Mark Kraitchman

New SSL Certificate for gateway.EECS

November 16, 2009 by Mark Kraitchman

The current 1024 bit SSL certificate for gateway.EECS.Berkeley.ED will expire soon.

The current Entrust SSL certificate is being replaced by a 2048 bit Entrust SSL certificate that utilizes the Entrust 2048 bit L1B chain root certificate.

Our testing suggests that thunderbird, pine, Outlook, Microsoft Windows Mail (replacement for Outlook Express) and Apple Mail should be able to use the 2048 bit SSL certificate on gateway.EECS.Berkeley.EDU for outgoing smtp service using STARTTLS without any problems.

If you have problems sending email using gateway.EECS.Berkeley.EDU with the new SSL certifciate please contact the IRIS help desk (help@eecs, 395 Cory M-F 9:30am-5pm, 642-7777).

https://iris.eecs.berkeley.edu/15-faq/15-software/#Email has documentation on configuring various mail user agents.

Note, if your mail user agent can not handle 2048 bit SSL certificates, the outgoing smtp server on calmail.Berkeley.EDU still uses a 1024 bit SSL certificate.

Resolved as of 2009-11-16 07:14:00

DHCP service outage

October 26, 2009 by Mark Kraitchman

There was a dhcp service outage when a buggy newer version of dhcpd was installed this morning.

Resolved as of 2009-10-26 08:28:00

vulnerability in Internet Explorer

July 7, 2009 by Mark Kraitchman

Microsoft posted Security Advisory (972890)
entitled “Vulnerability in Microsoft Video ActiveX
Control Could Allow Remote Code Execution” on
Monday July 6, 2009 –

The flaw affects people running Internet Explorer
on machines running Windows XP or Windows Server 2003.
A remote, unauthenticated attacker could execute arbitrary code
with the privileges of the victim user.

For such devices, it is recommended that
Microsoft Video ActiveX Control be disabled from
running in Internet Explorer –
http://support.microsoft.com/kb/972890#FixItForMe

http://www.kb.cert.org/vuls/id/180513
[Read more…] about vulnerability in Internet Explorer

BWRC wireless networking maintenance

June 25, 2009 by Mark Kraitchman

There will be maintenance affecting BWRC
wireless networking starting Thursday
June 25, 2009 at 9:30 am. During the
maintenance, BWRC wireless clients will
not be able to get a new dhcp lease on the
IRIS wireless network. Devices that obtained a
dhcp lease prior to the maintenance will not
be affected. AirBears will not be affected.

Maintenance is scheduled to be completed by
10:30am, but if work goes as planned
it could be completed by 9:40am.

The existing dhcp server at BWRC providing
IRIS wireless support has a corrupted operating
system and will be replaced by another device
during the maintenance.
[Read more…] about BWRC wireless networking maintenance

phpMyAdmin vulnerabilities and scanning

June 25, 2009 by Mark Kraitchman

John Ives from the campus SNS (System & Network Security) wrote:

“Everyone,

As many of you may be aware, web based management tools, whether they are used to manage database backends, web content or anything else, are frequently the targets of attacks by would be hackers. In both March an April, phpMyAdmin, a tool for managing MySQL servers via the web, released patches for issues that would allow users to execute arbitrary php code on the server. In the last couple of days, System and Network
Security has seen a marked increase in the number of attackers who have been scanning for these vulnerabilities across campus. This increase also coincides with an increase in phpMyAdmin scanning that has been reported from other sources, like the Internet Storm Center.

If your system runs phpMyAdmin and you have not already applied the March and April patches (see the reference section below), I would urge you to do so, as soon as possible.

Yours,

John Ives

References:

phpMyAdmin Homepage:

April Patch:

March Patch:

IRIS wireless networks problem at BWRC

February 20, 2009 by Mark Kraitchman

The IRIS dhcp daemon was not responding to requests for EECS, EECS-Open and EECS-Secure network support at BWRC (the 128.32.63.128/25 network).

A script utilized to update dhcp support at BWRC for the EECS, EECS-Open and EECS-Secure networks contained a logic error which resulted in an attempted restart of the dhcpd daemon when the dhcpd configuration files contained an error. Both the configuration file and the script were corrected and the dhcp daemon was started to resume service.

AirBears support at BWRC was not affected by this outage.

IRIS wireless support in other buildings was not affected.

This incident was not related to some devices on the BWRC restricted network (128.32.63.0/26) having incorrect netmasks.

Resolved as of 2009-02-20 13:14:00

mailspool.CS.Berkeley.EDU was not accepting incoming email

February 5, 2009 by Mark Kraitchman

mailspool.CS.Berkeley.EDU was not accepting incoming email from Thursday February 5, 2009 02:56 to 05:30.

This resulted in delay of delivery of email. No email was lost. No warning messages should have been sent back to senders.

It appears the process table on mailspool.CS.Berkeley.EDU became full. It appears this may have been a ddos attack.

mailspool.CS.Berkeley.EDU was rebooted to resume normal service.

Resolved as of 2009-02-05 05:30:00

delayed email via gateway.EECS.Berkeley.EDU

January 22, 2009 by Mark Kraitchman

Delivery of email via gateway.EECS.Berkeley.EDU to @EECS.Berkeley.EDU, @CS.Berkeley.EDU and @ERSO.Berkeley.EDU email addresses was delayed starting at Thursday January 22, 2009 19:22.

gateway.EECS.Berkeley.EDU was unable to deliver email to one of the EECS SMTP servers that expands forwarding for users and mailing lists due to a temporary problem on that SMTP server. gateway.EECS.Berkeley.EDU should have then tried the other EECS SMTP server that expands forwarding, but it did not.

Normal service resumed Friday January 23, 2009 06:14. No email was lost. Warning messages concerning the delivery delay were sent to EECS and ERSO senders after four hours.

Staff is studying the situation and considering options to make the situation more robust in order to prevent future similar unplanned outages/delays.

Resolved as of 2009-01-23 06:14:00

login.EECS.Berkeley.EDU was not available

November 18, 2008 by Mark Kraitchman

login.EECS.Berkeley.EDU was not available while it was patched with a new kernel. The new kernel patch 137138-09 patched a vulnerability which could be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability was caused due to an unspecified error in the socket (3SOCKET) function, which can be exploited to cause a system panic.

Resolved as of 2008-11-18 07:31:00

EECS imap server problem

October 13, 2008 by Mark Kraitchman

EECS imap service became unreliable.
Connections to the imap server can either
not be made or are very slow and unreliable.

IMAP access is currently off while staff are trying to resolve the issue. IMAP service will be restored as soon as possible.

Several background IMAP processes have been crashing resulting in the observed behavior. Currently the IMAP server is being patched.
[Read more…] about EECS imap server problem