News

Introduction The central web hosting service is set up to provide a consolidated, fully monitored and managed environment for hosting departmental and project websites for all departments and offices.The hardware and software offered by the central web service are maintained and supported by the Computing Services Centre (CSC) while the web page contents and applications are developed and maintained by individual departments. Compatibilities with web standards and technical advices are provided by the CSC to departments to assist them in the development of new websites or the upgrade of existing websites.Planning a website development In order to provide a stable and safe web hosting environment for all web sites and services, users are expected to do all the development on their own machines and fully test them on the staging server before uploading to the central web hosting servers. Website administrators/developers are strongly advised to follow the development/staging/production life-cycle for website development (please refer to the article on “www6 Staging Server is Now available” in this issue of Network Computing).

/* The following article is extracted from the "Information Security Newsletter" published by the JUCC IS Task Force. */ Code injection attacks typically occur when inputs has not been adequately validated before execution. The basic principle is to provide some form of input with additional malicious scripts for exploitation. There are numerous types of injection attacks which have different features and attributes. Major type of attacks included: 

A number of strategic measures have been prepared at City University of Hong Kong (CityU) for the double cohort of first-year students beginning their undergraduate studies this semester.Counseling services, new software designed to help these new students navigate their way through the numerous tasks they need to accomplish during the start of their university careers, and key changes to the university calendar are being adopted to help to ensure a smooth start.

Information technology at City University of Hong Kong (CityU) has received global recognition for making its online presence more accessible to greater numbers of people. CityU was named a 2012 Computerworld Honors Laureate for its barrier-free website and contributions to reducing the digital divide. The University is the only organisation from Hong Kong to receive a Laureate this year.

/* The following article is extracted from the "Information Security Newsletter" published by the JUCC IS Task Force. */ Websites and web applications are often used by universities for public access and provide required services to their end-users, including staff and students, round-the-clock (e.g., student information portal). Traditional firewalls and anti-virus tools usually offer little protection against code injection attacks which may lead to direct access to valuable backend data such as student personal records, examination results or research data.

/* The following article is extracted from the "Information Security Newsletter" published by the JUCC IS Task Force. */ Code Injection is a type of exploitation caused by processing invalid data input. The concept of injection attacks is to introduce (or "inject") malicious code into a program so as to change the course of execution. Such an attack may be performed by adding strings of malicious characters into data values in the form or argument values in the URL. Injection attacks generally take advantages of inadequate validation over input/output data, for example:

Background – CityU’s Unified e-Learning Management System and e-Portal Since 2005, the University has adopted the Blackboard Academic Suite (Bb) as the unified e-learning management system as well as a platform for the University e-Portal. It is widely used by all CityU members for teaching, learning, announcements, wiki and blog, social learning, integration to booking systems and departmental learning tools. Over the past 7 years, the Bb system has constantly been reviewed and upgraded to support the rapid growth.

According to our past experience, more than 50% of incoming emails are possibly spam in nature. These emails not only waste our system resources, but also cause delay of normal email delivery. Users would be annoyed, and even worse, they have to take security risk when opening the message or the attached files. At the beginning of 2007, we adopted a world-class spam detection system which tags each incoming email with a possibility of “spam level” (“threshold”). If the spam level of an email reached 99% or higher, it would be discarded immediately. In December 2010, we started to implement the compulsory spam filtering of emails with spam level up to 90% for the email systems of our staff, students and alumni. After studying the statistics, we found that it was necessary to tighten the level to 80%, which would then further decrease the number of highly suspected spam and phishing emails by 5%. In fact, this has already been implemented since February 2012. Each email is now tagged with a “spam level/threshold” and these tailor-made filters can be adjusted by the users if they want to. Those suspected emails would be moved to the AUTO-PURGE (Java Sun Messaging System) or Junk E-mail (Microsoft Exchange) folder where users have the choice to inspect before being deleted after 30 days. In addition, users can further refine their anti-spam preferences by adding email senders to the “Personal Whitelist” or “Personal Blacklist” to accept or reject emails accordingly.

​The CSC Student Terminal Area (STA) has been located on Level 2, AC1 (previously named Academic Building) since 1990 when the University moved from the Mongkok campus to the current permanent campus in Kowloon Tong. The STA had undergone a few changes over the years before it arrives at its final shape. However, the existing STA will be moved when Semester A, 2012-13 starts in September 2012. In order to free up the space occupied by the STA for other purposes, all Teaching Studios, computing facilities and services (except the Data Centre and offices for support staff who must have instant access to the Data Centre) will be moved to the 4th and 5th floor of the AC2 building.

CityU, in support of its Discovery-enriched Curriculum and the growing importance of mobile technology, has allocated HK$9 million to implement its e-learning strategy.