What is the Heartbleed bug?
On April 7, 2014 researchers found a flaw in OpenSSL, one of the tools used to secure Internet traffic.OpenSSL provides security on the Internet. The bug compromises security keys, allowing attackers to potentially capture usernames, passwords, and other data stored in the server’s memory. If you would like additional information, NPR’s Marketplace is a good place to start.http://www.marketplace.org/topics/tech/heartache-heartbleed
Should I be concerned?
NJIT’s major systems, including payment and student systems, were protected. However, this is a significant security concern for other sites. OpenSSL creates an encrypted connection between you and secure servers. A recent Netcraft SSL survey found that around half a million servers world-wide appear to be affected by the Hearbleed bug. Until the bulk of these computers are fixed or “patched,” any secure site on the Internet is potentially vulnerable.
What is NJIT doing?
NJIT has patched all our potentially vulnerable servers that are exposed to the Internet. We will continue to monitor the situation; further information will be distributed through follow up email messages, and posted on the NJIT IST web site (http://ist.njit.edu/).
What should I do?
While this is a serious vulnerability, IT professionals at NJIT and around the world are working to patch servers and mitigate the risk. Our recommendations include:
1. University systems were not compromised so you do not have to change your NJIT password. However, we still recommend changing your NJIT passwords regularly as a matter of best practice.
2. Check the status of non-NJIT sites you visit. This Mashable.com article provides a list of popular web sites and their status in regards to the Heartbleed vulnerability. http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/.
3. Change your passwords, but only after a site has been patched. This is the tricky part. On the whole, it’s a good idea to change passwords after any security breach, but only after the breach itself has been closed. To that end, change passwords on affected sites, but only after they have determined Heartbleed is no longer an issue.
Those interested in more technical information visit http://heartbleed.com
Remember that legitimate NJIT email messages will never ask you to respond with sensitive information such as password, SSN, or bank account number. Be suspicious of any email asking you to change passwords.
This email was prepared from contributions from the Higher Education Information Security Council (HEISC) and the Educause IT Comm listserv.
On Thursday April 10, 2014 12:02pm – 12:22pm, Connectivity to and from the Internet became unavailable. Service was restored at 12:22pm.
Info: IST Helpdesk 973-596-2900
All Banner systems (Internet Native Banner (INB), Banner Self-service, job submission) and related Banner applications (e.g. Appworx, Infosilem, Evision, etc.) will be unavailable for an emergency server maintenance at 6pm today, March 31, 2014. This includes links and access to Banner from within Highlander Pipeline.
All services are expected to be restored by 6:15pm.
Further Contact: email@example.com or the IST Helpdesk at 973.596.2900
Access to the Mailhygiene Message Center at https://mailhygiene.njit.edu is temporarily unavailable. Google support has been contacted and work is in progress to resolve the issue as quickly as possible.
We apologize for any inconvenience.
On Sunday March 30, 2014 at approximately 5pm-5:10pm, maintenance was performed on NJIT’s telephone system causing a 6 minute service interruption to all of NJIT’s telephones. Service was restored at 5:10pm.
Original message March 28, 2014:
On Sunday March 30, 2014 at approximately 5pm-7:30pm, NJIT Telecom and Networks will be performing maintenance on the telephone system (PBX) in order to replace equipment. During portions of this maintenance window, we anticipate a service outage to all of NJIT’s telephones. We apologize for the inconvenience.
Information: IST Helpdesk 973-596-2900
Beginning at 4:00 am Monday, March 31, 2014, for approximately one hour, NJIT’s user authentication service (Shibboleth) will undergo maintenance. Access to the following services will be interrupted during maintenance: Moodle 2, MAP-Works, 25 Live, CDSLink, Postini Mailhygiene, Activity Insight for Faculty.
As part of maintenance the login page will receive a new look (see below). For the protection of your account, when logging in through new login page for the first time, please read all details included on the login page.
Given the nature of this maintenance we would like to remind the community of the following:
- Always be wary of electronic solicitations where you are asked to provide personally identifiable information or accounts and/or passwords. Providing such information may result in identity theft, which can be expensive to resolve, detrimental to your credit rating, and extremely inconvenient.
- Never open attachments or click on links within an email unless you trust the source.
- NJIT will never ask you to REPLY to an e-mail with private information (SSN, date of birth, user IDs/passwords).
- NJIT log-on credentials will only be asked at the legitimate point of entry to a NJIT system (e.g. Highlander Pipeline, Moodle, Webmail by Google) when you have actively initiated entry to the system. Be wary of providing log-in credentials unless you have initiated the action.
- Always use strong passwords and change them on a regular basis.
If you have questions or suspect you may have been victimized by one of these scams, please contact the IST Help Desk at (973) 596-2900.
Screenshot of revised login page:
Beginning at approximately 4am Friday, March 21, 2014, NJIT’s authentication service for Webmail by Google became unavailable causing new connection to Webmail by Google to fail.
Service was restored by 5:15am.
If you encounter any login issues, please contact the IST HelpDesk (973) 596-2900