UCL Computer Security Newsletter - September 2006

The purpose of this newsletter is to keep all security reps and other
interested parties informed about what is happening around UCL
regarding computer security. Further information from the Computer
Security Team is always available at http://www.ucl.ac.uk/cert.

1. Updates

Microsoft - 3 security patches - 2 Windows and 1 in Microsoft
Publisher which is critical. Earlier patches MS06-040 and MS06-042
have been updated. We have been sending out urgent vulnerability
warnings to reps over the last week as there are current exploits
doing the rounds and you are likely to have problems if you do not
have MS06-040.
2. Avoiding inappropriate email bounces

If you run your own mail server, please note updated information from
UKERNA at http://www.ja.net/cert/email/dontbounce.html

3. Interesting

If you travel with mobile devices....

The “Mobile Device Security at Airports” study by Pointsec Mobile
Technologies found that between 40-50% of people would prefer to
claim on insurance for lost mobile phones, laptops or PDAs, rather
than simply visit an airport lost property office. When devices are
held for longer than three months by airports they are auctioned off,
regardless of the sensitivity of their content, raising an immediate
security issue for the previous owners.

4. Institutional Firewall

It is UCL policy that all departments will be protected by the
institutional firewall. There was a short break over the summer in
placing departments behind the firewall because of the work involved
in the machine room move. The scheduling has now recommenced.

5. General

Please note all correspondence from the UCL Computer Security Team is
digitally signed either with personal PGP keys or the CERT team key
(public keys available from http://www.ucl.ac.uk/cert/contacts.html).

This newsletter and previous ones are available at
http://www.ucl.ac.uk/cert/cst-newsletters/index.html.

We welcome feedback on the content and organisation of documents on
our web page.