Bloustein Home Page its home
its
Common Concerns
Alerts

Technology Related Alerts Page

 

This page will be a location where information pertinent to technology related issues will be posted. Such postings may include information on viruses or security threats or problems being experienced within the EJB environment. If you're having a problem this is a good place to check to see if it is a universal issue.

 

7/13 RUWireless Update

Please note that we have received a report that this problem was resolved at approximately 1 pm today.

 

7/12 RUWireless Problems

Please be aware that there is currently a problem with the RUWireless network here on the New Brunswick Campus. Specifically, the login page is only available intermittently. In addition, RUWireless Secure is also experiencing similar problems. The department that manages the wireless networks is working on this problem and we will provide additional information as it becomes available.

 

5/25 Hill Maintenance Update

The maintenance was completed at Hill Center last night at approximately 8:40 pm. The majority of the systems at that facility are up and running and there are individuals working to restore any systems that have yet to come back online.

 

 

5/24 Update

 

The latest update received from Hill Center is as follows:

*CURRENT STATUS OF HILL CENTER MAINTENANCE ACTIVITY:*

      Hill Center Machine Room Maintenance Status Update

     As of May 24, 2011:  2:30 pm - On Schedule

Estimated Time of Machine Room Power Up:  10:00pm

- Default Web Traffic Redirect:  Completed
- Hosted Services Shutdown:  Completed
- Electrical Power Shutdown:  Completed
- Transformer Tie Breaker Install: Completed

- Building Transformers Back online

- PDU Feeder Panel Replacement:  Completed

- Tie Breaker Test and Certification:  Completed

- PDU Feeder Installation:  In Progress

- Existing PDU Maintenance:  Completed

- EPO / CO2 Relay Module / Shunt trip breaker Installation:  Completed

- New PDU Sub-Panel Connections:  In Progress

- Re-feed Existing PDUs:  In Progress

Next Steps:

  Test EPO Configuration

  New PDU Start-up and Certification

  Energize Machine Room Circuit

  Services Restoration Start

  Default Web Traffic Restoration

 

5/24 & 5/25: Hill Center Electrical Work

Please be aware that starting on 5/24, there will be a major disruption to a large number of IT based services, as electrical work is done to the Hill Center Computing Facility.  This work is scheduled to start at approximately 7am on the morning of the 24th and the goal is to have the work completed by the morning of the 25th.  However, the entire day of the 25th is covered under this announcement in case the work cannot be finished on the 24th, or in case additional problems are encountered.  

The services that will be disrupted include:

- Eden Email(Webmail, IMAP, POP, Pine)*
- Eden hosted personal websites
- Mailman (ad hoc mass emailing service)
- RAMS (Rutgers official mass emailing service)
- RATS (NetID management services)
- CMS/Drupal (University Relations website hosting service)
- All MSSG Hosted Services including software.rutgers.edu
- 'apps.rutgers.edu' (SAS, STATA, MatLab, etc.)
- RU-iptv Video on Demand services
- Sakai Course Management and Collaboration Services
- RUMail(Zimbra)Collaboration Services*
- @rutgers.edu (forwarding service)*
- RCI Email (Webmail, IMAP, POP, Pine)*
- RCI Hosted Web Sites
- RCI Hosted Virtual Mail domains
- Other RCI Services (Remote Drive Mapping, File Restores, Web Tools, Remote Access /SSH, FTP, etc.)
- CSS LDAP (internal authentication services for CSS)
- LDS (Large Data Set - research service)
- Nagios Service Monitoring
- Hill Center Operations Support
- RUWireless / RUWireless Secure NB
- RUWireless Secure Camden and Newark
- RUWireless Guest accounts and wireless printing on all campuses
- Printing in computer labs on all campuses
- New Brunswick Help Desk (445.HELP)  

If you would like more details about this outage, please visit the following page:

http://css.rutgers.edu/HillDowntime

Also, if you have any questions or concerns about this information, please let us know.

Thank you,

Martin

 

2/10 2:50 pm Update Re: Power Problems at Hill Center

I am happy to announce that the repairs have been finalized at Hill Center and the facility is back on grid power.

