Monash Uni infosec staff find gaping security hole in Palo Alto Networks gear – Security- Tempemail – Blog – 10 minute

Palo Alto Networks has issued patches for a critical authentication bypass in several of its enterprise security products that was reported to the security vendor by two Monash University infosec staff.
The flaw, discovered by cybersecurity systems analyst Salman Khan and systems engineer Cameron Duck at Monash University, rates 10 out of 10 on the Common Vulnerabilities Scoring System (CVSS) version 3, and is easy to exploit with no user interaction required.
“When Security Assertion Markup Language (SAML) authentication is enabled and the ‘Validate Identity Provider Certificate’ option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources,” the security vendor wrote in its advisory.
Multiple versions of the Palo Alto’s PAN-OS running on the company’s firewall, gateway, virtual private networking and access products are affected by the flaw.
Upgrading to PAN-OS versions 8.1.15, 9.0.9 and 9.1.3 fixes the authentication bypass vulnerability.
The United States government cyber command advised users to patch all their Palo Alto Networks devices immediately, warning that overseas nation-state sponsored hackers would likely try to exploit the vulnerability.

Please patch all devices affected by CVE-2020-2021 immediately, especially if SAML is in use. Foreign APTs will likely attempt exploit soon. We appreciate @PaloAltoNtwks’ proactive response to this vulnerability.
https://t.co/WwJdil5X0F
— USCYBERCOM Cybersecurity Alert (@CNMF_CyberAlert) June 29, 2020
If it’s not possible to immediately patch against the vulnerability, Palo Alto Networks said configuring the SAML authentication with a Certificate Authority (CA) Identity Provider Certificate, along with enabling validation of the credential, can be used as a complete mitigation for the vulnerability.
If SAML is not used for authentication, the bypass bug can’t be exploited, Palo Alto Networks said.
For now, the security vendor is not aware of any attempts at exploiting the vulnerability.
Attempts at exploiting the vulnerability can be logged by systems, but Palo Alto Networks said it can be difficult to distinguish between valid and malicious logins or sessions.
Unusual user names or source internet protocol addresses found in system logs are indicators of compromise, Palo Alto Networks warned.

Tempemail , Tempmail Temp email addressess (10 minutes emails)– When you want to create account on some forum or social media, like Facebook, Reddit, Twitter, TikTok you have to enter information about your e-mail box to get an activation link. Unfortunately, after registration, this social media sends you dozens of messages with useless information, which you are not interested in. To avoid that, visit this Temp mail generator: tempemail.co and you will have a Temp mail disposable address and end up on a bunch of spam lists. This email will expire after 10 minute so you can call this Temp mail 10 minute email. Our service is free! Let’s enjoy!

Data61 taps Monash Uni’s Dean of IT as new director – Training & Development- Tempemail – Blog – 10 minute

The CSIRO’s digital offshoot, Data61, has named Monash University’s Dean of IT Professor Jon Whittle as the organisation’s new director.
Whittle replaces founding CEO Adrian Turner, who stepped down from Data61 at the beginning of the year to lead the Minderoo Foundation’s Wildfire and Disaster Resilience Program.
Whittle has been with the university for the past three years, and for the last year has served as the interim co-director of the Monash Data Futures Institute which leads research in applied artificial intelligence in health sciences, sustainable development, policy and governance.
Previously a senior research centre at NASA’s Ames Research Center, Whittle is an expert in software engineering and human-computer interaction.
His work in software engineering has largely focused on model-driven development (MDD) and the industrialisation of MDD.
CSIRO chief executive, Dr Larry Marshall, said Whittle’s highly interdisciplinary work connects well with the research organisation’s work.
“Since we created Data61 as part of Strategy 2020, CSIRO has become home to Australia’s leading data science and innovation group, partnering with government, industry and academia to solve Australia’s largest data-driven challenges underpinned by deep science and technology,” he said.
“Jon is well placed to take CSIRO’s digital journey into its next phase, maximising the opportunities that digital and data science can deliver for the nation, and the world.”
Whittle will begin at the agency in July.
Data61’s acting director, Dr Simon Barry, will become the agency’s deputy director when Whittle arrives.
Barry joined CSIRO in 2007 and was most recently Data61’s research director for its Analytics and Decision Sciences Research Program.

Tempemail , Tempmail Temp email addressess (10 minutes emails)– When you want to create account on some forum or social media, like Facebook, Reddit, Twitter, TikTok you have to enter information about your e-mail box to get an activation link. Unfortunately, after registration, this social media sends you dozens of messages with useless information, which you are not interested in. To avoid that, visit this Temp mail generator: tempemail.co and you will have a Temp mail disposable address and end up on a bunch of spam lists. This email will expire after 10 minute so you can call this Temp mail 10 minute email. Our service is free! Let’s enjoy!

