URI »  ITS Security

For more information:
URI Helpdesk
URI Kingston Library (LL19)
Phone: (401) 874-HELP

URI Information Security
Tyler Hall
Phone: (401) 874-7073
ITS Security
ITS Security rss
Adobe Vulnerability
Greg Bowser (topnotcher -at- mail.uri.edu) at Tue, 24 Jun, 2008 15:08

A critical vulnerability has been identified in Adobe Reader and Acrobat 8.1.2. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system.

Adobe recommends users of Acrobat 8 and Adobe Reader install the 8.1.2 Security Update 1 patch.

Phishing Email
Greg Bowser (topnotcher -at- mail.uri.edu) at Wed, 04 Jun, 2008 11:09

There is currently a Phishing email circulating requesting URI Webmail credentials for an account upgrade.  As a reminder, URI will never send you an email asking for your credentials.

Debian SSL Vulnerability
Greg Bowser (topnotcher -at- mail.uri.edu) at Mon, 19 May, 2008 13:24

Last week, it was discovered that the random number generator in Debian's OpenSSL package is predictable. One of the packages affected by this vulnerability is OpenSSH. Only Debian-based systems are at risk, however, other systems may be indirectly affected if vulnerable keys have been transferred to them.



Administrators of Debian-based systems are strongly encouraged to update their machines to the latest OpenSSL and OpenSSH package. The OpenSSH update should automatically regenerate the ssh host keys and restart the ssh server, however, vulnerable user keys will not be automatically replaced. If you are using OpenSSH public key authentication, you can scan your system for vulnerable user keys by running the command ssh-vulnkey -a as root.



In response to this vulnerability, ITS security has scanned the entire University for vulnerable SSH host keys. Admins responsible for systems identified as being vulnerable will be notified shortly via phone or email.



For more information, see the Debian security advisories:
http://www.debian.org/security/2008/dsa-1571
http://www.debian.org/security/2008/dsa-1576

Instructions to regenerate keys:
http://wiki.debian.org/SSLkeys#head-c109a5967f96e5e62d1587f3b3e561a3aa766289

Valentines Storm Worm Update
David Bullock at Thu, 14 Feb, 2008 23:23

The FBI has issued a warning in regards to the recent upsurge in Storm Worm activity. Several emails have been in circulation throughout the URI network that include subject lines like "You stay in my heart." Do not click on any links contained within these emails! If you have clicked on a link, please contact the Helpdesk (874-HELP) immediately! For more information, see the FBI press release.