UCL Computer Security Newsletter - October 2006

The purpose of this newsletter is to keep all security reps and other
interested parties informed about what is happening around UCL
regarding computer security. Further information from the Computer
Security Team is always available at http://www.ucl.ac.uk/cert.

1. Updates

Microsoft - multiple patches for Windows and Office.

Oracle - quarterly patch addressing huge number of vulnerabilities.

Just a reminder - vendors do not send patches out as attachments for
you to execute.

2. Remote Desktop Protocol - rdp

There is a serious vulnerability with Remote Desktop Protocol. We
urge you to consider other, more secure and better encrypted, ways to
access systems remotely, in particular if you are planning on doing
any system administration.

3. CST vacancy

This may be inappropriate use of the newsletter, but I think it's
relevant to UCL...we will be advertising for a Deputy Head of the CST
shortly - hopefully the advert will be in the Guardian of Thursday
26th Oct and also on jobs.ac.uk and IS pages.

4. Institutional Firewall

It is UCL policy that all departments will be protected by the
institutional firewall. There was a short break over the summer in
placing departments behind the firewall because of the work involved
in the machine room move. The scheduling has recommenced.

5. General

Please note all correspondence from the UCL Computer Security Team is
digitally signed either with personal PGP keys or the CERT team key
(public keys available from http://www.ucl.ac.uk/cert/contacts.html).

This newsletter and previous ones are available at
http://www.ucl.ac.uk/cert/cst-newsletters/index.html.

We welcome feedback on the content and organisation of documents on
our web page.