Header Search Widget
IRIS

Instructional & Research Information Systems

Mark Kraitchman

delayed email via gateway.EECS.Berkeley.EDU

by

Delivery of email via gateway.EECS.Berkeley.EDU to @EECS.Berkeley.EDU, @CS.Berkeley.EDU and @ERSO.Berkeley.EDU email addresses was delayed starting at Thursday January 22, 2009 19:22.

gateway.EECS.Berkeley.EDU was unable to deliver email to one of the EECS SMTP servers that expands forwarding for users and mailing lists due to a temporary problem on that SMTP server. gateway.EECS.Berkeley.EDU should have then tried the other EECS SMTP server that expands forwarding, but it did not.

Normal service resumed Friday January 23, 2009 06:14. No email was lost. Warning messages concerning the delivery delay were sent to EECS and ERSO senders after four hours.

Staff is studying the situation and considering options to make the situation more robust in order to prevent future similar unplanned outages/delays.

Resolved as of 2009-01-23 06:14:00

EECS imap server problem

by

EECS imap service became unreliable.
Connections to the imap server can either
not be made or are very slow and unreliable.

IMAP access is currently off while staff are trying to resolve the issue. IMAP service will be restored as soon as possible.

Several background IMAP processes have been crashing resulting in the observed behavior. Currently the IMAP server is being patched.
[Read more…] about EECS imap server problem

Anti-virus and Host-based firewall software

by

The campus “Minimum Security Standards for Networked
Devices” http://security.berkeley.edu/MinStds
approved software document was updated:

https://security.berkeley.edu/approved.software.html

The approved software document list devices and/or
operating systems that MUST run listed anti-virus
software and host-based firewall software.

Some of the most significant changes in the
approved software document are

Windows Vista must run anti-virus software and host-based firewall.

The campus SNS (System and Network Security) group recommends that Linux/Other UNIX devices run anti-virus software.

Windows 2000 Server must run a host-based firewall (using Windows IPSec).

Windows Server 2008 must run a host-based firewall

Debian OpenSSL vulnerabilities

by

All SSL and SSH keys generated on Debian-based systems
(Ubuntu, Kubuintu and so on) between September 2006 and May 13, 2008 may
be affected by a bug in the Debian project’s OpenSSL package. This
includes generated public/private ssh keypairs and SSL certificate requests.

http://www.debian.org/security/2008/dsa-1571
also states:
“all DSA keys ever used on affected Debian systems for
signing or authentication purposes should be considered compromised;
the Digital Signature Algorithm relies on a secret random value used
during signature generation.”

Non Debian-based systems can indirectly be affected if Debian-based systems’
weak keys were imported into them.

System administrators of Debian, Ubuntu and Kubuntu systems should take
appropriate actions now, Upgrade your OpenSSL software.
Cryptographic materials should be recreated.

References:
http://www.debian.org/security/2008/dsa-1571
http://lists.debian.org/debian-security-announce/2008/msg00152.html
http://metasploit.com/users/hdm/tools/debian-openssl
http://lists.centos.org/pipermail/centos-announce/2008-May/014902.html
http://www.ubuntu.com/usn/usn-612-1
http://www.us-cert.gov/cas/techalerts/TA08-137A.html

Innocuous Returned Mail 2/25 1:03 PM – 1:12 PM

by

Due to human error, two of the departmental Mail eXchangers had a temporary problem between 1:03 p.m. and 1:12 p.m. PDT on Monday February 25, 2008.

In addition to the normal delivery to @ERSO.Berkeley.EDU, @CS.Berkeley.EDU, and @EECS.Berkeley.EDU e-mail addresses during that time, bounces were sent to the envelope sender typically with a “Subject: Returned Mail” and text about either “mailtest.cs.berkeley.edu: host not found” or “mailtest.EECS.Berkeley.EDU>… User unknown”

No email was lost. We are sorry for the inconvenience.

Resolved as of 2008-02-25 13:12:00

REMINDER: Please Check That Your X Window System Is Secure

by

Please check that your X Window system is secure.

X Windows is a networking and display protocol environment using a GUI
(graphical user interface). Common X Window servers include XFree86
and Xorg in UNIX style systems and Exceed, WinAXE, Cygwin’s Xwin on
Microsoft Windows systems.

In January 2007, it was discovered that there were keystroke logs on a
system at another University containing data from nine systems in
EECS. Eight of the systems were running various versions of the
Microsoft Windows operating system and one was running linux. We must
assume these keystroke logs contained all passwords used on these
hosts as well as all passwords used to connect to other hosts. It is
suspected that all 9 of the systems had insecure X Window Systems.

IRIS advises usng a layered approach to securing your X Window
System. Access to the X server should be controlled. Typically UNIX
style systems by default do control access to the X server, but a user
can overide the default. Typically Exceed on Windows by default allows
any remote host access to the X server; this is a bad thing.

In addition to controlling access to the X server by utilizing proper
configuration of the X Window system and using the related tools
properly, another layer of security can be added. A properly
configured host based firewall blocking unauthorized remote
access to the X server, typically 6000/tcp, is also recommended.

John Kim from the campus SNS (System and Network Security) group has
written a good knowledge base article concerning securing X Window
systems. The article contains details about configuring Exceed, the
Microsoft Windows firewall and the Symantec Client Security firewall at

http://kb.berkeley.edu/kb1185

It is also recommended that X traffic be encrypted for
example through an encrypted ssh tunnel.

If you need further help with securing your X Windows system please
contact your computer support person(s) or the EECS Helpdesk
(help@eecs, 395 Cory 9am-5pm, 313 Soda 10am-5pm, 642-7777).

Possible Security Breach

by

The UC Berkeley campus received an FBI report with evidence that
multiple computer accounts and systems was compromised in the time
frame of 2003-2005. The campus SNS (System and Network Security)
group believes that all evidence from the FBI report is consistent
with this being the UC Berkeley portion of the legacy of the
world-wide cyber attack by the infamous “Stakkato” alias. For more
information about Stakkato:

http://en.wikipedia.org/wiki/Stakkato
http://www.nsc.liu.se/~nixon/stakkato.pdf

SNS forwarded information to EECS from the FBI report with what we
have identified as a copy of the department NIS domain
passwd file from November 18, 2004. This date appears to
correlate with activity via a compromised non-privileged user
computer account in EECS (this unauthorized activity was
presumably by Stakkato). Since Stakkato had access to very
powerful computing, Stakkato could have used “brute force” to guess
UNIX passwords.