UCL Computer Security Newsletter - June 2010
The purpose of this newsletter is to keep all security reps and other
interested parties informed about what is happening around UCL
regarding computer security. Further information from the Computer
Security Team is always available at http://www.ucl.ac.uk/isd/common/cst.
0. **IMPORTANT** - Adobe vulnerabilty
An unpatched vulnerability that affects Adobe Flash, Reader and Acrobat has been announced, and there are reports it is being actively exploited. Visiting a malicious or compromised website could be enough for a machine to become infected, through a malicious PDF file. We have also had reports of malicious PDF attachments sent by email. They have been disguised as CVs, but could take any form.
Please see the message sent separately for further details.
1. CST website
The CST site is part of the ISD site and ISD news states:
"Old websites for departments within ISD, such as IS and Management Systems, have now been closed. If you try to access pages on these old sites you will be redirected to the ISD home page. If you have difficulty finding anything, please email details to email@example.com "
Please let CST (cert(at)...) know if you have any problems, although be aware that we are likely to have to get others to sort things out as most issues have been outside our control.
You may wish to circulate a reminder to your users that they should be aware of UCL copyright policies. Details of a dispute at another university are here:
Please note, we have been informed of unsolicited email coming in since December implying affiliation with UCL. This has been reported by one of our users to the ASA. They have it listed as an informal resolved case since the advertiser has promised to stop. However, if you receive an unsolicited email from Bloomsbury@fitnessfirst.com, please let us know.
4. Do not autorun
With a recent digital camera coming complete with a worm which can infect your Window machine if it's set to autorun, it seems a good time to remind all that autorun is a thoroughly dangerous idea and should be turned off.
Please note all correspondence from the UCL Computer Security Team is digitally signed either with personal PGP keys or the CERT team key (public keys available from http://www.ucl.ac.uk/isd/common/cst/contacts).
This newsletter and previous ones are available at http://www.ucl.ac.uk/isd/common/cst/cst-newsletters (except currently the March 2007 one as that had sensitive information in it).
We welcome feedback on the content and organisation of documents on our web page.