 

2/9 3:40 pm: Update Re: Power Problems at Hill Center

We have received an update regarding the power problems at Hill Center and we wanted you to be aware of the status. The facility that houses the vast majority of the mission critical systems at Rutgers continues to run on generator power. A transformer was damaged and is being replaced and it will take a couple of days before the work is fully completed.  We have been informed that the generator will support the facility until the repairs are completed and that provisions have been made to refuel the generator so as to prevent any down time.  We will provide additional updates as they become available, but thankfully it does appear that things have stabilized considerably since my announcement from yesterday.

 

2/8 9:30 am: Power Problems at Hill Center

Please be aware that a power problem arose late last night at Hill Center and work continues to try to resolve that issue. It is possible that you may lose connectivity to the resources at Hill Center at some point today and if that happens, it is unclear as to how long that outage may last. The resources at Hill Center include RUmail, RCI, Sakai, and almost everything else needed to make the university run. I would recommend that if you need any materials from your email account or from Sakai that you download them locally so that you have a backup in case these systems do become unavailable.

 

9/30 11:10 am RUWireless Problem in Civic Square

The wireless network is working again in Civic Square.

 

9/30 9:30 am RUWireless Problem in Civic Square

There is currently a problem with RUWireless that is impacting a number of locations including the Civic Square Building. The department that supports RUWireless is aware of the problem and is working to resolve it.

 

9/17 1:45 pm Slow Internet Access Update

We have received a report from the Telecommunications Department indicating that this issue has been addressed. I should add that there have been continued reports of minor issues related to external connectivity and most likely some additional modifications may be necessary on their part. The Telecommunications Department indicated in their report that they performed the following actions:

Network Operations has made several performance adjustments to improve Internet connectivity.

(1) increased default IP connection counts
(2) more evenly distributed Internet connectivity over
the current two Internet providers
(3) one Internet provider (NJEdge) corrected a policy
configuration

 

If you do continue to experience any problems related to Internet access, you should try deleting your temporary Internet files. This can be done in Internet Explorer by going to Tools -- Internet options and using the delete button under browsing history. In Firefox, you can use tools -- Clear Recent History. If clearing out these temporary files does not help you, please contact us and let us know the web site you are having a problem with.

 

9/15/10 9:45am Slow Internet Access Update

Please be aware that the slow Internet access to sites outside of Rutgers continues. The latest update we have received from the Telecommunications Department stated that, "We continue to monitor degradation of the Internet. Please note we are experiencing high usage and continue to adjust accordingly". Most likely this is related to the load being placed upon the Rutgers network by a very large incoming class of new students and hopefully the Telecommunications Department can make the changes necessary to resolve this problem soon. We will provide you with updates as we receive them.

 

 

9/13/10 Slow Internet Access

We have received reports of slow Internet access to sites outside of Rutgers. This is due to some problems at the handoff for the University. The department in charge of this is aware of the problem and is working to resolve it.

 

 

9/9/10 4:05 pm

The email problems that were experienced earlier have been addressed.

 

 

9/9/2010 3:45pm

There are currently problems sending emails through RCI and Zimbra. The departments in charge of these systems are aware of the problems and are working to resolve it.

 

 

5/3/2010 4:30 pm

RUMail connection problems.

 

3/18/2010 12:35 pm

The problem with emails being sent to @rutgers addresses appears to have been resolved.  I have not received any formal announcement about this, but test emails are now working.

 

3/18/10

Please be aware that there is currently a problem sending email to username@rutgers.edu .  This is the result of a problem on the RULink system, which forwards mail to the actual email addresses.  If you are having problems with email bounce backs this morning, please use the full rci address for an individual.  We are trying to obtain further information on the problem and an estimated timetable for resolution.

 

 

2/3/10

Please be aware that the Adobe phishing scam described below has been received by a number of university email accounts.  If you receive this message please delete it.  If you have any questions or concerns about this information, please let us know.
 
