IRIS

4th floor Cory may be experiencing some network problems at the moment. Outage includes some but not all wired and wireless ports. Network admin is working on resolving this problem; excuse the temporary inconvenience.
[Read more…] about 4th floor Cory – Network down

We just had a software failure on the EECS core router for Cory Hall. I had to fail it over to the back-up management module. The Cory Hall (and BWRC) networks were down for a couple of minutes. I regret the inconvenience this may have caused. We are investigating this with the router vendor.

The EESWW server, cad.eecs, provides /usr/eesww fileservice to Unix/Linux machines (primarily Solaris machines) throughout the department. EESWW includes tools such as cadence and hspice.

cad.eecs will be offline for maintenance on Thursday, Nov 2nd, from about 9am until noon. We will be replacing a failing disk, and upgrading the operating system.

On Oct 31st from 07:00-07:30AM, the following EECS wireless network services will be down for maintenance:

EECS-11a WLAN
Guest WLAN

Users may need to re-authenticate to these wireless networks.

The purpose of the maintenance is to install a new authentication server for these WLANs.

A new feature for the EECS-11a WLAN is that users will now be able to authenticate with either their LDAP password or their Windows password.

All other wireless services will not be affected.

On Wed Oct. 25, 2006, we will reboot a switch. There may be brief network interruption from 5:00PM to 5:30PM.

This may affect people using the EECS windows domain and SMB connections to project and coeus.

We regret any inconvenience this may cause. Please make your plans accordingly.

WinSWW was unexpectedly rebooted at 12:19 pm today. IDSG apologizes for the lack of notice.

WinSWW had to be rebooted unexpectly today. It should be back up now though.

This morning, we are seeing very high utilization on the EECS firewall. There has been some service impairment as a result, and we are still investigating as to the cause. Also, service to Argus was disrupted for a few minutes this morning as a side effect.

We regret the inconvenience.

Fred

Microsoft will release their patches for the month on Tuesday, October 10th.

HERMES, PRINT, RIS and WINSWW will be down for patching Wednesday, October 11, from 3:00p?5:00p.

macserver.eecs.berkeley.edu, which hosts the Mac software warehouse, will be down for maintenance at this time as well.

US-CERT Technical Cyber Security Alert TA06-270A

Systems Affected;
* Microsoft Windows
* Microsoft Internet Explorer

Overview

The Microsoft Windows WebViewFolderIcon ActiveX control contains an integer overflow vulnerability that could allow a remote attacker to execute arbitrary code.

I. Description
The Microsoft Windows WebViewFolderIcon ActiveX control contains an integer overflow vulnerability. An attacker could exploit this vulnerability through Microsoft Internet Explorer (IE) or any other application that hosts the WebViewFolderIcon control. More information is available in Vulnerability Note VU#753044.

Exploit code for this vulnerability is publicly available.

II. Impact
By convincing a user to open a specially crafted HTML document, such as a web page or HTML email message, a remote attacker could execute arbitrary code with the privileges of the user who is running the program that hosts the WebViewFolderIcon control.

III. Solution
Microsoft has not released an update for this vulnerability. Consider the following workarounds and best practices:

A. Disable the WebViewFolderIcon ActiveX control
To protect against this specific vulnerability, disable the WebViewFolderIcon control by setting the kill bit for the following: {844F4806-E8A8-11d2-9652-00C04FC30871}

Typically, you will have to manually create this registry key and DWORD titled “Compatibility Flags”. Use Registry Editor to edit/create the following registry key;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{844F4806-E8A8-11d2-9652-00C04FC30871} Set the value of the Compatibility Flags DWORD value to 0x00000400.

More information about how to set the kill bit is available in Microsoft Support Document 240797.
http://support.microsoft.com/kb/240797/en-us

B. Disable ActiveX
To protect against this and other ActiveX and COM vulnerabilities, disable ActiveX in the Internet Zone and any other zone that might be used by an attacker.

C. Render email as plain text
To protect against this and other vulnerabilities that require a victim to load a malicious HTML document, configure email clients to render email as plain text.

D. Do not follow unsolicited links
To protect against this and other vulnerabilities that require a victim to load a malicious HTML document, do not follow unsolicited or untrusted links.

In order to convince users to visit their sites, attackers often use URL encoding, IP address variations, long URLs, intentional misspellings, and other techniques to create misleading links. Do not click on unsolicited links received in email, instant messages (IMs), web forums, or internet relay chat (IRC) channels. Type URLs directly into the browser to avoid these misleading links. While these are generally good security practices, following these behaviors will not prevent exploitation of this vulnerability in all cases, particularly if a trusted site has been compromised or allows cross-site scripting.

IDSG also advises;

1. Do not log into a Windows host as Administrator, if not needed. Instead, log in as a non-privileged user.

2. Do not add a non-privileged user account to the Administrators Group.

3. Use “run as” to run processes as needed.