Minutes of Smathers
Middle Manager's Meeting
August 5, 2004
Present: Joe Aufmuth, Suzanne Brown, Carol Drum, Leilani Freund, Martha Hruska, Erich Kesse, Tom Minton, Jan Swanbeck, Carol TurnerMalware
- We are currently experiencing systematic attacks on Windows networking campus-wide.
- Machines were compromised at IFAS or CLAS, then co-opted.
- The malware would go down the list of our accounts on the server and try passwords for each account until it got in or was locked out. In our case, we have it set to lock out after 5 attempts, so accounts would simply, suddenly lock out. If you were in the middle of a session, you would see weirdness.
- There was no damage; it was just disruptive. The primary hit was the mail server. There were enough hits to disrupt it completely until 6:45PM last evening.
Public Workstation Security
- For eight weeks, there was a major flaw in IE – with no patch to fix. The hole allowed malware to crawl into the machine by visiting a particular site.
- As of this morning, we have had 3 machines attacked in this manner. All were running IE at the time of the attack. It turns the machine into a FTP server. This hit originated in Switzerland and was communicating in German.
- It can change the physical file system on disk. It also behaves as a keystroke logger and more.
- There is no possibility of getting your files back – when it’s that badly infested; we have to burn it down.
- This is a good reason to back up your files regularly.
- This infestation was not a function of a foolish operator.
- Microsoft says they have patched the security hole, but there will be continual problems with IE.
- IE will not be given away free in the future.
- IE is the only officially supported browser of myufl!
- Updates need IE. It is hard to remove IE from Windows. Have to leave it on.
- All we can do is ask people to install a less problematic browser. We have found that Firefox works fine. Some of our own Systems programs did not work with it, but we fixed the problems.
- A lot of people around the world are switching browsers as well, but there’s no promise that it’s universal.
- The last round of compromise infiltrated banks and department stores. The big guys don’t want to admit that they’ve been compromised. You can’t just warn them to stay away.
- Hackers may eventually move to attacking Firefox, at which point we’ll just have to switch browsers again.
- We suggest the move to Firefox .92 for all browsers in the Library. It is actually faster and more stable. It has a pop-up blocker built –in. We will put a copy on the server for downloading.
- We will make the announcement of the default browser switch to Liaisons this afternoon.
- Is the use of the Firefox browser going to include the public areas? Not right now, but in the long run, yes.
- Staff machines are more vulnerable than public.
- XP is mostly on staff machines, but it will inevitably go public.
- Previously, the security was specific to Win’98 and W2K.
- We’ve managed to have remarkably tight security. Nothing has been whacked with the old method in place. It is extraordinarily tedious to install the security. A real pain.
- We had to revamp the installation procedures for XP. The downside will be that security may not be as tight, but this seems to be an acceptable trade-off.
- The procedure will be presented to the Liaisons at the meeting today.
Back to the Systems Homepage
Last updated August 19, 2004
by Debra Fetzer