 
 
http://www.pcworld.com/article/188202/adobe_warns_of_pdf_phishing_scam.html

"Adobe Warns of PDF Phishing Scam
A hoax update to PDF Reader/Writer actually bears malware, the software company cautions users.
Ellen Messmer, Network World
Saturday, January 30, 2010 12:38 PM PST

A new phishing scam is trying to fool people into thinking it comes from Adobe, announcing a new version of PDF Reader/Writer. The message is making its way into e-mail boxes now, and the real Adobe urged any recipients to simply delete it.

The phishing scam has a subject line "download and upgrade Adobe PDF Reader – Writer for Windows," includes a fake version of Adobe's logo and provides links that would lead to malicious code or other trouble if a victim clicked on them. The e-mail appears to come from Adobe newsletter@pdf-adobe.org, which is part of the scam.

"It has come to Adobe's attention that e-mail messages purporting to offer a download of the Adobe Reader have been sent by entities claiming to be Adobe," the company said in a statement warning about it. "Many of these e-mails are signed as 'Adobe PDF' (or similar), and in some instances require recipients to register and/or provide personal information. Please be aware that these e-mails are phishing scams and have not been sent by Adobe or on Adobe's behalf."

The real Adobe Reader download page is on the Adobe Web site at http://get.adobe.com/reader/."

 

 

12/16/09: RCI Email Problem Update 2:40 pm

Although there are still some lingering issues, the majority of the problems on RCI have been resolved.  If you, or one of your colleagues, is still having RCI email problems please let us know. 

 

12/16/09: RCI Email Problem Update

The RCI system is still having problems today. It was confirmed that the RCI team upgraded a portion of the email software on the server last night and we have received a few reports of people who are unable to get their mail and reports that email programs (Thunderbird, Outlook) are timing out. The RCI team is aware of these issues and is working to resolve these problems. Please note that you may have to leave your email program open for an extended period of time before it fully synchronizes with the server.

 

12/15/09: RCI Email Problem Update

The RCI web site has a message stating that the "Official system test time for the RCI cluster is every Tuesday and Wednesday from 9:00 pm - 1:00 am".  That coupled with some information on a technical listserv makes it very likely that there is some work being performed on the system.          

 

 

12/15/09: RCI Email Problems: 9pm

RCI is currently running very slowly and connections to the system are timing out and failing. We will try to provide updates as they become available.

 

 

12/15/09: Malicious Acrobat PDF Alert

Please be aware that there are malicious Acrobat PDF files circulating which if opened can allow your computer to be remotely compromised.  Please be very careful opening any PDF files you receive via email or that you download from web sites.  If you receive or open a large number of PDF files on a regular basis, you should disable Acrobat JavaScript by opening Adobe and navigating to Edit->Preferences and unchecking 'Enable Acrobat JavaScript'.

 

12/1/09: 1 pm Wireless Network Problem

The wireless network problems have been resolved.

 

12/1/09: 9:30 am Wireless Network Problem

Please be aware that as of 10 pm last night, the wireless network at Civic Square has been unavailable.  This problem has been escalated to the team that manages RU Wireless and as soon as we have further information, we will pass it along.

 

11/10/09: 2:45 pm RCI Problem

The problem with RCI has been resolved.

 

11/10/09: 2:25 pm RCI Problem

There is currently a problem with RCI. They are aware of this and are working to resolve it.

 

11/2/09: Internet Degradation

The problem that arose on 10/30 has reportedly been resolved by the Telecommunications Department.

 

10/30/09: Internet Degradation

Please be aware that the primary Internet link for the University is currently down and the University is running on the backup link.  The department that supports this equipment is currently working on the problem, but there isn't any timeframe on resolution.  Due to this failure, you may notice slower access to sites outside of Rutgers. 

 

9/30/09: RCI Email Problems

As of 11 am these problems have been resolved as per a note from the RCI support team.

 

9/30/09: RCI Email Problems

There have been intermittent problems with RCI this morning in regards to sending and receiving mail, as well as with logging into accounts. The RCI team is aware of the problem and they are working on it. The problem started at approximately 10 am.

 

9/23/09: Slow Internet

There have been repeated reports of degraded Internet service campus wide this afternoon. The Telecommunications Department is aware of this and looking into the problem. This problem was resolved later in the day on the 23rd.

