: skip to content : Home : Uni : Students : Research : Community : News : Events
150 years of Achievement: image of university student
Faculties : A-Z Directory : Library
  • IT Security Links
    • University IT Security News
-----------

IT SECURITY BULLETIN - JAN 04

IT SECURITY BULLETIN - JAN 04
======================


Fraud
-------
Other than the direct IT Security threats of hacking,
viruses and worms, there is a less direct threat that
employs social engineering. Information is sent,
usually via email, attempting to entice users to
divulge sensitive information or visit websites with
malicious content.

Here are some examples:

- Users are asked to log in to a fake website using their
electronic banking credentials. This particular scam
targetted Commonwealth Bank customers, the news article is
available at:
http://australianit.news.com.au/articles/0,7204,8191180%5E15306%5E%5Enbv%5E,00.html

- Riding on awareness and fears of terrorism, users are
sent a link to a website supposedly containing information
on terrorism. Upon visiting the website, an attempt is made
to install a virus onto the user's computer. The news article
can be viewed at:
http://news.com.com/2100-7349-5133874.html?tag=cd_top

Fraud is not new, it has been occurring in the physical and
electronic realms. It's creators will constantly change their
approach in order to continue duping people into loss of assets
or other forms of damage.

The key to safeguarding users lies in education. Best practices
of secure computing apply, for instance:
- being wary of unsolicited emails and attachments
- avoiding websites that are not well known
- asking for advice from IT staff when in doubt


Physical Security
--------------------

Physical security of IT assets should be given increased attention
at this time of the year, when the incidence of theft is high.

Computing equipment, peripherals and media should be stored in a
locked storage. This especially applies to easily portable IT
assets. Mobile computing equipment should be physically secured
when not locked in storage.

Wherever possible, rooms should be locked after hours or when staff
are absent for extended periods of time.

End Of Life Announcement for Certain Versions of Red Hat Linux
---------------------------------------------------------------------------------

AusCERT has published an announcement from Red Hat regarding the
end of life information for Red Hat Linux. The bulletin is
available at:
http://www.auscert.org.au/render.html?it=3689&cid=1980

Red Hat Linux 7.1, 7.2, 7.3, and 8.0 distributions will reach
their end-of-life for errata maintenance on the 31st December 2003.

This means that from 01 Jan 2004 new security, bugfix, or enhancement
updates for these products will not be available.

Red Hat Linux 9 reaches end of life on April 30, 2004.

Migration information is available from Red Hat at:
http://www.redhat.com/solutions/migration/rhl/
top of page

Contact Us : Disclaimer & Copyright : Privacy