Skip to site navigation

UCL Computer Security Newsletter - Nov/Dec 2010

The purpose of this newsletter is to keep all security reps and other interested parties informed about what is happening around UCL regarding computer security. Further information from the Computer Security Team is always available at http://www.ucl.ac.uk/isd/common/cst.


1. More CST scanning

Please note that we have had some holes punched in the network to let our scan reach further across UCL - you may receive reports of unlatched machines from us more often than previously.


2. (From JANET-CERT)

A vulnerability has been discovered in the version of the exim MTA as installed by default in the latest stable versions of Debian/lenny. A further flaw in the configuration leads to an escalation to root privileges. This is now being exploited widely. Debian have released a security update for the first issue, and will shortly be releasing an update to address the escalation issue. More details are available at:

http://www.debian.org/security/2010/dsa-2131

Other installations of exim may also be vulnerable, please check with your vendor for further information. Redhat have released the following document:

https://access.redhat.com/kb/docs/DOC-43789

You can check the version of your exim server by running:

/usr/sbin/exim -bV

Your system should be safe if it is version 4.70 or later or in the case of Debian/lenny, if the build date is Friday 10th December 2010 or later.


3. Gawker/Lifehacker - compromised passwords

You have probably already seen this as it has been well publicised, but in case not - there are details at http://lifehacker.com/5712785/#1


4. Spam/phishing - repeat announcement

We continue to see many spam messages and many phishing attempts. We have some training available which you may wish to circulate to your users:

http://www.ucl.ac.uk/cert/spam-phishing.mov
http://www.ucl.ac.uk/cert/antiphishing/


5. Contact

Please remember to contact us using cert(at) normal ucl address, rather than our individual email addresses.


6. General

Please note all correspondence from the UCL Computer Security Team is digitally signed either with personal PGP keys or the CERT team key (public keys available fromhttp://www.ucl.ac.uk/isd/common/cst/contacts).

NB There may be a hiatus or a bit of trial and error in this when we move to Live@UCL as we have not determined exactly how we can best provide this.

This newsletter and previous ones are available at http://www.ucl.ac.uk/isd/common/cst/cst-newsletters (except currently the March 2007 one as that had sensitive information in it).

We welcome feedback on the content and organisation of documents on our web page.