UCL Computer Security Newsletter - September/October 2009
The purpose of this newsletter is to keep all security reps and other
interested parties informed about what is happening around UCL
regarding computer security. Further information from the Computer
Security Team is always available at http://www.ucl.ac.uk/cert .
1. The return of the unknown
Start of term is now upon us and time to remind all that students (and staff) are returning with machines that probably haven't been looked after too well over the summer. New students are arriving with new machines, possibly not fully set up with anti-virus and patching regimes.
2. Yet More Phishing
In July, I wrote: "We are still seeing users respond to these - please educate your users to be cynical. They must NEVER send their passwords over email and should be careful about sending any personal details to unexpected enquiries. Of course, the phishers are improving all the time and the emails often appear to be relevant and almost expected. However, no reputable company will ever ask for your details in this way. Yet another all-staff email was sent out on 2nd July warning users and suggesting they try a short game available at http://www.ucl.ac.uk/cert/antiphishing/ "
Unfortunately, I feel the need to repeat this. The phishers are getting much better and we have even seen a link to a fraudulent copy of the squirrelmail website being advertised (outbound access to this fraudulent site has now been blocked).
Please note all correspondence from the UCL Computer Security Team is digitally signed either with personal PGP keys or the CERT team key (public keys available from http://www.ucl.ac.uk/cert/contacts.html ).
This newsletter and previous ones are available at http://www.ucl.ac.uk/cert/cst-newsletters/index.html (except currently the March 2007 one as that had sensitive information in it).
We welcome feedback on the content and organisation of documents on our web page.