|
E-mail system upgrade being completed Dec. 2 (12/02/03) Virus Alert: Windows W32.Mimail.J@mm worm reported on campus (11/18/03) Virus Alert: Windows W32.Mimail.C@mm worm reported on campus (10/31/03) Virus Alert: Microsoft patch e-mail is a hoax (9/19/03) Nov. 1 & 2 outages: E-mail, calendar, backup services (10/31/03) Oct. 24-27 outage: Several administrative systems (10/24/03) CorporateTime changes name to Oracle Calendar (9/15/03) EZ-Remote rate increase and Express Lane changes (9/16/03) Labor Day e-mail loss (09/12/03) Windows vulnerabilities discovered; update security software (9/11/03) Windows W32.Sobig.F worm reported on campus (8/19/03) Windows W32/Blaster worm requires Windows updates (8/12/03) Windows W32.Mimail.A@mm worm gives false message about e-mail account expiring (8/1/03) July 27 and Aug. 3 e-mail upgrades canceled: you can move to the new e-mail system whenever you choose (07/23/03) July 11-14 outage: Several administrative systems (07/10/03) July 9, 2003 disk failure caused lost e-mail for some users on postoffice8 (07/10/03) Windows W32.Bugbear.B@mm reported on campus (06/05/03) Apr. 13 outage: Most campus computing systems, 3-8 a.m. (04/07/03) Apr. 4-9 outage: All HR and Payroll systems (03/18/03) Mar. 22-23 outage: Several HR and Payroll systems (03/21/03) Mar. 23 outage: CornellC services (03/21/03) Sendmail users: Upgrade to fix critical vulnerability (03/04/03) Telnet "Just the Facts" discontinued (01/30/03) Windows "SQL" worm reported on campus (01/25/03) Windows "SoBig" worm reported at Cornell (01/22/03)
More Archived NewsFlashes Some of these news flashes originally appeared in the Cornell Chronicle. Also see our 2003 Briefs Archive page.
On Dec.2, the server hosting postoffice plus postoffices 1, 2, 3, 4, and 5 was retired from service. People who did not move their e-mail accounts to a new postoffice prior to Dec. 2 will have limited access to their e-mail until they make some changes on their computers. People in this situation can use WebMail or uPortal.Cornell's e-mail channel to see their e-mail in the meantime. CIT's Contact Center can offer assistance in transitioning to the new e-mail system. Call 255-8990 or e-mail helpdesk@cornell.edu. The Contact Center is open Mon.-Fri., 8 a.m.-5 p.m., with special extended phone hours Dec. 1-Dec. 4 from 5-8 p.m., and Dec. 6-7 from noon-5 p.m. All e-mail services for @cornell.edu will be unavailable between the hours of 8:00 a.m. and 12:00 noon on Sunday, November 2 to fix a bug in the Cyrus software. This outage affects all of CIT's postoffice servers, regardless of whether you use WebMail, Eudora, or another mail program. The Campus Calendar Server for CorporateTime/Oracle Calendar will be unavailable for monthly maintenance from 9:00 p.m. on Saturday, November 1 through 5:00 p.m. on Sunday, November 2. This outage affects several nodes: 1701 (campus), 1801 (campus2), 1030 (che-ct), 1704 (extension) and 1706 (campuslife). EZ-Backup will be unavailable because of scheduled maintenance on Sunday, November 2, from 7:30 a.m. through 12:00 noon.
