UCL Computer Security Newsletter - February/March 2011
The purpose of this newsletter is to keep all security reps and other interested parties informed about what is happening around UCL regarding computer security. Further information from the Computer Security Team is always available at http://www.ucl.ac.uk/isd/common/cst.
1. Security briefings
IS hold regular security briefings. Details are here:
https://www.ucl.ac.uk/isd/common/resources/security/computer-security The October briefing has been recorded and is available to watch - the link is given at the top of the webpage above. All staff and students are welcome. Staff can book by going to the UCL Training Booking system: https://www.ucl.ac.uk/hr/UCLTrainingBookingSystem and searching for security briefing.
2. Broken phones
There are recent reports of lost iphones being breakable in 6 minutes. Unfortunately when this happens, it gets filmed and then anyone else can simply follow instructions. Please ensure that all users know that they should report lost/stolen equipment, including phones that have UCL data on them.
3. Phishing continues unabated
Yet more phishing attempts have been reported to us. Please remind your users that bona fide communications (from UCL or from banks and similar) will never ask you for your password. Passwords should be kept confidential - never shared and never communicated in email.
Amidst reports of flash malware, it may be time to bring a neat tool to your attention. ClickToFlash is a plug-in for Safari on Mac OS X that blocks flash, but lets you run it when you await to (or even whitelist sties that use it if you trust them). Available at http://clicktoflash.com
Please remember to contact us using cert(at) normal ucl address, rather than our individual email addresses. CST are going to be moving offices in the next couple of weeks or so - we will be moving to KLB - full details will be published next time, but this is just a warning that we may be a bit elusive for a day or two some time soon.
Please note all correspondence from the UCL Computer Security Team is digitally signed either with personal PGP keys or the CERT team key (public keys available fromhttp://www.ucl.ac.uk/isd/common/cst/contacts).
NB There may be a hiatus or a bit of trial and error in this when we move to Live@UCL as we have not determined exactly how we can best provide this.
This newsletter and previous ones are available at
(except currently the March 2007 one as that had sensitive information in it).
We welcome feedback on the content and organisation of documents on our web page.