| Home | Update | Hacking | Protection | Contact | Alerts |

Welcome to the OIT Security Website

FAKE E-MAIL ALERT

University Officials will never ask you to send your password in an e-mail message.  If you receive such a message, DELETE IT.  If you respond to such a message, CHANGE YOUR PASSWORD immediately.

 

______________________________

INFORMATION ON DOTS SOCIAL SECURITY NUMBER INCIDENT

For information related to the July 1, 2008 incident involving Social Security Numbers at the UM Department of Transportation Services, visit the DOTS Web site at

www.transportation.umd.edu

_____________________________

The security group within the Office of Information Technology is responsible for the coordination of a variety of IT Security related activities.  These include:

·         Incident Management and Response

·         Compliance Coordination

·         Vulnerability and Threat Assessment

·         Awareness and AUP Enforcement

·         Security Policy Development

 

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

 

Major DNS Protocol Vulnerability Requires Immediate Action
updated July 9, 2008

Security researcher Dan Kaminsky has uncovered a significant weakness in the design of the Domain Name System protocol that can be exploited to trick computers into visiting rogue websites (among other things).  He has worked with US-CERT to give software and hardware vendors the information needed to create security patches.  Those patches were released in a coordinated manner on July 8. 

See the Homeland Security US-CERT bulletin for the latest information on systems and software affected.  We expect additional vendors to be added to the list over time. Kaminsky intends to disclose the details of the vulnerability at a conference in August, so patch sooner than later!

 

Microsoft Announces July Vulnerability List
updated July 9, 2008

Microsoft has released their security updates for July 2008.  This month’s list includes:

MS08-037 - addresses a vulnerability in DNS (Windows)(KB 953230)

MS08-038 - addresses vulnerabilities in Windows (KB 950582)

MS08-039 - addresses vulnerabilities in Microsoft Exchange Server (KB 953747)

MS08-040 - addresses vulnerabilities in SQL, WYukon, and WMSDE (Windows)(KB 941203)

Please note that MS08-037 addresses the big DNS protocol issue referenced above.

 

For more information, please see:

http://www.microsoft.com/protect/computer/updates/bulletins/200807.mspx

 

 

 

Version 1.5 of USM Guidelines In Response to the State IT Security Policy has been released.

 

If you wish to report a crime or feel that you are in danger,
please contact the University of Maryland Police Department

 

This page is maintained by the Office of Information Technology
Questions and/or comments: oitsec-feedback@umd.edu
Last modified: July 18, 2008
© 2008 University of Maryland

University of Maryland