UCL Computer Security Newsletter - June 2007
The purpose of this newsletter is to keep all security reps and other
interested parties informed about what is happening around UCL
regarding computer security. Further information from the Computer
Security Team is always available at http://www.ucl.ac.uk/cert.
F-secure - Policy Manager Server host module (fsmsh.dll) has Denial
of Service (DoS) vulnerability and F-Secure versions prior to 7 have
a buffer overflow vulnerability in processing LHA archives. This may
allow an attacker to execute arbitrary code or to create a denial-of-
service condition. This vulnerability is related to a similar
vulnerability in GZIP program's handling of LZH-compressed archives.
Fixes for this problem are available at
2. Windows Server Update Services (WSUS) at UCL
Microsoft will discontinue support for Software Update Services (SUS)
1.0 on Tuesday, July 10, 2007. From this date, Security updates and
Critical updates will no longer be made available for this platform.
Information Systems will therefore replace UCL's current SUS service
with its successor, the WSUS service (Windows Server Update Services,
currently version 2.0) after the June patch day (12 June).
A message will be sent to reps with further details.
3. CST Vulnerability Scanning
CST currently scan the UCL network on a regular basis for a limited
number of Windows security holes, and advise reps accordingly. In
the coming months we are planning to expand on this by scanning each
subnet with the Nessus vulnerability scanner. Reps will be sent a copy of
the relevant report, which may contain details of security holes and
the recommended actions to be taken to fix these. Scans will be run
with a 'safe checks' option enabled, meaning that any plugins that
have the ability to crash services will not be used. Because of the
size of the network and the time taken to run the scans, we will not
schedule a full scan of each subnet more than once every few months.
However, we can run scans of individual systems on request.
4. McAfee SiteAdvisor
CST would like to let you know about McAfee SiteAdvisor - a plug-in
for Internet Explorer and Firefox - on end user machines. This free
tool enhances browsing security by displaying safety ratings next to
search engine results, to alert the user of any sites that are unsafe
to visit. Sites which host malware or attempt to install software by
exploiting browser vulnerabilities are marked as unsafe, as well
sites which are misleading or send spam emails to registered users.
It also alerts when users visit reported phishing sites.
Please note that the licence for Siteadvisor is only for personal,
non-commercial use, so it is an option for home/personal machines and
then only for non-work use. Siteadvisor can be downloaded from:
5. Important - Institutional Firewall
It is UCL policy that all departments will be protected by the
institutional firewall. A programme of transitions is currently
taking place and will run through to early August.
6. JISC Legal - Interception and Monitoring Law
There was a live webcast on Wednesday 16th May which is now available
as a streamed video at
http://www.jisclegal.ac.uk/Webcast/Interceptwebcast.htm [Link no longer available]
Please note all correspondence from the UCL Computer Security Team is
digitally signed either with personal PGP keys or the CERT team key
(public keys available from http://www.ucl.ac.uk/cert/contacts.html).
This newsletter and previous ones are available at
http://www.ucl.ac.uk/cert/cst-newsletters/index.html (except currently the
March one as that had sensitive information in it.
We welcome feedback on the content and organisation of documents on
our web page.