The SAS

"SAS" stands for many different things. In this case, SAS stands for Student Accessibility Services at the University of Alberta. (Yes, as of this writing, their URL is still “SSDS,” reflecting their former name, Specialized Support and Disability Services. Maybe they’ll update it.) If you’ve never heard of SAS, it’s probably because you don’t require their services, and this post is not for you. If you want to know more, check out their website.

This post has been written for students in my classes who write their exams under SAS supervision. Specifically, it’s to explain some gaps in SAS’s procedures, and how we can work together to ensure that exams run as smoothly as possible for you, for me, and for the rest of the students in the class.

First, give me your letter. You know the one. The Letter of Accommodation. This introduces you to me, and lets me know that you would like to write your exams with SAS. You can give me the hardcopy or send a PDF, but you must give me the letter--as soon as possible, if not sooner. I've had students write exams at SAS without giving me the letter. This is not good. The letter does not tell me what to do. Rather, the letter is your way of asking me if I will permit you to write your exams at SAS. (From SAS: "Without the letter, the professor can refuse to accommodate the student.") After scolding a student about not giving me the letter sooner, they told me "I'm writing the exam at SAS because of my ADHD, and my not giving you the letter is a manifestation of that disorder." Don't be that person. Don't make excuses. Take responsibility for yourself.

I send my exams to SAS via their secure website, called Clockwork. (I believe I was the first instructor ever to email them exams in PDF format over 15 years ago to help accommodate a vision-impaired student.) After exams are written, I ask that they are returned by the student in a sealed envelope to the Department of Psychology General Office, BS P-217, which is in the Psychology wing of the Biological Sciences Centre. (Here’s a map. Click on the Biological Sciences Centre and you can choose Interior Maps to see the exact location of the office.) The person receiving the exam at the General Office will sign a receipt slip. Do not lose this; it’s proof that you returned your exam. It is extremely important in cases of lost (er, misplaced) exams.

When returning your exam, please note that the hours of the Psychology General Office are a bit different from other administrative offices on campus. They are open from 8:00 a.m. to 12:00 p.m. and 1:00 p.m. to 4:00 p.m. every business day, year-round. If you finish your exam at SAS at 11:59 a.m., well, don’t bother running to drop it off--you’ll have to wait until the office reopens after lunch.

What if you finish your exam, but there’s not enough time to return it that day? Say you finish at 3:55. There’s no way to make it to the office by 4:00. In that case, my instructions are for you to return the exam as soon as possible the next business day. (I don’t know if SAS allows you to keep the sealed exam in your possession overnight; check with them on that.)

It’s very important for me to get your exam back as soon as possible for a couple of important reasons:

1) I calculate a lot of exam statistics. Really, a lot. If your exam gets to me too late to include with the rest of the class, I have to mark it by hand. That means it’s not included in any of the exam statistics for the class. I don’t like having incomplete data; I want to get the most complete picture of a class’s performance possible--not leaving anyone’s data out. Plus, I hate hand-marking multiple choice exams and am prone to errors, despite my best efforts.

2) I process and post exam results quickly. Very quickly. My goal is to be faster than anyone else on campus. I have, on more than one occasion, posted exam results the same day. To do that, I bring all of the exams to TSQS personally as soon as possible after the exam. However, if students are writing their exams at SAS, they are often given extra time. That means I have to wait until you’re done, and have delivered your exam to the General Office so I can include it with the rest of the class. In other words, not only am I waiting on you, but the rest of the class is also waiting for you to deliver your exam.

On more than one occasion, a student has had the exam with them after completing it, but didn’t deliver it to the Psychology Office because it was closed for lunch or closed for the day. Then they forgot about it. Only after several days passed did they remember and drop off the exam. In the meantime, I’m frantically calling SAS to find out where the hell your exam is. They don’t have time to search their records for who did or didn’t write an exam, and they get pissy about it if you ask them to do so. Maybe they’re pissy because I’ve asked them “Where the hell is the exam?”

What if you’re sick or something comes up and you don’t write your exam at SAS after all? One thing’s for sure: I don’t know about it. SAS doesn’t call or email me to say that you didn’t show up. All I know is that I don’t have your exam. This is bad when it comes to midterms, but it’s even worse for final exams. Say you miss a final exam for a legitimate reason. You do what you’re supposed to do: go to your Faculty office and apply for a deferral of the final exam within two working days of the originally scheduled final exam date (NOT the date you write the exam with SAS). Great. But in the meantime, I don’t know where the hell your exam is. Do you have it? Does SAS still have it? Did you even write it? I don’t know. And I can’t ask SAS. (See “pissy” above.) So the pile of final exams from rest the class sits and waits. I would love to process the final grades--students are starting to pester me about why the results haven’t been posted yet--but I can’t, because I’m still waiting for your exam.

(You might be wondering why I don't just go and pick up the exams from the SAS exam office myself. I've tried that, several time. One year, I had an impending flight with my family, so I did not want to rely on students to get the exams back to me. The incident involved multiple exams written at different locations, misplaced exams, and a whole lot of running. It did not go well.)

