WebAccess QA: updated SSL library

The Cosign processes on the WebAccess QA servers are now using a newer SSL library.

WebAccess: Reducing registration requests

We are testing a WebAccess configuration change which will remove the need for the most common type of registration.

PHP Scripts IPv6 Being Enabled July 17

On July 17, 2013, during the maintenance window, 5-7 AM, AIT will be enabling IPv6 for the php.scripts.psu.edu service.

ITS Alerts Unavailable

On Monday, March 11, 2013 at 6:27 p.m., AIT staff disabled the ITS Alerts website to prevent further exposure of a security vulnerability discovered earlier that day. In its place, a static placeholder page was added to give status information as to the progress of service restoration.

By 5:10pm, Tuesday, March 12, the rss files had been restored.

The security vulnerability was a form of SQL injection. While a previous attempt at defeating SQL injection of end-client inputs had been installed, it was deemed insufficient against modern methods, and the site was taken down while a more suitable correction could be installed.

Analysis revealed that while a remote system made an attempt to verify the vulnerability, no data had been disclosed; any data that would have been disclosed was either public information, or otherwise not sensitive. Further, the SQL injection vector did not have permission to modify any data due to least privilege policy.

When the service is restored, all original functionality and data will be intact, except for, of course, the vulnerability.

Please view the ITS Alerts site for updates as they become available.

Addendum (2013/Mar/13 1:07 p.m.): alert-2633 was created as the permanent alert message describing this service outage.

Dirapps Certificate Change on March 7, 2013

On March 7, 2013, the dirapps.aset.psu.edu certificate will be updated, per ITS Alert #2617 http://alerts.its.psu.edu/alert-2617. The certificate authority is changing from Thawte to Comodo.

WebAccess: Registrations suspended 12/21-1/3

WebAccess registrations received after 5 p.m. on Thursday, Dec. 20, will not be processed until Friday, Jan. 4, 2013.

WebAccess QA follow-up: new hostname/port number

For the QA service, the old hostname/port combination (cosign.aittest.psu.edu/6663) have been shut down.

WebAccess: old hostname and port being shut down 2013/1/2

On January 2, 2013, the WebAccess old configuration hostname and port (webaccess.psu.edu, port 6663) to which Cosign filters connect to validate cookies, is being shut down. The website, https://webaccess.psu.edu/, will remain the same. An alternate configuration is available …

Announcement: CosignModule 3.1.1 for IIS7 released

The following is from this message; websites using CosignModule should be upgraded:

WebAccess: Cosign filter configuration change

WebAccess protected websites are requested to change their Cosign filter configuration well before August 16, 2012. …