Wednesday, December 22, 2021

Critical Java Vulnerability (Log4j)

In a computer program, a logging library's purpose is to record events to a file. These events could be a request for a web page, a user reports a crash, a sensor is reporting a harmful temperature, a chatbot question from a potential consumer, etc. There is a rule in secure programming to never trust user input because the input could be constructed to subvert the program. The idea that a logging library would parse log event data is incredibly stupid and the fact that it is the default behavior of Log4j 2 until the recent version 2.15 release is the basis of the current nightmare incident we are living through.

Technology vulnerabilities are reported using the CVE (Common Vulnerabilities and Exposures) system that is maintained by The MITRE Corporation. So far, three CVEs exist due to the Log4j vulnerability and they are:

The first CVE, CVE-2021-44228, has earned a perfect ten from CVSS, which is a scoring system to measure the severity of a given vulnerability. Many security experts have jokingly wondered what a perfect ten would be given that other widely deployed software with critical vulnerabilities rarely earn a 9.8. This Log4j situation is no joke, though.

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has published guidance for the Log4j incident.

Additionally, CISA has established a community sourced GitHub repository.

The Apache Foundation maintains Log4j 2 and publishes the Log4j 2 Change Release History Log.

ITS is tracking the evolving nature of this situation so that our organization is not impacted. If you have any concerns about particular software, services, etc. that you use at the College please email its@manhattan.edu.

Wednesday, December 15, 2021

UPDATE - 15-December-2021 11:03 - 15 - December 2021 - There is an Issue with our authorization provider that is affecting some logins.

UPDATE - 15-December-2021 11:03

Services are returning to normal. We will continue to closely monitor the situation. 


--------------------------------------------------------------------------------


There is an Issue with our authorization provider that is affecting some logins. 

We are working to resolve this issue as fast as possible. 

Next update before 11:00am 

Tuesday, December 14, 2021

DUO MFA Support Session Wednesday December 15th

ITS will be offering support sessions with members from the Technology Training team for those who will need to enable DUO Multi-Factor Authentication on their JasperNet accounts. Below please find more information about the drop-in training sessions. There is no signup required.


When:
  • December: 15th (Wednesday) from 11:00am - 2:00pm

  • January: 5th, 12th, and 19th (all Wednesday’s) from 11:00am-2:00pm

Where: MGL 305 (Computer Lab)

Please remember to bring your cell phone to complete the setup.

For more information on why this is needed please refer to this post.

If you are unable to attend or have any questions please contact its@mahattan.edu and someone from the Training Team will reach out to schedule a separate time and answer any questions you may have.

Sunday, December 12, 2021

ITS CLIENT SERVICES - LIMITED SERVICE DURING FINALS WEEK

Wednesday, 12/15/21  Jasper and RLC Offices Closing at 4:00 pm.


Thursday, 12/16/21  RLC Office closing at 5:00 pm


Friday, 12/17/21  Due to low staffing, ITS Client Services will be closed; we will be handling emergency issues only.   


We apologize for the inconvenience.


As a reminder, tickets should be submitted to its@manhattan.edu.

Tuesday, December 7, 2021

Duo MFA Support Session Wednesday December 8th

DUO MFA Support Sessions

ITS will be offering support sessions with members from the Technology Training team for those who will need to enable DUO Multi-Factor Authentication on their JasperNet accounts. Below please find more information about the drop-in training sessions. There is no signup required.

When:
  • December: 1st, 8th, and 15th (all Wednesday’s) from 11:00am - 2:00pm

  • January: 5th, 12th, and 19th (all Wednesday’s) from 11:00am-2:00pm

Where: MGL 305 (Computer Lab)

Please remember to bring your cell phone to complete the setup.

For more information on why this is needed please refer to this post.

If you are unable to attend or have any questions please contact its@mahattan.edu and someone from the Training Team will reach out to schedule a separate time and answer any questions you may have.