OneClass Malware Warning

-
At UTHealth we always recommend that you be careful when installing extensions and plugins for your web browser. We have received a warning from our friends at Canvas to let us know about a new Chrome extension, OneClass, that behaves suspiciously. Here’s what they had to say:

The “OneClass” Chrome extension behaves like malware.
It can affect users of several LMSs, including Canvas.
OneClass is not affiliated with Instructure in any way.

When a user installs the OneClass Chrome extension, it asks for permission to “read and change all your data on websites you visit.” If a user grants this permission, the plugin places a button in the user’s LMS (Canvas or other) labeled “Invite your classmates to OneClass.” If the user clicks this button, OneClass sends messages to all of the other users enrolled in the course via the LMS’s messaging system (for Canvas, that’s Conversations).

DO NOT install or use the OneClass Chrome extension!  Remove it immediately if you've already installed it.  

If you ever see something suspicious in your web browser or have a question regarding suspicious browser add-ons, contact the HelpDesk or visit UTHealth IT Security.

Comments

Post a Comment

Popular posts from this blog

Canvas, Cidi (Kennethware) and Mobile-First

-
Image
"Mobile First" is one of the newest terms in web-based application design. It indicates that a site or web application was written to display gracefully on both small-screened mobile devices and a large-screened desktop. Canvas and Cidi Design Tools are Mobile First. Students will see a pleasant, un-cluttered display no matter what device they use for Canvas. This page is meant to provide some examples to illustrate these applications' Mobile First design. Course home page (desktop browser): Course home page (mobile browser): Course home page (Canvas app): Syllabus page (desktop browser): Syllabus page (mobile browser): Syllabus page (mobile app)
Read more

For Admins: Adding a new Catalog to Canvas Catalog

-
Image
This assumes all policy requirements have been satisfied; those are outside the scope of this tutorial. Scenario 1: Create a Catalog Step 1: Login to Catalog as an Admin Step 2: Click "Catalogs" in the top navigation menu, then "+ Catalog" Step 3: For URL type, choose Path, then set the following options: Name: A human-readable name for your catalog Path: A unique string of lower case letters, numbers, and dashes. This will go to building a URL so people can access your catalog directly. Parent catalog: Admins for the parent catalog will have rights in this new catalog too. About: A short description of your Catalog Step 4: Click "Save" Scenario 2: Add an Admin to the Catalog Step 1: Login to Catalog as an Admin Step 2: Click "Subcatalog Admins" in the top navigation menu Step 3: In the Account Admins search box, find the person you want to add as an admin. Note they must exist in https://uthealth.instructure.com as
Read more

For Admins: Running a Postman Collection

-
If there are multiple iterations of a single API call, each with different parameters, it makes sense to use a PostMan collection to automate those calls. For example, this course: https://uth.test.instructure.com/courses/26911 We want to undelete ten enrollments from a section in this course. The undelete command is: POST https://uth.test.instructure.com/api/v1/sections/26959/enrollments?enrollment[user_id]=5227&enrollment[enrollment_state]=active But the enrollments we want to undelete (by user id) are: 5227, 10564, 106, 10697, 12375, 12715, 1305, 1307, 1327, 1441 Step 1: Create a data file (csv) that looks like this: userid 5227 10564 106 10697 12375 12715 1305 1307 1327 1441 Step 2: Move the POST command to its own folder in PostMan. It will be the sole API call in that folder/collection Step 3: Modify the POST command to: POST https://uth.test.instructure.com/api/v1/sections/26959/enrollments?enrollment[user_id]={{userid}}&enr
Read more