April 11th, 2014 by Jo-Ann
As noted in the email sent to the campus-community on Tuesday, we chose to temporarily suspend service Tuesday evening on our web-based and email systems in order to secure and protect University data. This was an intentional outage so that PSU could safeguard its systems against the CVE-2014-0160 vulnerability, commonly known as the Heartbleed Bug.
As of Wednesday evening, all of our systems were patched and we do not believe that Plymouth State University suffered any data loss.
However, we strongly advise all Plymouth State users to change their passwords.
It is important to note that there are only three ways to change your PSU password. The first method is via the Change Password link within myPlymouth. The second method is via the What is my Password link on the myPlymouth logon page. The third option requires an in-person visit to the Help Desk located at the main desk in Lamson Library. Each of these processes require that you initiate the action. PSU will never ask you to reset your password by clicking on a link in an email.
You should also be aware that IT security experts estimate that between half and two-thirds of the websites on the internet are vulnerable to the Heartbleed Bug – essentially anything for which you have a username and password. There is a lot of confusing and conflicting information in the media and on the Internet right now. Based on our research, we suggest you should immediately change your password if you use:
- Gmail (or other Google services)
- Yahoo mail
- Intuit (TurboTax)
This list is NOT intended to be all-inclusive. You should take all necessary precautions to secure your information in any online accounts, including banks and online bill-pay sites. If you are not sure if a website or web-service has been impacted, contact that company directly.
As always, if you have questions or concerns about Plymouth State University services, please contact the Help Desk at 603-535-2929.
April 8th, 2014 by Jo-Ann
A critical vulnerability has been identified that impacts a number of PSU’s systems including myPlymouth and its related services (such as Moodle, Mahara, Self-service Banner, Banner INB, and PSU blogs). ITS will be making the necessary patches to secure our systems beginning at 9pm this evening. We expect that the patching process will be relatively quick (less than an hour) for most of these services.
However, the patch for PSU email services requires a vendor released upgrade, which will take up to 4 hours to deploy. During the deployment PSU email will be down.
We know that these services are critical to your work and that it is never convenient for these services to be down. However, we feel that the vulnerability is serious enough that we must interrupt services in order to secure our environment as soon as possible. Thank you in advance for your understanding and patience.
If you have any questions or concerns, please contact the ITS Help Desk.
Information Technology Services
Phone: (603) 535-2929
January 29th, 2014 by Jo-Ann
Welcome back to campus!
PSU is experiencing an increase in the number of phishing messages received by our students, faculty and staff. It is essential that we all maintain an increased awareness of phishing and its impacts; be VERY skeptical of messages asking for personal information regardless of whom it says the message is from.
With that in mind, Information Technology Services has enacted several changes during the password re-set and identity verification process. You will now be asked a series of questions to confirm your identity, should you need Helpdesk assistance during a password reset.
Beginning early next week, when you log into myPlymouth, you will be prompted to provide us with some additional information.
- Confirm or provide your 3rd party email address – it is very important that this be an address you readily have access to, but is not shared by another person or family member. For example, you might choose to provide us with your personal Gmail address.
- Confirm or provide your home Mailing Address.
- Confirm or provide your current cell phone number. A cell phone number may be used to confirm your identity when calling into the Helpdesk and to insure we have the correct information on file for the Emergency Text-Alert system.
Please know that Information Technology Services takes the job of protecting your personal identifying information very seriously. By confirming your 3rd party email address and cell phone number you can help us insure that no one has unauthorized access to your PSU account.
Finally, please know that that PSU Helpdesk will NEVER ask you to submit your personal information via a link or web form found in an email. Official communication from the PSU Helpdesk will ALWAYS include our contact information (mail, phone numbers and chat) and may contain direct, and clearly articulated links to educational and informational materials located on our Support Wiki, however, these links will always point to a plymouth.edu Web Site. For example, more information about Phishing can be found on the Help Desk Wiki at the following link: http://www.plymouth.edu/webapp/helpdesk/wiki/Phishing_Scams
If you are unsure about the legitimacy of a message in your inbox or if you have questions or concerns about email security, please contact the ITS helpdesk at 603-535-2929 or via email at firstname.lastname@example.org
Have a great semester and please do not hesitate to contact us with any questions you may have.