UCL Computer Security Newsletter - July 2009
The purpose of this newsletter is to keep all security reps and other
interested parties informed about what is happening around UCL
regarding computer security. Further information from the Computer
Security Team is always available at http://www.ucl.ac.uk/isd/common/cst.
1. Emergency patches
Microsoft has announced 2 emergency patches being issued tomorrow (28th) - for vulnerabilities in Internet Explorer and Visual Studio. Out-of-band patches are rare and only used for issues that should not be left unpatched until the normal patch Tuesday.
2. New CST website coming
We are creating our site to run under SILVA. Presently, the new version is available at http://www.ucl.ac.uk/isd/common/cst and will become the definitive site in time at which point, /cert will be changed to point to the new version. We welcome comments and requests now on the new version.
The Information Commissioner's Office (ICO) has deemed that password protection and a locked office is insufficient protection for laptops with personal data - full story of a local authority breaching DPA at http://www.out-law.com/page-10190
4. More Phishing
We are still seeing users respond to these - please educate your users to be cynical. They must NEVER send their passwords over email and should be careful about sending any personal details to unexpected enquiries. Of course, the phishers are improving all the time and the emails often appear to be relevant and almost expected. However, no reputable company will ever ask for your details in this way. Yet another all-staff email was sent out on 2nd July warning users and suggesting they try a short game available at http://www.ucl.ac.uk/cert/antiphishing/
5. Training resource
JANET(UK) have online training resources at http://www.ja.net/services/training/edlab.html - this is available to anyone from the JANET community, but particularly aimed at technical staff responsible for networking, IT security and videoconferencing. In particular, if you have attended one of our courses commissioned from JANET (the IT security management course, run by Andrew Cormack), you can get enhanced access to the course area. Since JANET does not have your contact details as individuals, you have to tell us specifically that we may pass on your details (please tell us when you attended the course so we can check our attendance records) and then JANET can add you to that course.
6. New guidelines relating to cloud computing
These are currently being edited to take account of comments received at Security Working Group. We hope to have them before the start of next session.
Please note all correspondence from the UCL Computer Security Team is digitally signed either with personal PGP keys or the CERT team key (public keys available from http://www.ucl.ac.uk/isd/common/cst/contacts).
This newsletter and previous ones are available at http://www.ucl.ac.uk/isd/common/cst/cst-newslettershttp://www.ucl.ac.uk/isd/common/cst/cst-newsletters (except currently the March 2007 one as that had sensitive information in it).
We welcome feedback on the content and organisation of documents on our web page.