Monash Uni targets higher-speed student admissions processing – Cloud- Tempemail – Blog – 10 minute

Monash University is breaking-up and optimising the back-of-house processes it uses to vet new admissions, one of several process transformation initiatives being pursued under a seven-year deployment of Salesforce.
The university used Salesforce’s Dreamforce 19 conference to reveal the breadth of critical processes it is improving as it continues to build out what it claims to be “the biggest Salesforce capability in higher education globally.”
Admissions product manager Lejla Hadzanovic said Monash is “heavily invested” in Salesforce, evidenced by “the number of critical processes that Salesforce enables” at the university.
These covered activity in the university’s student and staff contact centres, across its whole sales funnel “from lead acquisition, nurturing, scoring, to application management and assessment for the whole full admission cycle”, and the management of Monash’s knowledge base.
In a slightly unusual architecture, given the project size, Monash runs the entire university out of a single Salesforce “org” – or instance – forcing all the different parts of the university to coordinate.
“Monash made a significant decision – probably one of our biggest decisions on this platform – to really go with the one org, and it’s been a decision that we stand by,” Hadzanovic said.
“A lot of organisations would have gone multi org, because let’s face it, it is a lot simpler to give each team, each business unit, each project, their own org.
“But what we have found is that the benefits far outweigh the overhead, because what we have seen is that business areas so all of our faculties, as well as the central divisions, are actually now working together in ways that they never had to before. 
“They need to communicate, coordinate, negotiate on a weekly basis.
“For the first time ever, they’re really having to come together and understand each other’s processes and businesses and initiatives because they’re working with the same sets of data and same sets of [data] objects.”
Bringing velocity to admissions
Hadzanovic provided three examples of process improvements being pursued through the Salesforce platform.
The first, in her domain area of admissions, has tried to “change the way work flows through the system to improve the efficiency and effectiveness” of the admissions process.
“Once [student] applications get submitted [and] they come to the back-of-house, we have transformed the assessment process, which those of you in higher education understand is a very highly manual, labour-intensive, repetitive workflow where staff go through thousands of documents and transcripts and evaluate whether a student is eligible to come and study their chosen course,” Hadzanovic said.
“We’ve actually really flipped that on its head and broken up that assessment framework into smallest units of work, and found opportunities where we can eliminate certain steps. 
“Other [steps] we have automated through business rules and integration with either internal or external data sources, and we’re continuing to do so as more and more external data sources become available.”
Hadzanovic noted that assessors were “always one click away from seeing the complete relationship an applicant has with Monash.” 
“They can see their personal details, but all of their qualifications, all of their supporting documents, their work experience, and any inquiries that they’ve made,” she said.
“The way we’ve designed our page layout is it’s always within one click so that the assessor is enabled for high velocity decision-making. 
“In all of our screens we’ve really paid full attention to make sure that they are consistently designed and follow a left-to-right approach, from viewing the data on the left hand side and actioning things on the right hand side. 
“We’re also using [Salesforce] Chatter on the platform to enable communications across the institution, which saves our staff going into their Gmail accounts [where] you actually lose the thread. 
“This way, everything is maintained – and we can begin to have that full contextual picture – on one platform.”
A second process improvement exercise saw the university become the first organisation in Australia to run Apple Business Chat on Salesforce, which it uses as a discreet channel for students suffering financial hardship to communicate with the university.
A third area of process improvement involves a hitherto undiscussed intelligent assistant called MBot.
“At Monash we actually are not using chatbots in your traditional manner in terms of trying to address the metrics around reducing the cost-to-serve, or reducing the number of low value transactional inquiries,” Hadzanovic said.
“We’re actually using it to really drive cultural change, so when we have initiatives or business problems that we give to our IT and business areas to solve, instead of trying to solve them with your traditional web portal type of solutions, you throw in another modern type of a channel and it makes them think about architecture, solutions, ideas, experiences that they can deliver in a totally different manner.”
The order of things
The Salesforce program of work came about in part due to the challenge for the university to understand all its different audiences – such as students, academic peers, staff, alumni, media, government, stakeholders and partners – in order to coordinate and tailor communications to them.
This is challenging because one person may be in multiple categories simultaneously, and therefore different parts of the university wanted to get communications in front of that person at the same time.
By “taking a data-driven approach, we can present current and future audience members with tailored options and provide specific opportunities to engage with us well into the future,” the university said in a video played to accompany its presentation.
“Using this information correctly will save the university time, resources and money. But most importantly, it will provide a seamless experience to everyone who interacts with us.”
Market experience group manager Marco Delgado said that some aspects of the student journey are relatively linear.
“Particularly for undergrad students who are in years 10-12, they come out of school, they apply at Monash, they enrol, they graduate and eventually become an alumni,” he said.
“But after that, it can get much more complicated. 
“That’s why we have changed our segmentation approach and shifted the approach to a relationship approach.
This was particularly important because the university was likely to enter relationships that did not begin with a person being a prospective student. 
Delgado said Monash had built a “relationship framework” to understand and work with the complexity.
“As Lejla mentioned, we have different faculties, central division, schools, institutes, etc. all wanting to talk to perhaps the same audiences, but what’s important is to do the right thing by the audience members by communicating 1) when it’s relevant and 2) with meaningful content,” Delgado said.
“Of course, we want to increase conversion in anything we do. [But] the first step to increase conversion was to get our house in order. 
“We needed a standard way to capture leads anywhere across the university, and regardless of the channel [they came in on]. Now that we have the captured information on CRM, we can do a number of things [with that].
“With this data in CRM, we can now analyse at a very granular level the behaviours of leads to predict an outcome. We’re using rules, time to application, and grading modeling to predict whether a lead will apply or not, and then activate our marketing and recruitment bandwidth behind this. 
“For example, we can use this granular lead information to predict an outcome, and we can integrate this information with media buying to acquire more of these higher quality leads through predictive targeting.”
Open Day 
Delgado said the university used the system at its most recent Open Day to help attendees personalise their activity plans for the day.
“Open day is the most important recruitment event for undergraduate students in Australia,” he said.
“It’s literally an open door event where we welcome prospective students to visit our campuses. 
“For Monash [in 2019] alone, we had over 70,000 attendees, and this led to over 30,000 applications across our four domestic campuses.”
Monash offered in excess of 600 activities on Open Day. 
“We cannot expect everyone to go through all the activities and plan their day around it, so we established the top activities for each person, and the more they engaged with us, the better the recommendations were through this channel,” Delgado said.
The results were promising. Prospective students that used the planning personalisation feature added 20 percent more activities to their planner than those who did not.
“[Personalisation] is a great tool to empower us to treat audiences as individuals in the moments that matter the most,” Delgado said.
SIS remains ‘centre of the universe’
One of the ongoing challenges of the project is positioning Salesforce alongside the university’s 20-year-old Callista student information system (SIS), which Hadzanovic said “remains the centre of [Monash’s] universe” and its “truth of source” for each person.
“It’s been something that we have really grappled over the transformative initiatives in how do you take something so core to SIS like admissions and actually bring it kind of home into a CRM where naturally an applicant’s journey or first time that we get to know someone starts?” Hadzanovic said.
The SIS and Salesforce are tightly coupled, with many integrations having been built out over the past 12-18 months.
“We are using Mulesoft as an integration layer,” she said.
“We have made sure that our SIS and CRM are in sync. SIS remains our truth of source for the person, for the contact. But, even though you might start in CRM, we send you into our SIS and then through the integration, we make sure that the student ID which comes out of the SIS is maintained and copied into the CRM.”
Ry Crozier attended Salesforce’s Dreamforce 19 in San Francisco as a guest of Salesforce.

