WebAccess QA: Updated Cosign Software

The CoSign software on the WebAccess QA servers has been updated.

WebAccess: updated SSL library

The Cosign processes on the WebAccess QA servers are now using a newer SSL library.

Departmental PASS Quota Notifications

Starting April 21, 2014, ITS will send automatic e-mail messages to the owners of departmental PASS every night that their respective PASS allocation is over 90% quota.

WebAccess QA: updated SSL library

The Cosign processes on the WebAccess QA servers are now using a newer SSL library.

WebAccess: Reducing registration requests

We are testing a WebAccess configuration change which will remove the need for the most common type of registration.

PHP Scripts IPv6 Being Enabled July 17

On July 17, 2013, during the maintenance window, 5-7 AM, AIT will be enabling IPv6 for the php.scripts.psu.edu service.

ITS Alerts Unavailable

On Monday, March 11, 2013 at 6:27 p.m., AIT staff disabled the ITS Alerts website to prevent further exposure of a security vulnerability discovered earlier that day. In its place, a static placeholder page was added to give status information as to the progress of service restoration.

By 5:10pm, Tuesday, March 12, the rss files had been restored.

The security vulnerability was a form of SQL injection. While a previous attempt at defeating SQL injection of end-client inputs had been installed, it was deemed insufficient against modern methods, and the site was taken down while a more suitable correction could be installed.

Analysis revealed that while a remote system made an attempt to verify the vulnerability, no data had been disclosed; any data that would have been disclosed was either public information, or otherwise not sensitive. Further, the SQL injection vector did not have permission to modify any data due to least privilege policy.

When the service is restored, all original functionality and data will be intact, except for, of course, the vulnerability.

Please view the ITS Alerts site for updates as they become available.

Addendum (2013/Mar/13 1:07 p.m.): alert-2633 was created as the permanent alert message describing this service outage.

Dirapps Certificate Change on March 7, 2013

On March 7, 2013, the dirapps.aset.psu.edu certificate will be updated, per ITS Alert #2617 http://alerts.its.psu.edu/alert-2617. The certificate authority is changing from Thawte to Comodo.

WebAccess: Registrations suspended 12/21-1/3

WebAccess registrations received after 5 p.m. on Thursday, Dec. 20, will not be processed until Friday, Jan. 4, 2013.

WebAccess QA follow-up: new hostname/port number

For the QA service, the old hostname/port combination (cosign.aittest.psu.edu/6663) have been shut down.