Educause Security Discussion mailing list archives
Re: NCAA SSL active Friday 1/27/06
From: Chad McDonald <chad.mcdonald () GCSU EDU>
Date: Mon, 30 Jan 2006 09:31:26 -0500
Not sure, but I will certainly ask. Thanks for checking behind me on this one. On 1/30/06 7:58 AM, "Christopher E. Cramer" <chris.cramer () DUKE EDU> wrote:
Chad, Thanks for working with them on this issue. I'm sure that more of our schools are using this than we're aware. I poked around on their site this morning and sure enough, the logins, etc. used SSL by default. Or at least the menus have been changed to reference the SSL version. Unfortunately, if someone's bookmarked the college login page as http://www.ncaaclearinghouse.net/ncaa/NCAA/college/index_college.html (w/o SSL), then they'll continue not to use SSL. There doesn't seem to be an automated redirect from http to https. They seem to be using an Oracle-branded Apache server. Any chance you think they would use the rewrite engine to automatically bounce non-ssl'd pages to their ssl'd counterparts? Thanks, Chris -- Christopher E. Cramer, Ph.D. University Information Technology Security Officer Duke University, Office of Information Technology 334 Blackwell St., Suite 2106, Durham, NC 27701 PH: 919-660-7003 FAX: 919-668-2953 CELL: 919-210-0528 On Thu, 26 Jan 2006, Chad McDonald wrote:Great news! I just received an email from the Manager of NCAA Online that has assured me that tomorrow 1/27/06, the NCAA Clearinghouse website will be moved into an SSL environment. According to the email, some staff at the Clearinghouse were unaware that there were sections of the site that were unsecured. It should be noted that since bringing this to their attention earlier this week Gregg Summers at NCAA Online and crew have responded quickly and professionally to resolve this issue. Thanks Gregg for your speedy response! Chad McDonald, CISSP Chief Information Security Officer Georgia College & State University Phone 478.445.4473 Fax 478.445.1202
Chad McDonald, CISSP Chief Information Security Officer Georgia College & State University Phone 478.445.4473 Cell 478.454.8250 Fax 478.445.1202 Email chad.mcdonald () gcsu edu
Current thread:
- NCAA SSL active Friday 1/27/06 Chad McDonald (Jan 26)
- <Possible follow-ups>
- Re: NCAA SSL active Friday 1/27/06 Christopher E. Cramer (Jan 30)
- Re: NCAA SSL active Friday 1/27/06 Chad McDonald (Jan 30)