Search |  Directory |  Calendars
Admissions Academics Campus Life Athletics Arts About Middlebury Administration
Photo of students studying in the Main LibraryAcademics
Library & Information Services
Find Books, Articles & more
Help & Support
Quick Links Teaching & Learning Resources About LIS Contact LIS
HomeAcademicsLibrary & Information ServicesHelp & SupportComputing & TechnologyComputing Alerts and UpdatesTechnology News2007 > Unexpected Segue Downtime

Contact:

Helpdesk
helpdesk@middlebury.edu
October 02, 2007
Dear Colleagues,

At approximately 6pm on Monday, Oct 2nd, 2007.  LIS staff were informed of some problems using Segue.  Upon investigation, it was determined that a hacker had exploited a vulnerability in the software's code.  Not knowing the extent or intent of the compromise, Segue was taken offline.  Preliminary investigations suggest that the extent of the compromise was the removal or disabling of all segue user files.  Segue user files are the files individuals upload to the system.  This is not the content you put directly into Segue, but instead MSWord, PDFs, jpegs, or other content you might upload to the system.  To be sure the hacker had not introduced any additional vulnerabilities that were not immediately identified, the following actions were taken.  

A new server was configured and Segue (with an update to address the vulnerability) was installed there.  The Segue database as of the time the system went offline on Monday was restored to this new instance of Segue.  As the user files was the area compromised, we restored this content from the most recent system back up which was from Monday, 10/1 at 4am.  This means, files you may have uploaded sometime on Monday before 6pm  are not on Segue.  If you uploaded files during this time, you will want to confirm they are there, and if not you will need to upload those again once that feature of Segue has been fully restored.   While Segue is up and running again, a few features remain somewhat or entirely disabled while additional repairs are made today.  Those are:

  1. RSS feeds are not working
  2. New files cannot be uploaded
  3. Theme settings cannot be updated
  4. Testing module not currently available   

We expect to restore these features shortly.   If you identify additional problems while working with Segue, please contact the Helpdesk at x2200. Do know, because we built an entirely new instance of Segue and restored content there, we have the compromised instance intact.  This will allow for further investigation and diagnosis.  If additional problems are discovered, those too will be remedied.  

We apologize for any inconvenience this may have caused.  

Library and Information Services

2007
Systems Maintenance Downtime
Unexpected Segue Downtime
Internet Connectivity Interruption - Sept 27th, 2007 3-5 a.m.
Additional Tech Workshops from LIS -- Fall 2007
Classes Server Back Online
Bombay print server maintenance - August 31st downtime
Extended LIS Downtime for August 12th, 2007
Library and Information Services closed on Friday, June 8th
Ocelot Downtime Sunday, June 10, 2007
Important Reminder Regarding Passwords
Technology Workshops - April/May 2007
Banner and BannerWeb downtime on April 13th
Daylight Savings Time - Windows 2000 Users
Important Information Regarding Daylight Savings Time and electronic calendars
Scheduled Downtime for Sunday February 25, 2007
Important Computer Registration Information for Faculty & Staff
January 2007 Workshops
 
Gateways For:
 
Emergency |  College Book Store |  Library & Information Services |  Job Seekers |  Campus Maps |  Site Map |  Privacy |  Help |  WebMail |  Banner Web

Middlebury Vermont 05753 802-443-5000
© The President and Fellows of Middlebury College. All Rights Reserved.


Log On