On Oct. 24-27, a team will be upgrading PeopleTools, Oracle,
and AIX. Work will begin at 12:00 a.m. midnight on Fri., Oct. 24, and
will finish by 8:00 a.m. on Mon., Oct. 27. During this time, several campus systems will be unavailable:
During Labor Day weekend, while dealing with massive volumes of incoming e-mail that resulted from the Sobig.F virus, a mistake was made that resulted in e-mail loss. On Sunday, August 31 at 8:12a.m., some mail was moved to a holding area to manually remove the virus infected mail. During this move a mistake was made that resulted in e-mail being lost. The problem was discovered on Tuesday, September 2 at approximately 1:00p.m. Between 8:12a.m. Sunday and 1:00p.m. Tuesday, 745,262 pieces of mail received by the Cornell mail servers were lost. Please note that during that time period, 50 percent of the e-mail being received was virus infected and 25 percent was marked as spam. What we're doing: We are searching the logs to identify the senders of mail sent during the affected period. We hope to eliminate virus traffic from the results and then notify all other senders, asking that they re-send these messages. We apologize for the inconvenience this outage has caused. We are investigating procedures and safeguards to prevent this type of problem in the future. W32.Mimail.A@mm, a Windows virus, has been reported at Cornell. This worm infects computers running Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, and Windows Me. Macintosh and Unix variants are not affected. What to Watch For W32.Mimail.A@mm is contained in an e-mail attachment named message.zip. Do not open any attachment with this name. The e-mail message may come from "admin@cornell.edu" or another official-looking address, has a subject line that begins with "your account," and claims that your e-mail account is about to expire. This claim is false: your e-mail account will not be terminated as a result of this e-mail, which is designed to cause confusion. The Mimail worm is hidden within an HTML file that is delivered in a compressed ZIP archive. The worm takes advantage of a vulnerability in Internet Explorer to collect information from certain windows on your desktop and e-mail it to recipients listed in the worm. The worm then spreads itself by e-mail to people in your address book. Detailed description (from Symantec) How to Avoid It CIT urges all Windows users to update their Symantec AntiVirus software and perform a complete system scan. W32.Mimail.A@mm is detected by Symantec AntiVirus software that has been updated to the 8/1/03 virus definition file, or a newer file. To update, run Symantec AntiVirus and choose Live Update. Or download the file via Bear Access (Virus Protection folder) or via Symantec's download page. Cornell University has signed a site license with Symantec to provide Symantec AntiVirus (SAV) to the entire campus community. The license allows SAV to be used on all university-owned computers, home computers of staff and faculty, and computers owned by registered students. Microsoft Security Bulletin MS03-014 includes a patch for repairing the underlying vulnerability in Internet Explorer. Also see CIT's tips for making
Eudora more resistant to viruses/worms. How to Get Rid of It If you suspect your computer has been infected, visit this Symantec AntiVirus page for instructions on how to remove the worm. If you need additional assistance, please contact the CIT HelpDesk.
On July 11-14, a team will be doing the first of several
phases to add a new module (Contributor Relations) to Cornell's PeopleSoft
system. Work will begin at 11:30 a.m. on Fri., July 11, and will finish
by noon on Mon., July 14. During this time, several campus systems will be unavailable:
W32.Bugbear.B@mm, a Windows virus, has been reported at Cornell. W32.Bugbear.B@mm infects computers running Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, and Windows Me. Macintosh and Unix variants are not affected. As of 1:15 p.m. on 6/5/03 Cornell Information Technologies
has been blocking messages containing the virus. As a result, any message
that has the virus will not be delivered. What to Watch For W32.Bugbear.B@mm is contained in e-mail attachments. The message will contain a subject line and content taken from random files and e-mail messages on an infected computer. Note this means that infected systems may send confidential mail to unintended recipients. Do not open any e-mail attachments until your anti-virus software has been updated. If launched, the worm will infect a select list of executable files. The worm has keystroke-logging, which can be used to steal passwords and confidential information. Also, the worm installs a backdoor which gives hackers access to infected systems. Additionally, the worm attempts to terminate the processes of various anti-virus and firewall programs. Detailed description (from Symantec) How to Avoid It CIT urges all Windows users to update their Norton AntiVirus software and perform a complete system scan. W32.Bugbear.B@mm is detected by Norton AntiVirus software that has been updated to the 6/5/03 virus definition file, or a newer file. To update, run Norton AntiVirus and choose Live Update. Or download the file via Bear Access (Virus Protection folder) or via Symantec. Cornell University has signed a site license with Symantec to provide Norton AntiVirus (NAV) to the entire campus community. The license allows NAV to be used on all university-owned computers, home computers of staff and faculty, and computers owned by registered students. Also see CIT's tips for making
Eudora more resistant to viruses/worms. How to Get Rid of It If you suspect your computer has been infected, visit this Norton AntiVirus page for instructions on how to remove the worm. If you need additional assistance, please contact the CIT HelpDesk.
From 3:00 to 8:00 a.m. on Sunday, Apr. 13, most campus computing services will be unavailable while a networking upgrade in Rhodes Hall is completed. List of affected services (SideCar required) The work that Cornell Information Technologies is doing will bring the facilities that host the university's critical computing and network services up to the latest design and construction standards. If problems are encountered during this work, the fallback date will be Sunday, Apr. 27. During the outage, concerns or questions can be directed to the Network Operation Center (NOC) at 255-9900.
