Coronavirus Response

  • Home
  • A-Z List
  • About
    • About the NCC
    • Connectional Table
    • Staff
  • Calendar
    • Events
    • Google Calendar
    • Past Events
  • Churches
  • Contact
    • Find Us
  • Districts
    • District Office
    • Beacon
    • Capital
    • Corridor
    • Fairway
    • Gateway
    • Harbor
    • Heritage
    • Sound
  • Employment
  • Search

NC Conference

Healthy Congregations and Effective Leaders in Every Place Making Disciples of Jesus Christ for the Transformation of the World

  • Discipleship
    Developing Disciples
    • Christian Formation
      • Children
      • Church & Society
      • College
      • Differently Abled Persons
      • Educational Ministries
      • Older Adults
      • Status & Role of Women
      • Young Adults
      • Youth
    • Church Revitalization
      • Coaching
      • Disciple Making Way
      • Evangelism
      • Grants
      • MissionInsite
      • Real Discipleship Survey
      • Shift
      • Spiritual Life
    • From the Bishop
      • Bishop’s Bookshelf
      • Bishop’s Sermons
      • Church Transformation
      • Conflict Transformation
      • Connections
      • Discipleship & Learning Plan
    • Multicultural
      • Asian
      • Hispanic/Latino
      • Native American
      • Strengthening the Black Church
    • Stewardship
      • Apportionments
      • District Remittances
      • Financial Discipleship
      • Grants
      • Insurance
      • Mission & Service
      • Pension
      • Treasurer Training
  • Leadership
    Strengthening Leaders
    • Bishop’s Office
      • Appointment Book
      • Bishop’s Sermons
      • Church Transformation
      • Conflict Transformation
      • Connections
      • Discipleship & Learning Plan
    • Ministerial Relations
      • Board of Ordained Ministry
      • Called to Ministry?
      • Extension Ministries
    • Board of Laity
      • Certified Lay Minister
      • Lay Servant Ministries
      • Local Church Lay Leaders
      • United Methodist Men
      • United Methodist Women
      • United Methodist Youth
    • New Faith Comm.
      • Called to Plant?
      • New Room Society
      • Our Communities
    • Conference Offices
      • Center for Leadership Excellence
      • Christian Formation
      • Communications
      • Conference Secretary
      • Connectional Ministries
      • Information Technology
      • Multicultural Ministries
      • Outreach Ministry
      • Treasurer’s Office
  • Service
    Ministering To The World
    • Local Outreach
      • Church Construction
      • Church Loans
      • Restorative Justice and Mercy
      • Disciple Bible Outreach
      • NCC UMVIM
      • Seed Funds
      • Mission Projects
        • Health Ministry
    • Global Outreach
      • Imagine No Malaria
      • Love for Liberia
      • Missionaries
      • Project AGAPE
      • Sierra Leone: Mission of Hope
      • ZOE
    • Disaster Ministries
      • Donate to Storm Response
      • Hurricane Florence
      • MERCI
      • Response Plan
      • Response Team
      • UMCOR Kits
    • Giving
      • Advance/Rainbow Covenant
      • Apportionments
      • Give to Storm Response
      • Mission & Service
      • The Gary Wayne Locklear Mission Endowment
      • New Room Society
      • Special Sundays
    • Ministry Partners
      • Camps & Retreats
      • Partners In Ministry
      • Robeson Co. Church & CC
      • UMF
  • Resources
    Supporting Ministry
    • Conferences
      • Annual Conference 2019
      • Annual Conference 2020
      • Charge Conference 2020
      • General Conference
      • Pilgrimage
      • SEJ Conference 2016
    • Media Center
      • Catalog
      • Labyrinth
      • Ministry Tools
      • Online Resources
      • Weekly Newsletter
    • Online Resources
      • Archives & History
      • Church Lookup
      • Online Data Collection
      • Online Learning
      • Pastor Lookup
      • Podcasts (NCCUMC.FM)
      • Ramus: Web Hosting
      • Video (Vimeo)
    • Publications
      • Advent 2020
      • Appointment Book
      • Bible Study
      • Conference Directory
      • Conference Journal
      • Every Day Grace
      • Lenten Reflections
      • Mission & Service
    • From UMC.org
      • Agencies
      • Communications
      • Discipleship
      • Finance & Administration
      • Global Ministries
      • Graphics Library
      • Relief
      • Status & Role of Women
  • Information Technology
  • Report Issues
  • FAQ
  • Webinars
  • Heartbleed

