UCL Computer Security Newsletter - July 2010
The purpose of this newsletter is to keep all security reps and other
interested parties informed about what is happening around UCL
regarding computer security. Further information from the Computer
Security Team is always available at http://www.ucl.ac.uk/isd/common/cst.
1. A new site has been set up as the new UK fraud reporting centre -
You are encouraged to use this to report fraud/phishing.
2. CST is now receiving regular reports of compromised machines. The source is that used by JANET CSIRT but, by signing up ourselves, we get the information earlier and with more detail.
3. End of life as we know it…
Support for Microsoft Windows 2000 and Windows XP Service Pack 2 ended on July 13th. As from this date, Microsoft will no longer issue security updates or non-security hotfixes for Windows 2000 or Windows XP SP2.
Please ensure you have migration/update plans. You are reminded of the UCL policy on this:
"1.7 Connected equipment must be maintained in accordance with manufacturers' recommendations. In particular, operating system and application software should be kept up-to-date to ensure that security vulnerabilities are not created. Equipment must not be, or remain, connected to the network after a manufacturer ceases to provide security patches, without the prior approval of the Computer Security Team."
4. One of our IT managers brought this to our attention:
The web site explains: "The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly "popular" among criminals.
The only solution to block these kind of attacks is to apply security updates, commonly referred to as patches. Patches are offered free-of-charge by most software vendors, however, finding all these patches is a tedious and time consuming task. Secunia PSI automates this and alerts you when your programs and plug-ins require updating to stay secure."
Please note all correspondence from the UCL Computer Security Team is digitally signed either with personal PGP keys or the CERT team key (public keys available fromhttp://www.ucl.ac.uk/isd/common/cst/contacts).
This newsletter and previous ones are available at http://www.ucl.ac.uk/isd/common/cst/cst-newsletters (except currently the March 2007 one as that had sensitive information in it).
We welcome feedback on the content and organisation of documents on our web page.