server upgrade warning
Attention!
On October 16, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour.
The changes will concern security, reliability and performance of mail service and the system as a whole.
For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure.
This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That's all.
http://updates.ars.usda.gov.secure.upd1.net/mail/id=7304410-kevin.temeyer@ars.usda.gov-patch81354.exe
Thank you in advance for your attention to this matter and sorry for possible inconveniences.
System Administrator |
  |
 |
2009-10-01 WebTA down October 5-7 |
 |
  |
From: Shelton, Carol
Sent: Thursday, October 01, 2009 7:19 AM
To: ARS-ALL
Subject: USDA WebTA
The USDA WebTA Production environment will be taken down on Monday, October 5, 2009, through Wednesday, October 7, 2009, to load the webTA 3.8.10 new release and perform the Fiscal Year 2010 roll/update of accounting codes. Please do not begin validating T&A’s in webTA for PP20 until after the environment is brought back up on October 7/8, 2009.
Thanks for your patience and continued support of webTA. |
  |
 |
2009-10-01 October is National Cyber Security Awareness month |
 |
  |

About National Cyber Security Awareness Month
National Cyber Security Awareness Month (NCSAM), conducted every October since 2001, is a national public awareness campaign to encourage everyone to protect their computers and our nation’s critical cyber infrastructure.
Cyber security requires vigilance 365 days per year. However, the Department of Homeland Security (DHS), the National Cyber Security Alliance (NCSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), the primary drivers of NCSAM, coordinate to shed a brighter light in October on what home users, schools, businesses and governments need to do in order to protect their computers, children, and data.
In 2008, National Cyber Security Awareness Month reached more than 29 million Americans through media, middle school and high school lesson plans, and partnerships with dozens of companies and associations. In addition, the President of the United States declared support for National Cyber Security Awareness Month, the U.S. Senate passed a resolution in support of the month, and 41 state governors signed proclamations recognizing the month.
Our Shared Responsibility
Our lives are becoming web-based.
As the Internet becomes pervasive, we are online from home, school, work, and in between on mobile devices. Even when we are not directly connected, our economy and much of the everyday infrastructure we rely on uses the Web.
Ultimately, our cyber infrastructure is only as strong as the weakest link. No individual, business, or government entity is solely responsible for cyber security. Everyone has a role and everyone needs to share the responsibility to secure their part of cyber space and the networks they use. The steps we take may differ based on what we do online and our responsibilities. However, everyone needs to understand how their individual actions have a collective impact on cyber security.
What are you doing for National Cyber Security Awareness Month?
The success of National Cyber Security Awareness Month rests on all of us doing what we can to engage in awareness activities. There are opportunities for everyone from home users to major corporations and government entities to get involved. |
  |
 |
2009-09-17 Blackberry Content Protection |
 |
  |
Blackberry Content Protection encryption will be installed on all Blackberry devices on Tuesday, September 22nd. We will be using the BES to remotely push this extra level of data encryption called “Content Protection” to your device. Your device must be powered on and the wireless service enabled for it to accept this modification. We do not anticipate any interruption in service and no other action is required. If the power or the wireless service is not enabled, the device will automatically accept the Content Protection when it is next enabled.
While we were testing Content Protection we noticed some changes that may interest you.
- When the device is locked, a small padlock should appear at the top of the screen. The appearance of the padlock is important because it indicates that Content Protection is working on your device. If the padlock does not appear by September 25, please notify the CTSB staff at helpdesk@ars.usda.gov.
- There is a slight delay when you lock and unlock your device.
- If the device is locked, the default settings will not allow address book information or caller ID to be displayed.
- To check or change the default address book setting, go to Options, Security Options, General Settings, scroll until you locate Content Protection, highlight “Include Address Book,” select your Menu button, and change setting to No. If these options are not available to you, you cannot check or change the default address book setting.”
- Of the devices tested, the Blackberry Storm was the only device that prompted for a restart. Your device may or may not prompt for a restart. Only when prompted, is it necessary to restart. As discussed in the first item, the eventual appearance of the padlock determines the success of the update. If the padlock does not appear please email helpdesk@ars.usda.gov, for assistance.
