March 2016

CNS Sites Vanity Names Now Available

As we published last week in CNS Sites: A Self-Service Web Hosting Platform, we've made available a self-service web hosting service called CNS Sites.

One of the problems with migrating an existing site to CNS Sites is changing the URL of your existing site.  To help with this, we've set up a proxy to provide "vanity domains" for existing sites moving to CNS Sites.  This means that if you have an existing site you want to move to CNS Sites, then in most cases you can keep

Read more about CNS Sites Vanity Names Now Available

Spring Break

Spring Break is upon us! While many of you will be on vacation for Spring Break, others of us will be busy working to further improve your Information Technology resources here on campus.

You can see what Information Technology work the university is planning at the wiki page (requires UT EID login).  CNS planned work can always be found at as well.

If you will be on vacation for Spring Break, and haven't been told

Read more about Spring Break

Status Alert Page

Ever wanted to know if the technology problem you are having is just you, or if there is a bigger issue?  Ever want to know if there are plans to do maintenance at the same time your grant proposal is due?

The CNS Office of Information Technology (OIT) has rolled out a custom status page using to provide additional transparency, immediate communication of technology incidents, and notice of planned and unplanned maintenance to our community.  We use this web site to announce things such as:

Read more about Status Alert Page

TLS/SSL vulnerabilities: CVE-2016-0800 ("DROWN") and 2016-0703


This morning the OpenSSL development team published a security advisory [1] regarding two high-impact TLS/SSL vulnerabilities.

The first vulnerability, CVE-2016-0800 and nicknamed "DROWN" (Decrypting RSA with Obsolete and Weakened eNcryption), allows for a cross-protocol attack whereby an attacker could decrypt TLS sessions between clients and hosts that support SSLv2 and "export" cipher suites [2]. CVE-2016-0800 also allows for the decryption of traffic between clients and even non-vulnerable servers, if another server supporting SSLv2 and export

Read more about TLS/SSL vulnerabilities: CVE-2016-0800 ("DROWN") and 2016-0703