On Apr. 4-9, a team will upgrade the current PeopleSoft HR/Payroll system to version 8 of PeopleSoft, which provides more functionality and better options for the future. There will be no changes to paycheck schedules or production, nor any significant* changes to associated systems once the upgrade is complete. The upgrade will begin at noon on Fri., Apr. 4, and will finish by the start of business on Wed., Apr. 9. During the upgrade work, all HR and Payroll systems will be unavailable. This outage affects:
Kronos will continue to operate during this outage and monthly campus HR/Payroll Actuate reports will be available. If there are any issues or questions regarding this effort, please e-mail Barb Mueller (bm89). We appreciate your patience and support during the upgrade. * When SES (Student Employment System) users log in for the first time after the upgrade, Bear Access will tell them a download is required. They should accept it.
From Sat., Mar. 22 at 6:00 p.m. through Sun., Mar. 23 at 6:00 p.m., several HR and Payroll systems will be unavailable. This outage affects:
On Sun., Mar. 23, 7:00 a.m.-12:00 p.m. (noon), CIT will be doing maintenance on CornellC. This outage affects these CornellC services:
If your system runs Sendmail on Linux, UNIX, or Windows NT, please be advised of a critical vulnerability. The vulnerability, a buffer overflow, can be used by an attacker to gain "root" or "superuser" access to your system. Firewalls and packet filters do not protect against this vulnerability. The following versions are affected:
If you are using the open source version of Sendmail, upgrade to Sendmail 8.12.8 or apply a patch for 8.12.x (or for older versions) available from http://www.sendmail.org/. If you are using a commercial version, check with the vendor. For details, see Internet Security Systems' description.
On Jan. 31, 2003, the telnet version of Just the Facts will be discontinued. This service was a way for students to view their grades, course schedule, addresses, and other information stored in Just the Facts using a telnet client. It has been replaced with a web-based version of Just the Facts that has the same functionality. The web-based version, like the telnet version, is intended to let students review their Just the Facts information in situations where they cannot use Bear Access. To modify any information shown in Just the Facts, or to use CoursEnroll, students still need to launch Just the Facts via Bear Access.
W32.SQLExp.Worm, a Windows worm, has been reported at Cornell. The worm is also known as SQL Slammer and SQL Sapphire. SQLExp infects servers running Microsoft SQL that have *not* been updated with SQL server Service Pack 2 or 3. This could include Windows NT, 2000, and XP. Because the worm targets port 1434 (SQL Server Resolution
Service Port), Cornell Information Technologies has blocked port 1434
inbound and outbound traffic on the campus border routers. What to Watch For The worm uses a buffer overflow to exploit a known flaw in Microsoft SQL. It exists only in memory. The most common indication of infection is increased outgoing traffic on port 1434 as the worm continuously sends itself to different IP addresses. The worm's activity can create poor network performance or a denial-of-service attack. For details, see the descriptions from Symantec or McAfee. How to Avoid It; How to Get Rid of It Update to Service Pack 3 (http://www.microsoft.com/sql/downloads/2000/sp3.asp) or apply patch MS02-039, then restart the server. Norton AntiVirus cannot detect this worm.
W32.Sobig.A@mm, a Windows worm, has been reported at Cornell. SoBig infects computers running Windows 95/98/Me, NT, 2000, and XP. As of 1/23/2003, Cornell Information Technologies has been
blocking messages infected with this worm. What to Watch For SoBig comes via e-mail from "big@boss.com". The worm itself is contained in an e-mail attachment with a ".pif" extension. Do not launch the ".pif" file. If launched, SoBig will try to e-mail itself to addresses it finds on your computer. SoBig also tries to spread itself via open network shares. How to Avoid It CIT urges all Windows users to update their Norton AntiVirus software. SoBig is detected by Norton AntiVirus software that has been updated to the Jan. 10, 2003, virus definition file, or a newer file. To update, run Norton AntiVirus and choose Live Update. Or download the file via Bear Access (Virus Protection folder) or via Symantec. Also see CIT's tips for making Eudora more resistant to viruses/worms. How to Get Rid of It If you suspect your computer has been infected, visit this Norton AntiVirus page for instructions on how to remove the worm. If you need additional assistance, please contact the CIT HelpDesk.
|
||||||||||||||
E-mail system upgrade being completed Dec. 2
(12/02/03)