Recently in Security Notice Category

A vulnerability in recent versions of the linux kernel was discovered on the weekend: Mandriva linux versions 2007.0, 2007.1 and 2008.0 were affected. We began applying temporary fixed on Sunday and so far have detected no compromises. We are now applying updated, fixed kernels to all affected systems.

I will be installing the latest Mandriva release on some systems where there is any suspicions of compromise. The series of updates of earlier releases (< 2006.0) which I began last month will continue.

The best phishing scam I've ever seen is making the rounds at Mac. It appears to come from the McMaster Savings and Credit Union and insists - in a plausible way in almost flawless English - that:

You must enroll in "Challenge Questions" Authentication

Do I need to say that you must not and should not do any such thing?

UTS advises that some older versions of Sophos antivirus have been found to have a vulnerability:
http://www.frsirt.com/english/advisories/2006/4919

Check to see which version you have and download any necessary updates from UTS.

Microsoft has warned of two vulnerabilities affecting Microsoft Word in the past week. The first (announced December 5th) vulnerability affects both Windows and Mac OS X versions; the second (announced December 10th) affects only Windows versions. The Register has a nice summary.

The Safari vulnerability mentioned last week is addressed in the latest OS X 10.4 patch. I recommend running software update ASAP; a reboot is required.

Safari, the default browser in OS X, has been discovered to have an easily exploitable vulnerability which could result in arbitrary code being executed on a Mac.

The vulerability, which involves automatic execution of code in ZIP files, is described at Secunia.com; the same Web site also has a safe demonstration.

We've seen tens of thousands of break-in attempts on servers in a number of departments. One of those attempts resulted in a research group's server (not in Math & Stats) being compromised and removed from the network by UTS when they discovered it to be the source of nasty behaviour.

The compromised system was not attacked via a security hole or subtle social engineering: the compromised account had a password simple enough for the cracking program to guess it.

Please make sure that your mathserv password is good. Good means:

1. more than one word
2. at least one of those words is not in the dictionary
3. you have one or more numbers or symbols in your password
4. your password has nothing to do with your name

UTS scanned the network for Windows PCs vulnerable to Windows MS05-039 Plug & Play exploits, and once again there are dozens of potential victims and none of them are in Math and Stats. That said, chances are your Windows laptop was not checked so it might still be vulnerable. Run Windows Update to make sure that you aren't open to nasty worms of the zotob ilk.