Tempemail , Tempmail Temp email addressess (10 minutes emails)– When you want to create account on some forum or social media, like Facebook, Reddit, Twitter, TikTok you have to enter information about your e-mail box to get an activation link. Unfortunately, after registration, this social media sends you dozens of messages with useless information, which you are not interested in. To avoid that, visit this Temp mail generator: tempemail.co and you will have a Temp mail disposable address and end up on a bunch of spam lists. This email will expire after 10 minute so you can call this Temp mail 10 minute email. Our service is free! Let’s enjoy!

Monash Uni builds new social platform to help students find aMigos – Projects- Tempemail – Blog – 10 minute

Monash University has developed its own social media platform in a bid to boost student engagement and start fostering networks before students ever step foot on campus.
The aMigo platform provides students about to join the university with an opportunity to connect with other students with similar interests and in similar regions before their actual orientation day.
Using the React framework and leveraging a number of Google Cloud Platform service offerings like Firebase SDK, the university was able to implement useful features including:

Prioritising best trending post to appear on top of threads for visibility and traction,
Multimedia support allowing students to express themselves in the medium they like most, including video,
An administrative ‘bulk upload’ feature allowing the uni to import large lists of users onto the platform, limiting the time spent on administering users.

The app also has an ‘aMigo map’ showing users’ locations from around the world (to within 1km), which was aimed at helping international students and travelling students to connect during the potentially stressful and lonely time away from campus.
Unlike other platforms implemented at universities, aMigo allows for students to build communities around interests other than study or official clubs and societies – people with an interest in AFL, for example, can build relationships external to university activities.
Aside from bridging the social gap, aMigo provides another avenue for students and the university to contact each other prior to orientation without playing constant phone tag or relying on people fresh out of high school to keep an eye on their email.
A proof of concept that ran in the second semester of 2018 showed that the business case for platform was sound, with students who participated forming new connections prior to the start of classes while experience less anxiety about commencing their degree.
The end is result is more than just a feel-good nod to community spirit – students with strong social support who engage with activities on campus have been shown to achieve better outcomes from their time at university.
This project was a finalist in the education category of the iTnews Benchmark Awards 2020.

Tempemail , Tempmail Temp email addressess (10 minutes emails)– When you want to create account on some forum or social media, like Facebook, Reddit, Twitter, TikTok you have to enter information about your e-mail box to get an activation link. Unfortunately, after registration, this social media sends you dozens of messages with useless information, which you are not interested in. To avoid that, visit this Temp mail generator: tempemail.co and you will have a Temp mail disposable address and end up on a bunch of spam lists. This email will expire after 10 minute so you can call this Temp mail 10 minute email. Our service is free! Let’s enjoy!