 

9/22/09: RCI Problems

The problems on RCI were resolved at approximately 5:45 pm.

 

9/22/09: RCI Problems

There is currently an email problem with RCI. Webmail is working, but connections with programs like Outlook or Thunderbird are not. This has been reported to the RCI team - approximate time 5:10 pm.

 

9/14/09: RCI Problems

The email problem has been fixed as of approximately 2:35 pm.

 

9/14/09: RCI Problems

A problem using RCI with clients like Outlook and Thunderbird arose approximately fifteen minutes ago (2:15pm). RCI is aware of this problem and is working to fix the problem.

 

8/26/09: RCI and Rutgers Sites Down

Due to a thermal failure, RCI email and many Rutgers websites are down. The formal announcement is as follows: Due to a cooling problem, the Hill Center machine room has been shut down. As a result, most University central services are affected and are not working. Both OIT and Facilities staff are working on the problem. Anticipated time of return of services is currently unknown. We apologize for any inconvenience you may incur and thank you for your understanding and patience.

 

3/31/09: Conficker Update

As you may be aware, the widely publicized conficker worm is scheduled to receive updated instructions tomorrow.  This worm only affects MS Windows based systems and takes advantage of a vulnerability that was patched back in October of 2008.  When this virus emerged in January of 2009, we scanned our networks to ensure that all of the machines were patched and sent out announcements about the seriousness of the vulnerability.  We also asked that you update your home computers appropriately.  Unfortunately there are still millions of machines in the world infected with this virus and it is unclear as to whether there will be a major cyber incident tomorrow, or whether this will be an April Fool's joke.  The University is currently scanning networks for any traces of this virus and we recommend that you ensure that your personal computers are up to date in terms of patches and anti virus updates.  There was also a segment about this worm on 60 Minutes this past Sunday and here is a link that you may find interesting:
 
 
An updated official announcement from the National Cyber Alert System follows and if you have any questions or concerns, please let us know.

Thank you,

Martin O'Reilly
EJB Information Technology Services
    
 

National Cyber Alert System

              Technical Cyber Security Alert TA09-088A


Conficker Worm Targets Microsoft Windows Systems

   Original release date: March 29, 2009
   Last revised: March 30, 2009
   Source: US-CERT


Systems Affected

     * Microsoft Windows


Overview

   US-CERT is aware of public reports indicating a widespread
   infection of the Conficker/Downadup worm, which can infect a
   Microsoft Windows system from a thumb drive, a network share, or
   directly across a corporate network, if the network servers are not
   patched with the MS08-067 patch from Microsoft.


I. Description

   Home users can apply a simple test for the presence of a
   Conficker/Downadup infection on their home computers.  The presence
   of a Conficker/Downadup infection may be detected if a user is
   unable to surf to their security solution website or if they are
   unable to connect to the websites, by downloading detection/removal
   tools available free from those sites:
  
http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid
=us_ghp_link_conficker_worm


http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx

   If a user is unable to reach any of these websites, it may indicate
   a Conficker/Downadup infection.  The most recent variant of
   Conficker/Downadup interferes with queries for these sites,
   preventing a user from visiting them.  If a Conficker/Downadup
   infection is suspected, the system or computer should be removed
   from the network or unplugged from the Internet - in the case for
   home users.


II. Impact

   A remote, unauthenticated attacker could execute arbitrary code on
   a vulnerable system.


III. Solution

   Instructions, support and more information on how to manually
   remove a Conficker/Downadup infection from a system have been
   published by major security vendors.  Please see below for a few of
   those sites. Each of these vendors offers free tools that can
   verify the presence of a Conficker/Downadup infection and remove
   the worm:
  
Symantec:

http://www.symantec.com/business/security_response/writeup.jsp?
docid=2009-011316-0247-99

Microsoft:

http://support.microsoft.com/kb/962007

http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx

  
   Microsoft PC Safety hotline at 1-866-PCSAFETY, for assistance.