Heartbleed

Recently a significant security vulnerability has been found in OpenSSL. This security software package is a global standard that is heavily used across the internet. Since the Information Technology Office was running this software we took immediate action to resolve this issue.

heartbleed

It is difficult to understate the catastrophic nature of this issue. One of the things that makes this such a widespread problem is the path that must be taken to fix it:

  1. The operator of a website or vendor that creates a device must acknowledge they have a vulnerability.
  2. Patch the affected software.
  3. Revoke and re-key the affected security certificates.
  4. Announce to their end users that this issue has been identified and corrected.
  5. Once steps 1-4 are complete the end users must reset their password(s).

If you reset your password prior to the completion of the first four steps then you are still potentially vulnerable. You must wait to hear from the websites that you visit regularly as to whether or not they were affected by this issue. Sites that were not affected are probably ok without needing a password change. If you have questions about a specific website/service you should contact them directly.

How did the IT Office respond to this issue?

The IT Office immediately patched the affected software on our web server. The Heartbleed vulnerability allows the exploitation of the heartbeat mechanism of OpenSSL to read 64kb of server memory. If this is done repeatedly the data encrypted by our SSL certificates (usernames, passwords, etc.) could potentially be exposed. There is mounting evidence that this vulnerability was exploited before it was publicly announced. As such, we have to assume that any user accounts on a vulnerable server should have its password reset immediately.

As of this writing the vulnerability has been identified and resolved within the Conference network. All systems under our control have been updated. All SSL certificates have been revoked and re-keyed.

What Conference systems were affected by this issue?

  • Websites – The main Conference website (https://nccumc.org), the NC Advocate (http://nccadvocate.com) and the Ramus website hosting system (http://nccumc.net) were the only internal systems affected by this issue.
  • Conference email – The Google Apps system was also affected by this issue. This is a third party solution that we do not directly control. Google’s recommendation is to not change your password now that they have finished repairing the issue on their servers. The Conference IT Office recommends that you change your Google account password immediately.
  • Online Data Collection System – The server hosting the Online Data Collection System was not running the vulnerable software. It is not included in this advisory as it was not affected. No account changes are needed at this time.

What should I do now?

Now that the IT Office has completed all of the needed repairs to our systems. You should follow these steps:

  • Reset your Ramus account – If you have an account on our Ramus web hosting system (http://nccumc.net) you should reset your password immediately. When you next log into your website you should be prompted to change your password automatically. If you have trouble logging in click the Lost your password link at the bottom of the form.
  • Reset your NC Advocate Online Subscription – If you have an account on our NC Advocate website (http://nccadvocate.com) you should reset your password immediately. Click the login link in the User Access section of the website. When you next log into your Advocate account you should be prompted to change your password automatically. If you have trouble logging in click the Lost your password link at the bottom of the form.
  • Reset your Conference Website account – If you have an account on our Conference/District website(s) (https://nccumc.org or http://districts.nccumc.org) you should reset your password immediately. When you next log into your website you should be prompted to change your password automatically. If you have trouble logging in click the Lost your password link at the bottom of the form.
  • Reset your Google account password – Given the severity of this issue the IT Office recommends that you reset the passwords on all of your Google accounts, even personal ones. You can find information on changing your Google account passwords here.

Please note: If you use the same password (or same few passwords) everywhere you should take advantage of this issue to start changing them. It’s that important – you should start now.

I reset my password X days ago – does that mean I’m ok now?

If you reset your password for any of these systems prior to April 8th, 2014 then you should reset them again.

Additional Resources

  • Symantec Heartbleed Page
  • Symantec Connect blog post
  • Passwords you need to change right now
  • Heartbleed checker for individual websites
  • Heartbleed.com
  • Lastpass Heartbleed checker
  • 7 Heartbleed Myths Debunked

IT documentation

  • DownDetector
  • Google Apps Help
  • Microsoft Office 2010 E-books
  • Microsoft Office 2013 & 2010 Training

NC Conference of The United Methodist Church · 700 Waterfield Ridge Place · Garner, NC 27529
Phone: 919.779.6115 · Toll-free: 800.849.4433 · Fax: 919.773.2308

Copyright © 2021 · Privacy Policy · Powered by WordPress · Site Admin

  • e
  • k