Updates on know issues affecting the ePortfolio
It has come to our attention that a number of users, instead of clicking a bookmark to the site or typing https://www.nhseportfolios.org into the address bar of their browser, access our site by searching for terms such as “NHS ePortfolio” in search engines such as Google or Bing, and then clicking links in the search results page these sites choose to provide. When navigating to the site in this way, the results page provided by these third party sites can often include links to alternate instances of our main site in which users login credentials do not work, but which look very similar to our main site, causing confusion/frustration to users. We use these sties for supporting the ePortfolio, they are used for training, pre-release testing and many other import processes. (Please note, the search results vary on a per user basis and are not consistent in their content).
This situation arose previously, in May/June 2013, when Google substantially changed the algorithm used to prioritise search results. These alternate sites can be easily identified as they have different addresses (e.g. http://qa.nhseportfolios.org) which will appear in the address bar of the browser when accessing the site and because all but one of the alternate sites now contain the following information message on the homepage: This is not the main NHS ePortfolio site – you may have reached this site by mistake. You are viewing xxx.nhseportfolios.org, were you looking for www.nhseportfolios.org? Whilst the contents of the results pages in the search engines are not controlled by NES, we have contacted the two major global search engines – Google and Bing – to remove links to alternate instances of our site to reduce this possible source of confusion.
We are currently investigating the options available to us to ensure that the non-inclusion of alternative sites is made permanent. In the interim, please ensure that you and your trainees are visiting the main site at the following address: https://www.nhseportfolios.org If you continue to experience login issues, please first confirm that you are visiting https://www.nhseportfolios.org and, if problems persist, please provide a full-screen screen grab where possible to assign with identifying the issue.
As you may have heard, on Monday of this week a member of Google’s security team and a software security firm called Codenomicon discovered and publicly disclosed a vulnerability in a software package that is widely used to secure online communications called OpenSSL. The official reference number for the bug is CVE-2014-0160, although it is more widely known by the name “Heartbleed”.
NHS ePortfolio does not use, and has not used, OpenSSL, so we were not affected by the “Heartbleed” vulnerability.
The third party service we use for our support ticketing system does use OpenSSL. This service has subsequently fixed the bug with their system and the provider does not believe that any sensitive data was accessed. We are actively monitoring the situation and will notify you if we discover anything.
As an NHS ePortfolio user you don’t need to take any action. However because of the number of sites and services that are affected, if you use the same password on more than one website, we would recommend that you change your passwords to something new. By changing your NHS ePortfolio password you will ensure that your NHS ePortfolio account remains secure, even if your previously used password(s) are released into the public domain as a result of a compromised 3rd party site.
You can change your NHS ePortfolio password via the Personal Details page, once logged in. If you currently login via a Single Sign On provider (e.g. RCPI / RCPI PCS users), then your NHS ePortfolio password is not generally used and does not need updating.
At 18:18 on Tuesday the 28th January 2014, a failure of equipment at our hosting provider resulted in the NHS ePortfolio website at http://www.nhseportfolios.org becoming unavailable to all users. Visitors to the site received only an error page (A 502 error) with no indication as to why the site was unavailable or how long it would take to recover.
3 hours and 3 minutes later, at 21:21, access to the site was restored and users were able to successfully login once more. Users of our mobile app in offline mode were able to continue to create ticket requests and reflection forms within the app during this period but were unable to synchronise these with the website until after the site returned at 21:21.
Whilst all users were able to login as of 21:21, some users may have experienced delays in receipt of email messages from the site and would have received error messages onscreen when attempting to access files in their personal library whilst we restored all services. All services were restored to fully operational status by 22:55 and no email messages remain unsent by the time of writing (01:32, Wednesday the 29th January 2014).
During the period of downtime, we were unfortunately unable to post a message at http://www.nhseportfolios.org indicating that the site was offline and to provide an ETA for the resumption of service. We were, however, able to answer requests received from users by email to firstname.lastname@example.org (2 users) and via the @neseportfolio twitter account (7 users).
A full investigation into the failure will be performed in order that we can determine how this situation can be avoided in the future and as part of this, we will investigate options to allow us to provide appropriate user feedback should a similar situation recur.
WHAT IS THE PROBLEM
Please be aware we are looking into a problem, since this morning, where Administrators locating a trainees account via the ‘Administer Post’ page cannot see the list of supervisors for the posts.
Supervisors can still create and complete forms, and they ARE still attached, but Administrators cannot see the list from the front of the page.
WHAT IS THE WORKAROUND
There are 3 ways administrators can find which supervisors linked to trainee:
(1) Search Trainee
(2) Administrator Posts
(3) Administrator Users
WHEN WILL THIS BE FIXED
This is being worked on and a fix date will be released asap. Please use the workaround until advised.
The UKFPO would like to apologise to users of the NES e-portfolio product for the recent CS access issue. As per the Reference Guide 2010 and 2012, clinical supervisor access to the portfolio is for the “period of supervision and for a period of three months following the end of the placement. Read only access is indefinite”.
There was a typographic error within the e-portfolio specification issued to NES which inadvertently caused this error. We sincerely apologise for any inconvenience caused. We understand that NES has now resolved this issue.
UK Foundation Programme Office
Regus House, Falcon Drive,
Cardiff, CF10 4RU