   US-CERT encourages users to prevent a Conficker/Downadup infection by
   ensuring all systems have the MS08-067 patch (see

http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx   ),

disabling AutoRun functionality (see http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and
   maintaining up-to-date anti-virus software.


IV. References

 * Microsoft Windows Does Not Disable AutoRun Properly -
   <http://www.us-cert.gov/cas/techalerts/TA09-020A.html>

 * Virus alert about the Win32/Conficker.B worm -
   <http://support.microsoft.com/kb/962007>

 * Microsoft Security Bulletin MS08-067 - Critical -
   <http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx>

 * MS08-067: Vulnerability in Server service could allow remote code
   execution -
   <http://support.microsoft.com/kb/958644>

 * The Conficker Worm -
   <http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm>

 * W32/Conficker.worm -
   <http://us.mcafee.com/root/campaign.asp?cid=54857>

 * W32.Downadup Removal Tool -
   <http://www.symantec.com/business/security_response/writeup.jsp?
docid=2009-011316-0247-99
>

 

 

 

2/20/09: Acrobat Vulnerability Being Exploited

 

There is a new security threat targeted at Adobe Acrobat that is currently being exploited.  It is important that you are aware of this and that you are careful in regards to opening attachments, opening links in emails, or browsing unfamiliar web sites.  Adobe has yet to release a patch for this, but it will be coming out within the next few weeks.  I know that the Adobe updates can be quite tedious, but this is a good illustration as to why they are necessary.  The full security advisory follows and if you have any questions, please let us know.

 

MULTI-STATE INFORMATION SHARING AND ANALYSIS CENTER CYBER SECURITY ADVISORY
*
*MS-ISAC** ADVISORY NUMBER:*
2009-008

*DATE(S) ISSUED:*
2/20/2009

*SUBJECT:*
Vulnerability in Adobe Reader and Adobe Acrobat Could Allow Remote Code
Execution

*OVERVIEW:*
A new vulnerability has been discovered in the Adobe Acrobat and Adobe
Reader applications that allows attackers to execute arbitrary code on
the affected systems. Adobe Reader allows users to view Portable
Document Format (PDF) files. Adobe Acrobat offers users additional
features such as the ability to create PDF files.

Depending on the privileges associated with the user, an attacker could
then install programs; view, change, or delete data; or create new
accounts with full user rights. Unsuccessful exploitation attempts may
cause these programs to crash.

*It should be noted that this vulnerability is being actively exploited
on the Internet.*

*SYSTEMS AFFECTED:*

          o Adobe Reader 9 and earlier versions
          o Adobe Acrobat Standard, Pro, and Pro Extended 9 and earlier
            versions

*RISK:*

*Government:*

          o Large and medium government entities:* High*
          o Small government entities:* High*

*Businesses:*

          o Large and medium business entities:* High*
          o Small business entities:* High*

*Home users: High*

*DESCRIPTION:*
Adobe Reader and Acrobat are prone to a remote code execution
vulnerability.  The exploit is a two-stage attack.  The malware exploits
an integer overflow and then uses JavaScript to execute a heap spray to
inject shellcode.  A heap spray attempts to inject code into the memory
of a target process.  Testing by Shadowsever has shown that disabling
JavaScript in Adobe will defeat the remote code execution but still
result in denial of service.

The exploit is being seen in targeted attacks but is expected to become
more widespread.  Some anti-virus vendors currently detect this
exploit.  Trend Micro detects it as TROJ_PIDIEF.IN.  Symantec detects it
as Trojan.Pidief.E.

Adobe expects to make available an update for Adobe Reader 9 and Acrobat
9 by March 11th, 2009.  Patches for other versions with be available later.

*RECOMMENDATIONS:*
We recommend the following actions be taken:

          o Ensure antivirus software signatures are current.
          o Do not open email attachments from unknown or un-trusted
            sources.
          o Provide user awareness notification about this vulnerability
            and exploit.
          o Do not visit un-trusted websites or follow links provided by
            unknown or un-trusted sources.
          o Consider disabling JavaScript in Adobe by navigating to
            Edit->Preferences and unchecking 'Enable Acrobat JavaScript'.
          o Install the appropriate vendor patch as soon as it becomes
            available after appropriate testing.