If you do NOT write your exam with SAS for any reason (incapacitating illness, severe domestic affliction, religious belief, or you just decided to write it with the rest of the class in the classroom), TELL ME as soon as possible. Email is preferable; this gives me a record that I can refer to, if need be.

If I have sent you an email asking you to read this post, now’s the time for you to send me a reply email acknowledging that you have read and understood this post, and agree to the conditions that I have specified. Thanks.

If I haven’t asked you to read this post, well...

Why aren’t you studying?

The Computer Breach

This post is about a serious breach of computer security that occurred in the last weeks of term last year, affecting thousands of UAlberta users, including me. This post has been created by drawing from numerous sources, including mass emails, news reports, and official blog posts and news releases. There are, however, still unanswered questions that I will explore, and some of the implications of this event.

The Breach
Between November 17 and December 8, 2016, a breach of computer security occurred on the UAlberta North Campus. A forensic analysis determined that 287 computers in 20 classrooms and labs in the Knowledge Commons, CSC, and CCIS had keylogger malware installed on them. This breach was detected on November 22, 2016, and potentially compromised the security of 3,323 passwords belonging to students, staff, and faculty. A further investigation by EPS and the UAlberta IST forensic team determined that another 17 computers were affected, potentially putting another 19 people’s passwords at risk.

The Notifications
A total of 3,304 students, staff, and faculty who had logged into the affected computers during this period were notified of this breach by mass email on November 23, 2016, sent by the Chief Information Security Officer (CISO) of the Office of the Vice-Provost and Associate Vice-President (Information Services and Technology).This message confirmed most of the above information and recommended a course of action that included changing our passwords and monitoring our accounts for suspicious activity. After changing my password, I replied to that email, asking for more information about the malware; I sent the same message again on December 1, 2016 because I did not receive a reply to my first message. I got a reply from the CISO on December 7, 2016 that assured me that no actual information had been obtained due to the workings of the security software (more on this below). The delay in responding was for security reasons, because the investigation was still underway.

So imagine how badly I was freaking out the morning of December 19, 2016, when I wasn’t able to log in to check my email. Or any UAlberta account. My first thought was that the attacked had not only taken my old password, but the keylogger was running on the computer I used to change my password in November. I immediately called IST, where there was an uncharacteristically long delay. The thought, “I have a bad feeling about this” kept racing through my mind. This, however, just turned out to be a mandatory password reset for everyone who had potentially been exposed to the malware; in case you ignored the previous advice to change your password, you were now being forced to change it. Er, no advance warning or anything?

All along, information about this breach was hard to come by. In fact, I’ve gotten much information from articles by CBC Edmonton and the Edmonton Journal, and only rarely from official UAlberta sources. Finally, on January 5, 2017 there was a positive gusher of information sent in an email, as well as posted to the IST blog. I suspect the timing was not a coincidence: the Edmonton Journal had just published an article about the security breach in that day’s newspaper.

The Accused/The Charges
According to news reports, the accused is 19-year-old UAlberta student Yibin Xu. Xu was not named in any official announcements from UAlberta. A search using the UAlberta Directory did not turn up any matching person. Perhaps this student’s status as a student--or, at the very least, their UAlberta computing privileges--were revoked. According to EPS, Xu has been charged with mischief in relation to computer data, unauthorized use of computer services, fraudulently intercepting functions of a computer system and use of a computer system with intent to commit an offence.

Xu was to appear in court on January 10, 2017. I have not been able to find any information about Xu’s plea on this date.

The Protection
UAlberta classroom and lab computers are protected by antimalware software, including Zemana Anti-Keylogger. In the email I received directly from the CISO, there were “blank logger output files resulting from the encrypted inputs” making this incident, technically, a potential breach, not an actual breach. This makes me feel a bit better. However, I have not been able to obtain the name of the malware. Although this might seem like an, er, academic exercise, it’s important for at least three reasons. 1) I want to be sure that all of my anti-malware specifically includes the signature for the malware that I potentially encountered, 2) I would like to know more exactly how the malware works and (more importantly) how it spreads, and 3) whether this was existing malware used by a script kiddie or (much more seriously) custom malware deployed by the accused, specifically tailored to penetrate the UAlberta defences.

The Implications
The last point is important. Why would someone go to 304 different computers, installing keylogger malware on each one? Aside from the time investment required to craft, modify, or at least obtain the malware, how long would take it take to load this software on all those computers? Did Xu have to go to each computer, installing the malware from a thumb drive (which would not require any identifying logon or authentication). Say it takes 30 seconds. That’s a time investment of over 2.5 hours. It’s not clear whether the harvested data would be automatically uploaded, but that’s the most likely scenario. Then, however, you have to sift through all of that data looking for someone logging in. That’s got to take a while, too.