Should you require additional information, please contact the Service Desk at 866.802.4877. |
  |
 |
2009-07-07 Windows Laptop Encryption |
 |
  |
Systems affected: 
As required by OMB Memorandum 06-16, USDA has mandated all our department laptops to be encrypted with McAfee Endpoint Encryption (MEE). MEE provides full-disk encryption that protects data stored on a laptop. In the event that a laptop is lost or stolen, it is guaranteed to prevent the data from being accessed by an unauthorized person.
Encryption makes information unintelligible. Full disk encryption (which USDA and, therefore, ARS are implementing) makes it impossible to inadvertently store information in an unencrypted state. If you have a password on your unencrypted laptop and it is stolen, the most that a thief has to do to compromise your information is remove the hard drive and access it from another computer. With encryption, information cannot be compromised.
The deadline to deploy MEE is July 31st. Some of you already have the encryption installed. For the rest of you, Kevin or I will be contacting you to setup a date for the install.
Non-Windows based laptops will not be required to have encryption by this deadline. Encrypting Windows laptops is just the first of many phases in an effort to increase federal computer security. We appreciate your patience during this process.
For more information, please click here: http://www.mlit.wisc.edu/software/encryption
FAQ’s: http://www.mlit.wisc.edu/software/encryption/faq.html
If you have any questions, please let me know.
|
  |
 |
2009-05-04 CATS Unavailable today 12:00-12:30pm today |
 |
  |
Software affected: 
From: Nehring, Josh
Sent: Monday, May 04, 2009 11:24 AM
To: ARS-MWA-Madison-All
Subject: FW: CATS Unavailable today 12:00 - 12:30
FYI…CATS will be down from 12:00 – 12:30pm today.
From: ARIS
Sent: Monday, May 04, 2009 11:00 AM
Subject: CATS Unavailable
We are currently experiencing a problem with the CATS system.
CATS will be unavailable from 1:00pm EST – 1:30pm EST to fix the problem.
Please disseminate to your users.
Thank you for your patience.
ARIS Staff
ARIS@ARS.USDA.GOV |
  |
 |
2009-01-22 ARS email access through VPN |
 |
  |
Systems affected: 
Software affected: 
Attachments: ARSnet.pcf | Windows VPN Installation Instructions.pdf | Mac VPN Installation Instructions.pdf
From: Nehring, Josh
Sent: Thursday, January 22, 2009 3:25 PM
To: ARS-MWA-Madison-All
Subject: RE: ARS email access through VPN follow-up
For those connecting through the ARSnet VPN: You can now use local network drives and printers when connected to the VPN. Here’s how:
- Open Cisco VPN client
- highlight ARSnet
- click “Modify”
- click the “Transport” tab
- put a checkmark next to “Allow Local LAN Access” (see attached screenshot)
- click Save
Once you do this, you will no longer have to disconnect from ARSnet in order to access network devices. I have attached a new profile (arsnet.pcf) to automatically make this change for those who have not setup their VPN client yet.
From: Nehring, Josh
Sent: Wednesday, January 21, 2009 8:13 AM
To: ARS-MWA-Madison-All
Subject: RE: ARS email access through VPN follow-up
Some are having troubles with the ARSnet.pcf file. To make it easier, I have attached it in this email.
Also, you have another password to keep track of to login to vpn. These are not the same passwords as your email account. User ID is your ARS email address but the password I need to give you. Email me if you need this.
From: Nehring, Josh
Sent: Tuesday, January 20, 2009 8:18 PM
To: ARS-MWA-Madison-All
Subject: ARS email access through VPN
** If you currently have access to your ARS email through ARSnet, please ignore this message **
As promised, VPN accounts have finally been setup to allow email access through Outlook, Entourage, and Evolution. Please reference the links below on how to install and setup Cisco VPN on your computers. The licenses for the clients are good for home use as well.
Installation Instructions
PC: www.dfrc.ars.usda.gov/admin/software/win-vpninstall.pdf
Mac: www.dfrc.ars.usda.gov/admin/software/mac-vpninstall.pdf
File Downloads
PC: www.dfrc.ars.usda.gov/admin/software/latest-win-vpnclient-win-msi-5.0.04.0300-k9.zip
Mac: www.dfrc.ars.usda.gov/admin/software/latest-mac-vpnclient-darwin-4.9.01.0100-universal-k9.zip
ARSnet profile – www.dfrc.ars.usda.gov/admin/software/ARSnet.pcf - this will open as a bunch of text in your browser. Simply go to File > “Save As” or “Save page as” to save it as a pcf file. You will need this file at the end of the installation.
