Weekly updates from IT on things we're doing to help all of Mozilla keep the web a global public resource, open and accessible to all!
- Mozilla’s Infosec department is sponsoring the 7th annual BSides Portland event this Friday and Saturday at the Portland Convention Center. Andrew Krug will be offering an encore presentation of his BlackHat talk on hacking serverless runtimes, and Mozilla has provided a reference architecture for Kubernetes to power the Capture the Flag Contest as part of our bug bounty program.
- Researchers have discovered a flaw in WPA2, a common Wifi encryption protocol. If you use WPA2 on your laptop, device, or access point, you are likely exposed. We use Aruba Wifi access points in our offices, and a patch will be deployed shortly- look for communications from the MOC about any office downtime. Your mobile devices are particularly vulnerable- you may want to use 4G instead of Wifi when you have a choice.
- Infosec will be rolling out more alerts to the SSO Dashboard this week. In addition to existing alerts for out of date software we will add alerts for security anomalies we may notice about your @mozilla.com account.
- IT began build out of a new data center space two weeks ago for the hosting of Firefox build and test resources that are not fit for the cloud. This space will also begin to give us geographical redundancy for these resources. While migration work will continue throughout the next 12 months, this initial move is a major milestone!
- Starting two weeks ago, all incidents and requests through ServiceNow (The Hub) will generate a brief 3 question survey (https://mozilla.service-now.com). Please take the time to give us feedback on the Customer Experience in order for us to continue to improve.
- Mozilla has completed our transition away from Okta. If you were previously using Okta to access Workday or other apps, you should now be accessing through Auth0. You can reach the most active secured apps through https://sso.mozilla.com.
- Over the weekend, the dial-in access for the teleconferencing systems moved from our old Asterisk system to Jive. The extension numbers and prompts have changed. Vidyo is on extension 2000 and no longer needs the extra 9 added at the beginning of the conference room numbers. The basic audio-only conferencing is now on extension 4000. Please use 2000 or 4000 as appropriate for the password on the 800# instead of 369 (if you dial 369 it'll give you instructions though). If you see any dial-in instructions which need updating, please update them or contact the organizer and remind them to. HUGE shout-out to Andy Kochendorfer from AVOps for providing his voice for the new prompts.
- IT is initiating a proof-of-concept for the new Vidyo Cloud solution, as a separate instance. Those interested should be part of relatively insular group that can regularly use the NEO client. If interested, please join the #vidyocloudpocrequest Slack channel.
- The site intranet.mozilla.org will be shut down on September 29th at 5pm PST. We've identified several Mana pages that have links to intranet.mozilla.org. To view the list, please visit the Slack channel #intranet-shutdown or if you have any questions, contact @jojo on Slack
- Interested in DevOps? Jon the DevOps cohort! Open to all community- staff and volunteers. Join the #devops channel on Slack, get more info on Mana at https://mana.mozilla.org/wiki/display/DO/DevOps+Cohort, or email email@example.com to join. Next meeting is Friday, October 6!
(below are info items that won't be read in the Project meeting due to time)
- Starting last week, all incidents and requests through ServiceNow (The Hub) will generate a brief 3 question survey (https://mozilla.service-now.com). Please take the time to give us feedback on the Customer Experience in order for us to continue to improve.
- End User Services is discontinuing the use of Kaspersky Endpoint Security 10 for Windows 10 laptops. Instead Windows users will now use Microsoft Windows Defender, the built-in antivirus solution. Malware and virus protection is a constantly evolving field. In the past, dedicated products provided the best defense against malicious files. However, Microsoft’s built-in service has matured over time to be a competitive/formidable antivirus product.
- The MinIT now has a wiki! You're reading it here
- The YVR City-of-Glass office now has a spiffy new Commons and upgraded large conference rooms to further improve their AV experience.
- A first user-specific security alert landed in the SSO Dashboard: The dashboard tells you if your Firefox is out of date. More to come! https://sso.mozilla.com
- (Staff only, on Mana) Traveling? Check out https://mana.mozilla.org/wiki/display/SECURITY/Security+Precautions+when+traveling We have special procedures for high risk countries. This can happen to YOU! https://twitter.com/thegrugq/status/629364323933134848