UCL Computer Security Newsletter – December 2003
The purpose of this newsletter is to keep all security reps informed about what is happening around UCL regarding computer security. Further information from the Computer Security Team is always available at http://www.ucl.ac.uk/cert.
1. What’s New?
New version of F-secure Anti-Virus
F-Secure Anti-Virus Client Security 5.50 includes:
§ antivirus with integrated desktop firewall
§ intrusion detection
§ e-mail scanning for viruses
§ automatic virus definition update fail-over mechanism
§ built-in virus alert notification system
§ new look and feel with easy to use user interface.
Please look at (and print out) the guidelines on how to set up the firewall included in this product. Staff WTS and My Network Places will not work until you change the settings as described in the guidelines.
Linux Vulnerability - do_brk()
A critical security bug has been found in the Linux kernel 2.4.22
earlier) memory management subsystem. This bug has been silently fixed for the 2.4.23 as well as in the 2.6.0-test6 release without any notice to the open source community. It would be wise to upgrade any multi-user systems to a new kernel as soon as possible, exploits are in the wild.
A potentially serious vulnerability has been found in the remote control software Dameware. For details and the hotfix, see http://mobile.securiteam.com/windowsntfocus/6N00B1P95I.html
Automated patching solutions
At the CNUF meeting on 19th November, it was suggested that those with an interest in automating updates in their department should get together. Contact Danuta Kaminski (email@example.com) if you are interested.
CST Web Site
This is being redesigned. Please let us know if there is anything particular you wish to see on our pages in the future.
2. Recent incidents
We are still seeing machines across UCL infected with Blaster or Nachi, but the number is falling. We are grateful for all the work you have done dealing with infections and out-of-date machines, but please note we are not clear yet. In particular, we have had many reports of new installations being infected before patches can be installed. This is happening because there are still too many infections in UCL. As always, best practice dictates that all service packs and patches should be installed before machines are networked. It is also important to remember that patching is an on-going issue and must not be neglected as these major virus outbreaks get faster moving and more destructive each time.
The one day UKERNA security course will be run on Wednesday 4th February 2004. Please let us know asap (if you have not already done so) if you would be interested (and likely to attend) this course (email firstname.lastname@example.org). This first running of this course will be free to UCL staff! Confirmation and final details will be sent to those who have registered their interest. Depending on response, it may be necessary to limit attendance to one person from a department.
A very basic presentation on security awareness is available at http://www.ucl.ac.uk/cert/training/index.htm.
Wishing you all a secure and incident-free 2004!