A new version of Firefox may impact UAB campus users trying to access certain administrative systems through that browser.

The Firefox 34.0.5 update disables SSLv3 by default.

Users who have updated Firefox this week may receive an error message if they try to access one of UAB’s administrative systems, such as Oracle or eLAS, on Firefox.
FireFox screencapture
Users can simply choose a different browser to access those systems. 

Other web browsers may issue similar updates in coming weeks, but UAB IT is working quickly to resolve the compatability and security issues.
The jolly old elf himself will help collect toys for UAB’s annual Toy Drive during a “Drive-Through Santa” event on Friday, Dec. 5.

drivethrough santaThe UAB Toy Drive is ongoing now, with boxes distributed in 30 locations throughout campus to collect new, unwrapped toys. The UAB Toy Drive will end on Dec. 5.

Anyone with last-minute gifts will be able to drop them off at the entrance to the Administration Building, located at 701 20th St. South. Santa Claus and his helpers will be there between 7:30 a.m. and 1 p.m. on Dec. 5 to receive the gifts. 

“This is the first time that the UAB Toy Drive has featured a ‘Drive-Through Santa,’” said Eric Thompson, chairman of this year’s committee. “We’re doing everything we can to make it convenient for UAB faculty, staff and students to support the UAB Toy Drive.”

This is the 21st year that UAB has participated in Toys for Tots, which provides Christmas gifts for children in need throughout the greater Birmingham area.
AskIT will have special hours during the Thanksgiving holiday week.

AskIT will be open from 7 a.m. to 7 p.m. Monday, Nov. 24, and Tuesday, Nov. 25. AskIT will be open from 7 a.m. to 5 p.m. Wednesday. The help desk will be CLOSED Thursday and Friday for the Thanksgiving holidays.

Regular hours will resume Saturday, Nov. 29.
Microsoft has released a security package to correct a critical vulnerability in Windows, and UAB IT is urging campus technical professionals and users to apply the patch immediately.

Microsoft released security bulletin MS14-066 “Vulnerability in Schannel Could Allow Remote Code Execution (2992611),” for November’s Patch Tuesday.

MS14-066 is a critical vulnerability in the Microsoft Secure Channel (Schannel) security package that allows specially crafted packets to compromise the machine. This affects all Windows servers and clients. Microsoft indicates that there are no workarounds or mitigations.

Please run the Windows update as soon as possible for all your Windows machines, servers and clients.

What is Schannel?

Secure Channel, also known as Schannel, is a security support provider (SSP) that contains a set of security protocols that provide identity authentication and secure, private communication through encryption. Schannel is primarily used for Internet applications that require secure Hypertext Transfer Protocol (HTTP) communications.


For more information:

https://technet.microsoft.com/library/security/MS14-066

https://isc.sans.edu/diary/Microsoft+November+2014+Patch+Tuesday/18941

https://isc.sans.edu/forums/diary/How+bad+is+the+SCHANNEL+vulnerability+CVE-2014-6321+patched+in+MS14-066+/18947

http://www.zdnet.com/drop-what-youre-doing-and-patch-the-windows-schannel-bugs-now-7000035738/

Page 2 of 5