All Systems Go

General Status: All Systems Go

All production LTS systems appear to be functioning normally and all LTS electronic services should be available.

Details

Note: Phishing email threatens campus and personal data security (last updated: 16-Jul-2014)

Note: Another new phishing message has been released. It indicates that your account is using too much space and that you will no longer be able to send messages until you click a (fraudulent) link to verify your account. Ignore and delete this message if you receive it.

See latest phishing schemes: Recent Phishing Examples.

Many people are reporting phishing messages that appear to come from legitimate sources, such as LinkedIn, Facebook, the Better Business Bureau, Amazon, and American Airlines. These messages include links to sites that exploit vulnerabilities with Java and Adobe Flash. Be suspicious of any email that contains misspellings, poor grammar, convey extreme urgency, or ask for login or personal information.

LTS RECOMMENDATION


Avoid clicking links until you can confirm that the message is from a legitimate source. Rather than using the link, go directly to the site by entering the web address in a browser. See more information on our LTS Phishing Guide page to avoid being caught.

Note: Microsoft Internet Explorer Vulnerability Actions (last updated: 16-Jul-2014)

On April 26, 2014, Microsoft announced that versions 6 to 11 of it's web browser, Internet Explorer (IE), contains vulnerabilities that might allow an attacker to compromise your PC. This is especially of importance for those clients still running the Windows XP operating system as Microsoft will NOT be developing a patch for that operating system. Read more...

Note: Lehigh Community Information Security Notice - Heartbleed Bug (last updated: 16-Jul-2014)

A security vulnerability named Heartbleed was disclosed Monday night. The vulnerability affects a large portion of websites on the Internet that use OpenSSL to encrypt webpages (pages that start with https) and other communications. SSL, or secure socket layer, is a cryptographic protocol which is designed to provide communication security over the Internet.
Read more...

Note: Vulnerabilities in Browser Plug-ins for Java and Adobe Flash (last updated: 3-Jul-2014)

Serious vulnerabilities have been discovered in Java and Adobe Flash which could result in your computer being compromised in various ways. These include: having malicious programs installed and run on your computer without your knowledge or permission; having your computer be used to attack other computers and networks or to send spam or phishing messages, or to spread viruses and other malware; and having sensitive private data (yours or Lehigh's) be exposed to others.

LTS RECOMMENDATION


If you don't need the browser plug-ins, uninstall them or turn them off. However, since many of our web-based tools such as Banner Forms and Blackboard Collaborate require Java, make sure your plug-ins are up to date. You can quickly check the most common ones using free tools available from Rapid7 or Qualys.

For more information about Flash, read the Adobe bulletin. For more information about Java, as well as additional steps recommended by LTS, read the LTS Java News page.

Authorized users may post, cancel, or update messages on the maintenance page. Authorized users include Help Desk and Operations staff, and selected Systems, IT, and Client Services staff. Non-authorized users should contact the Help Desk at 610-758-4357 to report problems and outages.