Information Security has detected numerous infections by the adware program Superfish.
Adware is typically not as dangerous as password stealers or other types of infections, however, this program has been paired with a Man-In-The-Middle SSL Certificate originally found on Lenovo laptops sold in fall of 2014.
This certificate, when installed as a trusted certificate, shows any web-site's certificate as valid, whether fake or not, essentially breaking the trust model for SSL.
Information Security will start notifying end-users and IT Workers of machines running Superfish. Users can check to see if they have the malicious certificate installed by visiting this page:
- https://filippo.io/Badfish/
If the site alerts you to the malicious certificate, removal instructions can be found here:
- https://filippo.io/Badfish/removing.html
It appears other companies may be guilty of the same behavior. More info can be found in the following links:
- http://arstechnica.com/security/2015/02/security-software-found-using-superfish-style-code-as-attacks-get-simpler/
- http://www.zdnet.com/article/lenovos-superfish-its-worse-than-we-thought/
- http://arstechnica.com/security/2015/02/superfish-doubles-down-says-https-busting-adware-poses-no-security-risk/
- https://www.google.com/search?q=superfish
This Alert displays the latest status for most Enterprise Reporting data and reports.
| Warehouses and Data | Last Updated |
|---|---|
| Finance Data Warehouse | 02/26/2015 at 10:30 p.m. |
| Human Resources Data Warehouse | 02/26/2015 at 9:30 p.m. |
| Student Financials Warehouse | 02/26/2015 at 7:00 p.m. |
| Financial Information Tool (FIT) Cubes | 02/26/2015 at 10:30 p.m. |
| Delivered Reports | Available Periods |
| Bi-weekly Cost Distribution Detail (PDF and XLS) | 02/16/2015 |
| Preliminary Paylist | 02/26/2015 |
| Final Paylist | 02/12/2015 |
| Salary Status Detail Cost Projections (Except funds 201 and 209) | 02/27/2015 through 06/30/2015* |
| Salary Status Detail Cost Projections (Funds 201 and 209) | 02/27/2015 through grant end dates* |
*Assuming you are assigned the appropriate security roles to do so, you may sign-on to myUFL and use the following navigation paths as required.
Projected Payroll – UF Projected Payroll>UF Projected Payroll.
Distributions – Setup HRMS>Product Related>Commitment Accounting>Budget Information>Department Budget Table USA.
Please contact the UF Help Desk at 392-HELP or helpdesk@ufl.edu if there are any issues with the reports.
myUFL - Enterprise Reporting - Monthly Financial Reports for January 2015 Now Available
2/7/2015 12:02pm Routine| Enterprise Reporting Link | Available Versions |
|---|---|
| Department Reports | October 2005 - January 2015 |
| Fund Reports | October 2005 - January 2015 |
| Sponsored Programs Reports* | February 2006 - January 2015 |
| Residual/Overhead Projects | December 2005 - January 2015 |
| Construction Project Reports | May 2006 - January 2015 |
* The PI Summary Reports were first made available in July 2006.
Please contact the UF Help Desk at 392-HELP or helpdesk@ufl.edu if there are any issues with the reports.
