UCL Computer Security Newsletter - February 2006

The purpose of this newsletter is to keep all security reps and other
interested parties informed about what is happening around UCL
regarding computer security. Further information from the Computer
Security Team is always available at http://www.ucl.ac.uk/cert.

Sorry this newsletter's a bit late - circumstances beyond our control.

1. Updates

Microsoft - 7 patches (2 critical) were released Valentine's Day.

Apple - vulnerability in Mac OS X - no patch as yet, but there is a
workaround which involves turning off the "Open safe files after
downloading option" in Safari.

There was also another issue with Macs recently relating to the use
of Sophos. A faulty IDE was issued which had varying effects on Macs
depending on the configuration of Sophos. A corrected IDE was issued
a couple of hours later, but the damage had been done in many cases.

2. Institutional Firewall

It is UCL policy that all departments will be protected by the
institutional firewall. We have started contacting departments with
a schedule for placing them behind the Institutional Firewall.

3. UCL IT security mini-conference

Is this a good idea - would you attend? Ideas/requests? We've heard
from a couple of people but would be happy to hear from others too.

4. 5. General

Please note all correspondence from the UCL Computer Security Team is
digitally signed either with personal PGP keys or the CERT team key
(public keys available from http://www.ucl.ac.uk/cert/contacts.html).

This newsletter and previous ones are available at http://
www.ucl.ac.uk/cert/cst-newsletters/index.html.

We welcome feedback on the content and organisation of documents on
our web page.