*REFERENCES:*

*Adobe:*
http://www.adobe.com/support/security/advisories/apsa09-01.html

 

*McAfee:*
http://www.avertlabs.com/research/blog/index.php/2009/02/19/new-backdoor-attacks-using-pdf-documents/

*SANS:*
http://isc.sans.org/diary.html?storyid=5902

*Security Focus:*
http://www.securityfocus.com/bid/33751

*Shadowserver:*
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219

*Trend Micro:*
http://blog.trendmicro.com/portable-document-format-or-portable-malware-format/


1/21/09: Downadup Virus Alert

There is a virus spreading rapidly on the Internet and via USB devices known as the Downadup or Conficker virus.  This virus is related to a vulnerability in Microsoft Windows that was patched back in October of this year.  The systems here at the Bloustein School are configured to automatically update and are protected from this vulnerability, but you should ensure that your computers at home are set the same way, or that you do a windows update at your earliest convenience.  You should also ensure that your anti virus software is up to date as well.  If you need any assistance in relation to running a windows update or checking your anti virus software, please contact us at ejbhelp@rci.rutgers.edu
 
The formal announcement from MS-ISAC follows.

Thank you,
 
Martin O'Reilly
 

Subject: MS-ISAC Cyber Information Bulletin - Widespread Infections Due to
Vulnerabilities Defined in MS08-067

MULTI-STATE INFORMATION SHARING AND ANALYSIS CENTER CYBER INFORMATION BULLETIN

DATE ISSUED:
January 20, 2009

SUBJECT: Widespread Infections Due to Vulnerabilities Defined in
MS08-067

Widespread infections due to the vulnerability the Microsoft Server
Service (MS08-067) have recently been reported. The malware
responsible for the infections is referred to as WIN32/Conflicker /
Downadup Worm and current estimates for the number of infected systems
range from 2.4 million to 8.9 million computers. Originally the
vulnerability was being exploited by a Trojan, but recently the
malware has become a worm capable of propagating without interaction.
The worm will attempt to spread by guessing the passwords to file
shares on the system.  The act of guessing passwords has resulted in
some organizations experiencing account lockouts. The worm will also
spread via removable media.

Once a system is infected, it will contact a pseudorandom, dynamically
generated domain name.  These domain names are changing frequently,
with hundreds of new domain names being generated daily. The worm will
check the domain for any updates to the malware and also report how
many systems have been successfully infected. However, the volume of
domains being generated makes it impractical to stop this infection by
blocking the domain names or IP addresses. At this time, the worm does
not perform any additional malicious activity. If a compromise has
been identified, the passwords on the system must be reset to a more
complex and stronger password.

It is recommended that security device logs be examined for egress
traffic to the domain names included in the following links as this
may be an indication of an infection. However, it should be noted that
this is not a complete list and the absence of egress traffic to these
domains may not rule out an infection.

http://www.f-secure.com/weblog/archives/downadup_domain_blocklist_13_16.txt


http://www.f-secure.com/weblog/archives/downadup_domain_blocklist_17_31.txt



Microsoft has released instructions for manual removal of the worm.
Additionally, the January version of the Malicious Software Removal
Tool from Microsoft will detect and remediate infections due to the
vulnerability.  However, the worm will disable automatic Microsoft
Windows updates, so this software must be downloaded manually.

RECOMMENDATIONS:

We recommend the following actions be taken:
* Apply Microsoft patch MS08-067
* Download and run the January Malicious Software Removal Tool from Microsoft
* Follow the instructions in the Microsoft KB article for manual removal
* Provide the administrator account of the computer with a strong password
* Completely disable the AutoRun function
* Ensure that all anti-virus software is up to date with the latest signatures.

REFERENCES:

Microsoft:
http://support.microsoft.com/kb/962007
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

F-Secure:
http://www.f-secure.com/weblog/

CNN:
http://www.cnn.com/2009/TECH/ptech/01/16/virus.downadup/index.html

MS-ISAC:
http://www.msisac.org/advisories/2008/2008-034b.