All Systems Go

General Status: All Systems Go

All production LTS systems appear to be functioning normally and all LTS electronic services should be available.

Details

Note: Campus Portal is up (last updated: 26-Mar-2015)

LTS personnel have restored the Campus Portal.

Because of this outage, all housing selection dates will be moved back 1 business day. You will be able to recheck your new selection date/time when the portal is restored. Housing selection will resume on Thursday, March 26, 2015. See https://financeadmin.lehigh.edu/content/housing-selection-calendar for details.

Note: OpenSSL Patches Multiple Vulnerabilities (last updated: 26-Mar-2015)

OpenSSL has released new updates addressing multiple vulnerabilities, one of which is classified as a high severity issue. Exploitation could allow a remote attacker to cause a Denial of Service attack against the server.

Please review the OpenSSL Security Advisory and apply the update.
https://www.us-cert.gov/ncas/current-activity/2015/03/19/OpenSSL-Patches-Multiple-Vulnerabilities

Note: Fraud Alert: Income tax and wire transfer fraud attempts at Lehigh (last updated: 25-Mar-2015)

What does this mean?
Tax time fraud is in full swing. LTS has been alerted to numerous spear-phishing attempt messages that claim to be from the IRS. The goal of these messages is to get the reader to submit confidential financial information via websites, email, and telephone.

Another type of fraud reported at Lehigh involves email requesting emergency travel assistance and/or wire transfers of significant amounts of money. The messages request transfers to bank accounts abroad and often come from email addresses that are very similar to those you might do business with on a regular basis.

What should I do?
Be wary of those contacts by phone, email, text, or social media identifying themselves as the IRS. Never give out personally identifiable information (PII) to anyone without proper verification.

If you are contacted for emergency travel assistance or funds transfers, verify the request with the sender through another channel such as telephone or text message.

Where can I go for more information?
Examples of tax-related and travel phishing emails seen at Lehigh are available at:
Recent Phishing Examples

More information on avoiding tax fraud can be found at:
REN-ISAC Advisory (pdf format)

Contact LTS Information Security at 610-758-3994 or security@lehigh.edu if you suspect any fraudulent activity.

Note: Vulnerabilities in Browser Plug-ins for Java and Adobe Flash (last updated: 20-Mar-2015)

Serious vulnerabilities have been discovered in Java and Adobe Flash which could result in your computer being compromised in various ways. These include: having malicious programs installed and run on your computer without your knowledge or permission; having your computer be used to attack other computers and networks or to send spam or phishing messages, or to spread viruses and other malware; and having sensitive private data (yours or Lehigh's) be exposed to others.

LTS RECOMMENDATION


If you don't need the browser plug-ins, uninstall them or turn them off. However, since many of our web-based tools such as Banner Forms and Blackboard Collaborate require Java, make sure your plug-ins are up to date. You can quickly check the most common ones using free tools available from Rapid7 or Qualys.

For more information about Flash, read the Adobe bulletin. For more information about Java, as well as additional steps recommended by LTS, read the LTS Java News page.

Authorized users may post, cancel, or update messages on the maintenance page. Authorized users include Help Desk and Operations staff, and selected Systems, IT, and Client Services staff. Non-authorized users should contact the Help Desk at 610-758-4357 to report problems and outages.