DoIT Calls for NetID Password Changes in Response to Heartbleed Bug

Stony Brook University's Heartbleed NetID Password Change Poster

Help us spread the word by downloading, printing, and hanging up the poster in your area.

CIO Cole Camplese issued the following campus announcement on April 15, urging everyone to change their NetID passwords as a result of the Heartbleed Bug …

To the Campus Community:

Good afternoon. Due to our current understanding of the Heartbleed Bug that has impacted the majority of the Internet, I wanted to provide you with a brief update on our progress and immediate next steps. We have no evidence that any Stony Brook University system or user credentials have been exploited by the Heartbleed Bug. However, we feel in order to protect your data and the institution’s data and out of an abundance of caution, you should change your Stony Brook NetID password.

To change your Stony Brook NetID password, please follow these directions carefully:

http://it.stonybrook.edu/help/kb/changing-your-netid-password

To stay connected to updated Heartbleed Bug information, to get immediate help or support in the password change process, and to review what has been done to date at Stony Brook University, please visit:

http://you.stonybrook.edu/heartbleed

Cole W. Camplese
Vice President for Information Technology & CIO
Stony Brook University

Security Alert: OpenSSL “Heartbleed” Bug

heartbleed bug icon

Several media outlets reported a serious vulnerability in OpenSSL 1.0.1 through 1.0.1f (inclusive) called “The Heartbleed Bug,” on April 7, 2014. This represents a serious Web security flaw that may compromise privacy. Please see the following news articles and websites which describe the issue in greater detail:

If you run a Web server with SSL (specifically OpenSSL 1.0.1 through 1.0.1f), it is  recommended that you patch the software immediately and upgrade to OpenSSL 1.0.1g. If you’re stuck with a previous version of OpenSSL for some reason, you can block the vulnerability by re-compiling it using the OPENSSL_NO_HEARTBEATS flag. OpenSSL 1.0.2 will have the bug fixed in the upcoming 1.0.2-beta2 release. If you do not know what version of SSL you are running, go to https://sslanalyzer.comodoca.com and enter your site’s URL to find out if the site is vulnerable.

Additionally, if you have contracted with any vendors who use SSL, please contact them immediately to find out if they have applied the current patches and to find out what other steps may be required.

One of the side effects of this vulnerability is that the server private key may be compromised and there may be no trace of it. In this case, after patching, please generate new keypairs and request a new certificate. DoIT will provide a new Comodo/Incommon certificate to its Stony Brook IT Partners at no cost if they just email the CSR to certreq@stonybrook.edu.

DoIT is actively monitoring the situation here at Stony Brook and has contacted its vendors about any vendor-supplied software.

Stony Brook’s SOLAR, PeopleSoft, Blackboard, and Google Apps for Education systems are not affected by this vulnerability. Other systems accessed with your Stony Brook NetID and NetID password are not affected.

Individual users may want to consider changing the passwords on all their sensitive Internet accounts, such as banking accounts, private email accounts, and any accounts created for online shopping with the use of credit card information. However, the New York Times Bits blog suggests waiting a day or two to allow time for websites to get patched.

DoIT has created a public Yammer group to provide the campus community with updates as this situation unfolds and develops. Please post your questions and comments to the Heartbleed Bug Info Yammer group.

SUNY’s Spring 2014 Educational Enterprise Purchase (EEP) Offerings Announced

SUNY is conducting a Spring Educational Enterprise Purchase (EEP) program of technology hardware with participation from Apple, Dell, and IBM. The program will run through the end of June 2014. This is a system-wide initiative led by SUNY in Albany. Details regarding this program are outlined below. Hardware offerings and pricing can be found in the attached documents. Please contact Stony Brook University’s Vendor Manager Michael Ospitale at (631) 632-6685 for any further questions about the SUNY Educational Enterprise Purchases (EEP) Program.

Dell LogoDell

Spring Education Enterprise Purchase offering from Dell will run through June 30, 2014. The Dell pricing is available at discounts better than New York State and higher education pricing. All products listed on this promotion may be purchased direct through Dell or via a reseller (on the OGS contract) with the exception of the SonicWall products which have to be purchased through a reseller.

View Hardware Offerings and Pricing: Dell_2014_Spring_SUNY_Big_Buy (.pdf)

Please contact Peter Griffin, Large Institution Sales Manager, with any questions.
Phone: 484-431-1276
Email: Peter_Griffin1@Dell.com

Apple_logoApple

Spring Education Enterprise Purchase offering from Apple will run through June 28, 2014.  The Apple pricing is available at discounts better than New York State and higher education pricing.

 

 

 

View Hardware Offerings and Pricing: Apple_SUNY_Spring_2014_pricing (.pdf)

Please contact Christine Young, your Apple Education Inside Account Executive, with any questions.

Phone: 512-674-6841

Email: christine_young@apple.com

IBM LogoIBM

Spring Education Enterprise Purchase offering from IBM will run through June 30, 2014. The IBM pricing is available at discounts better than New York State and higher education pricing. All products listed on this promotion may be purchased direct through IBM or via a reseller (on the OGS contract).

 

 

View Hardware Offerings and Pricing: IBM_SUNY_EEP_Spring2014 (.pdf)

Please contact Michele Richens, the Power Scale Out ISV Sales Specialist, with any questions.

Phone: 518-487-6183

Email: mrichens@us.ibm.com

 

HP logoHP

Spring Education Enterprise Purchase offering from HP that will run through July 31, 2014.  The HP pricing is available at discounts better than New York State and higher education pricing. All products listed on this promotion may be purchased direct through HP or via a reseller (on the OGS contract).

In addition, HP will be holding a webinar to showcase their offering.  Details will be sent to campuses as soon as the webinar is finalized.

View Hardware Offerings and Pricing: HP Spring 2014 pricing_v 5 0 (.xlsx)

Please contact Drew Todd, Inside Account Manager, with any questions.
Phone: 800-277-8988 ext 7716021
Email: drew.todd@hp.com

RFSUNY Oracle Shutdown Planned for April 25 – May 5

SUNY Research Foundation logoRFSUNY’s Oracle e-business suite and related reporting applications will undergo a major upgrade from version 11i to 12. To implement this upgrade, it is necessary to shut down the Oracle Business System for five business days beginning at the close of business on Friday, April 25 until Monday, May 5, at 9 a.m.

Read more to find out what units at Stony Brook University will be affected.

Windows XP and Office 2003 Reaching End of Support on April 8

Sanjay Kapur, DoIT’s Director of Systems and Operations, received the following email Windows XP logofrom Microsoft regarding product retirements. Windows XP and Office 2003 will be reaching end of support on April 8, 2014. According to Microsoft, reaching “end of support” means customers will still be able to run the software, but Microsoft will no longer provide security updates or update online content. In short, you will be on your own for support and will be essentially accepting all risk if you decide to continue using unsupported software.

DoIT highly recommends that departments and individuals stay up-to-date on latest versions of operating systems and software. Please visit our Institutional Software Support page for a list of recommended standards. In some cases, computers may need to be upgraded due to hardware restrictions. To purchase a replacement computer that meets University standards, please see DoIT’s list of recommended systems.

2014 Future of Open Source Survey Results

Here is the slide deck from a webinar I participated in today about the future of open source. They needed a higher ed spokesperson and I got nominated by Acquia, the company handling our Drupal web hosting. Pretty interesting to hear how attitudes about open source have changed over the years.
2014 Future of Open Source Survey Results