Skip to site navigation

UCL Computer Security Newsletter - May 2007

The purpose of this newsletter is to keep all security reps and other
interested parties informed about what is happening around UCL
regarding computer security. Further information from the Computer
Security Team is always available at http://www.ucl.ac.uk/cert.

Note - no April newsletter because of Easter break.

1. Updates

Microsoft as ever.

Symantec AV - a variant of Spybot is doing the rounds that exploits a
vulnerability in an old version of Symantec anti-virus even if the
Windows is fully patched, although it exploits various other
vulnerabilities too. It may also compromise machines with weak
administrator passwords. Further details at
http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99

2. JISC Legal - Interception and Monitoring Law

There will be a live webcast on Wednesday 16th May 2-3.45 pm - see
http://www.jisclegal.ac.uk/Webcast/index.html for further details.

3. PHP

IS have a webpage and mailing list information relating to the use of
PHP at UCL at http://www.ucl.ac.uk/is/php/ - issues such as best
practice with respect to security issues will be discussed here.

4. Important - Institutional Firewall

It is UCL policy that all departments will be protected by the
institutional firewall. A programme of transitions is currently
taking place and will run through to early August.

5. General

Please note all correspondence from the UCL Computer Security Team is
digitally signed either with personal PGP keys or the CERT team key
(public keys available from http://www.ucl.ac.uk/cert/contacts.html).

This newsletter and previous ones are available at
http://www.ucl.ac.uk/cert/cst-newsletters/index.html (except currently the
March one as that had sensitive information in it.

We welcome feedback on the content and organisation of documents on
our web page.