Category Archives: Helpdesk Alerts

Security Note – OpenSSL ‘Heartbleed’ Vulnerability

As you may have read in mainstream news media outlets, a vulnerability was recently discovered in certain versions of OpenSSL which could allow a remote attacker access to sensitive data on certain types of servers.

LIS has already patched relevant local systems and is working with vendors to ensure that any relevant externally-hosted systems are similarly patched. There is no evidence to suggest that Middlebury account credentials have been compromised.

More information about the vulnerability is available on the LIS Information Security web site’s ‘Threat Bulletin’ area: http://www.middlebury.edu/media/view/475111/original/middlebury_threat_bulletin_openssl_heartbleed.pdf

If you have specific questions, please feel free to email infosec@middlebury.edu.

Microsoft to end technical support for Windows XP and Microsoft Office 2003

Microsoft will end support for the Windows XP operating system and Microsoft Office 2003 software on April 8.  Microsoft will no longer release security updates or provide technical support for either product after this date.

Both Windows XP and Office 2003 will continue to function, but computers running either product will become increasingly vulnerable to malware and other forms of cyber-attack.

Due to the risk these vulnerabilities create, the Information Security group considers it necessary that Middlebury College students, faculty and staff have an upgrade to better protect personal and College data.

If you are not sure whether you are using Windows XP, Microsoft has created an easy-to-use website you can use to help at http://amirunningxp.com.

If you have a College-owned device that is running Windows XP, please contact the helpdesk at helpdesk@middlebury.edu, or create a ticket at  https://webhelpdesk.middlebury.edu/ to discuss the best course of action. The Technology Helpdesk has already begun the process of migrating all College-owned computers to Windows 7.

Students, faculty, and staff with personal computers running Windows XP will need to upgrade their computer operating system to be able to connect to the Middlebury network or VPN at some point in the future, so please take action as soon as possible.

For questions or assistance, contact the Helpdesk at X2200 or visit https://webhelpdesk.middlebury.edu/ to create an online ticket.

Go/middfiles II: Electric Boogaloo

This post was made in the fall, but technical issues delayed the implementation. We’re now ready to move forward.

Recently, we at the Helpdesk have spoken with many individuals who were disappointed with the interface and performance of NetStorage, but were unaware of other, usually superior ways to access their files.

In an effort to improve awareness, and in consultation with Central Systems and Network Services, we will be changing the go/middfiles shortcut, currently pointed directly to Netstorage, to lead to our main documentation about Middfiles. Using this documentation, users should be able to quickly connect using faster, better methods and be on their way.

We realize that this will be a significant change for some in our community, but we anticipate that over time, this will help people distinguish between Middfiles, the server system, and Netstorage, a web application that permits limited access to that system and is not intended for daily use. Netstorage will still be accessible via go/netstorage for edge cases like mobile devices that cannot use WebDAV.

The plan is to make the switch within the next few weeks. (EDIT: The changes have been made.) This post (available at go/middfileschange) will be updated with any new information.

As always, we invite your feedback via comments. For specific questions or issues, please make a ticket.

Sunday morning maintenance

This Sunday morning between 7 and 10 am we will be performing some fine-tuning of our Internet gateway routers and firewalls that will include some Internet routing prioritization and optimization as well as some firewall configuration changes.  We do not expect any noticeable interruptions of services but are performing this during our maintenance window as a precaution.

Now’s the Time to Update Your OS & Apps: New Vulnerabilities Announced

burglarApple recently released software updates to iOS, Mac OS 10.7 and higher, as well as for Safari & QuickTime for Windows.  These updates address a vulnerability found in Apple’s implementation of SSL (secure sockets layer), a protocol computers use extensively for secure communications online.  While we are not aware of any specific information breaches at Middlebury College, and the steps necessary for someone to compromise these secure communications are far from trivial, we should all apply these important security patches to our Apple hardware and Windows computers running Apple software to mitigate these risks.  Please check your Apple software for available updates (especially iOS, Mac OS, Safari, and QuickTime updates).  Run your updates now and check again after the installation as some may have prerequisites.  For more information, links to specific updates for the SSL vulnerability and others are available at http://support.apple.com/kb/HT1222.

Moodle Maintenance Notice For 2/28/14

From Remote-Learner, our Moodle host:

In order to increase the resilience and reliability of our cloud platform we will be replacing our network firewalls. Upgrades on the firewalls will be conducted during the February 28th maintenance window between 2 a.m. and 6 a.m., ET.

During most of this period your site will be operational, but there may be short periods of connection loss to the internet.

Sunday morning maintenance

Between 7 and 9 am we will be upgrading our Internet firewalls.  While the Internet firewalls are a pair with failover, there can be an up to 30 second interruption of service as each failover takes place.  We are expecting 3 less than 30 second Internet service interruptions during this period.

Between 8 and 10 am we will be re-routing connectivity to a specialized video conferencing network segment, the video conferencing service will be off-line during much of this window.

Between 8 and 9:30 am we will be upgrading Web Help Desk, there will be a less than 10 minute service interruption during this period.

Moodle Update on Sunday, February 2, 2014

On February 2nd at 11pm EST, Remote-Learner will be updating our Moodle instance. This is a minor upgrade that includes updates to performance and security, as well as the following feature enhancements:

  • Option to auto-save during quiz attempts (administrative setting)
  • You will be able to search the list of users enrolled in a large course
  • Drag and drop file upload progress indicator in filepicker
  • New forum setting ‘Display word count’

For a user-friendly comprehensive list of changes please visit: http://docs.moodle.org/25/en/New_features

Please expect Moodle to be unavailable for a short time between 11pm and 1am.