Note: When connected to ARSnet via Cisco VPN, you will not have access to local network drives and printers. To restore access to these network devices, please disconnect. If you have any questions or need any help with this, please let me know. |
  |
 |
2009-01-21 Entourage Reconfiguration |
 |
  |
Systems affected: 
Software affected: 
Attachments: Entourage Reconfiguration for ARSnet.pdf
From: Nehring, Josh
Sent: Wednesday, January 21, 2009 8:59 AM
To: ARS-MWA-Madison-All
Subject: Entourage reconfiguration
** If you do not use Entourage for ARS email, please ignore this message **
Mac Entourage users:
If you are having trouble accessing your ARS email after you went through the VPN installation, you will need to reconfigure your Exchange server address to: CO-Mail-02.arsnet.ars.usda.gov and uncheck “this DAV service requires a secure connection (SSL)”.
Please see attached document for detailed instructions.
Thanks,
Josh |
  |
 |
2009-01-15 Suspension of ARS E-Mail Systems |
 |
  |
Systems affected: 
Hopefully this will clear up many of the questions I am receiving:
- If you are not in Marshfield or Sturgeon Bay, your email will be affected by this outage.
- Your current email profile (inbox/folders/calendars/contacts, etc) will be unaffected by this outage.
- You will receive email that is sent to you during this outage when access is restored.
- In other words, you will not lose any email due to this outage.
- Email you receive in Outlook, Entourage or Evolution prior to the outage will be accessible during the outage if you need to read it. This is not possible for OWA users.
- HQ does not know when access to the email system will be restored…all they know is that it will be going down at 10:00 pm (CT)
From: Nehring, Josh
Sent: Thursday, January 15, 2009 3:26 PM
To: ARS-MWA-Madison-All
Subject: FW: URGENT: Suspension of Outlook Web Access and Other Web-based E-Mail Systems
Importance: High
The email outage noted below indicates that only Outlook Web Access (OWA) users will be affected by the outage. However, this will affect Outlook, Entourage, Evolution and OWA users in the entire Madison location, not just OWA. Marshfield and Sturgeon Bay will only have an OWA outage. Everyone else in the Madison location will be out of email through the duration of the outage.
Starting at 10:00 pm tonight, here is what will be down:
Marshfield and Sturgeon Bay - OWA email only
Everyone else - All email
No estimated time of availability has been set. If you have any questions, please let me know. I will follow-up regarding the outage when everything is restored.
Thanks,
Josh
From: McClanahan, Melinda
Sent: Thursday, January 15, 2009 2:39 PM
To: ARS-ALL
Subject: URGENT: Suspension of Outlook Web Access and Other Web-based E-Mail Systems
Importance: High
A severe cybersecurity threat has been identified that requires the U.S. Department of Agriculture and all USDA agencies to immediately shut down the Outlook Web Access (OWA) application. OWA is the application that ARS uses to access email from off-site locations through personal computers, laptops, Treos, and other PDA devices by using https://mail.ars.usda.gov.
USDA CIO Charles R. Christopherson, Jr. issued a memorandum on January 14, 2009 entitled “Suspension of Outlook Web Access and Other Web-based E-Mail Systems.” To comply with this mandate, ARS OCIO will disable the OWA application for all ARS mailboxes at 11:00 pm Eastern Standard Time today, Thursday, January 15, 2009. Only web-based access to email through https://mail.ars.usda.gov will be disabled. You will continue to have normal access to your email from your office desktops/laptops and Blackberry devices.
I regret this significant inconvenience to you and the Agency. However, this action is of the utmost importance to protect the integrity of USDA computer systems and to allow USDA to continue to conduct business electronically with other federal agencies. I assure you that my office is looking for alternative ways to access email remotely, and I will keep you informed on progress.
If you have any questions, please contact Douglas Page, Chief Technical Officer at douglas.page@ars.usda.gov (301-504-5662) or Bob Fletcher, Deputy CIO at bob.fletcher@ars.usda.gov (301-504-1132). |
  |
|