Here are three plausible reasons to go through all this trouble. First, just to prove it could be done. Yeah, malware writers do things for dumb reasons like this; bragging rights. But bypassing commercial anti-malware software doesn’t have to be done on campus, where you’re risking quite a lot for not very much. Thrill of the chase? Maybe, but I doubt it. Virus-writing has come a long way since those early days of macho competition.

Second, a desperate need. You’re failing courses badly. You need some kind of “competitive advantage.” If only you could log into your fellow students’ account, you might be able to steal their lab reports, computing science assignments, and more. While you’re at it, you could also grab some instructors’ credentials. Maybe log in to their accounts at the end of term and...tweak your grades. (Hey, David Lightman did it in War Games!) But isn’t that a lot of work for very little reward and high downside risk? Wouldn’t it be better to spend all that time, say, studying? If you get caught, you’ll be tossed out of university, stuck with a criminal record, and face potential jail time. (If the accused is a foreign student, they may be deported and not welcomed back.)

So that leaves the third possibility: What if the accused is working on behalf of someone else, like a criminal organization or even a nation state? China and Russia are known to have been behind state-sponsored malware attacks. I don’t think I want to know how many criminal groups are happily writing ransomware and other nasty shit--witness recent attacks on Carleton University and the University of Calgary last year.

I’ve been hit by malware before. Once, years ago, my computer contracted the Chernobyl virus, which managed to bypass Norton Internet Security. I actually had to bring my computer in for service to kill that one off--one of the few times I’ve ever had to pay someone to fix my computer. (If I ever see Chen Ing-hau, remind me I owe him a punch in the face.) Another time, my office computer was somehow infected with a rootkit, which took many frustrating hours to remove. Now, I’m armoured to the teeth with firewalls, anti-virus, anti-malware, anti-keylogger software, which do NOT give me any false sense of security. I continue to abide by best practices. But none of us need the worry and hassle of malware on university computers. As far as I’m concerned, they oughta throw to book at Xu.

Lastly, I know I’ve tossed many brickbats IST’s way. They’ve deserved them. But this time, I offer a bouquet: Nice job. Detecting this serious problem in 5 days, and managing to identify the culprit (sorry, accused) means that we at UAlberta don’t end up in the same situation as UCalgary. Because nobody wants to end up like Calgary. (Sorry, couldn’t resist.)

Why aren't you studying?

What I Did on my Christmas Holiday (2016 edition)

I hope you had a good Christmas holiday period! (That's the official UAlberta name for it, by the way.) Campus looks pretty for the holidays. Back when I was a student, there were no decorations like this.

Since you're wondering, here's what I did during the break.
(Why do kids have to get up so early on Christmas day?)

One thing I did over the break was get my car fixed. As I was heading to work for my last office hour of Fall term, I stopped for a yellow light--but the person behind me decided to go through it. Yeah, you can guess what happened. No, no one was hurt (except my poor car). The other person decided to pay for my repairs himself, rather than go through insurance. This can be dicey. I'm glad everything worked out, though. It was good (?) this happened between terms, so I wasn't stuck without a vehicle. The worst part about this? Remember that I was going to work for my last office hour? Guess how many people showed up to my office. Yeah: zero. Ugh. I should have stayed home.
(Crunch!)

Holiday time means I get to spend time with family and friends. My eldest daughter was super excited to see Rogue One: A Star Wars Story. Me, not so much--not after last year's Episode VII. (No, I didn't didn't like much; I felt betrayed by it, as a long-time Star Wars fan. Although it felt repetitive--like watching Episode IV from a parallel universe--I think I know why. The short answer is, well, you have to read Mike Klimo's Star Wars Ring Theory. If J.J. Abrams is clever enough to be extending the ring through this new trilogy, I may change my mind about it. Especially if Rey is both a Kenobi and a Palpatine...). Oh, as for Rogue One? Loved it.

Since my kids were off school, we did some family activities, like sledding:
(No, I didn't actually get on a sled and risk breaking my neck.)

We also made a recipe from a book that I've had since I was a kid: Possum's honey bread:

(Mmm, the smell of fresh bread on a cold winter's day!)

I spent some time catching up with some reading, including Wired DesignLife, a gorgeously designed magazine about gorgeously designed things. Looking at these artistically created products on a screen is nothing like holding the thick glossy pages of a magazine in your hands.
(I still prefer the feel of paper in my hands.)

Break time wasn't all about sleds and breads--I did a lot of work prepping for Winter term courses. I'm going to be trying some new things this term that I hope work out. If not, well, I tried. I don't just want to be doing the same old, same old all the time. I guess it's fitting that I spent much of the end of the year looking ahead to the new one.

Are you glad it's 2017? Many people are. There seemed to be so many lousy things going on (Brexit, the Fort McMurray wildfire, the economy, celebrity deaths, and don't even get me started on Trump. No surprise that so many people couldn't wait for 2016 to be over.

(John Oliver, Last Week Tonight: F*ck 2016)

Let's hope for the best in 2017!

Why aren't you studying?

Find It