Computer researchers have recently revealed that the main chip inside most modern computers and other electronic devices --- the CPU --- has a hardware design flaw, or bug. This flaw creates two serious security issues dubbed “Meltdown” and “Spectre”.
The design flaw in CPUs has been there since 1995 and affects most CPUs, regardless of manufacturer. While the scope of the problem is not yet well understood, it is believed to affect nearly every modern computer and device with a CPU.
At this time, we know it affects the hardware that runs Microsoft
If you own a Mac, you have probably heard by now that Apple introduced a serious bug into High Sierra by which anybody could log into a Mac using 'root' as the username and no password, and get full access to the system.
If your Mac is under CNS-OIT management, then a workaround has been applied: a root password has been set on your machine. Additionally, owners of managed machines will receive an email reminding them to apply as soon as possible the security patch that fixes the root vulnerability.
As always, if you have questions or need help, please don'
If you own a Mac, you have probably heard by now that Apple introduced a serious bug into High Sierra by which anybody could log into a Mac using 'root' as the username and no password, and get full access to the system. You may have also heard that Apple released a patch to fix this vulnerability. But have you heard that the bug 'silently' reappears on systems that are subsequently upgraded from 10.13.0 to 10.13.1?
As of Friday, 17 November 2017, UT Austin's Two-Factor Authentication service (2FA) Duo has stopped reporting possible security issues to its push clients when they authenticate.
What does that mean? The Duo App, from 20 July 2017 until last week reported, based only on release date of the software on the device, that the system was insecure and in need of updates. This confused many users, or just plain infuriated them in that their phones were reporting to be insecure.
Security tools like 2FA via Duo are essential in this age of
On 1 November 2017, the Information Security Office announced that it would "soon begin a controlled phishing assessment in an effort to continue to improve security awareness around this particular attack vector. All faculty and staff are potential recipients."
According to the announcement, "you may receive fake phishing emails designed to look like ones that bad guys are sending. However, instead of harming you, these emails will provide the ISO with data and teach you how to identify these scams and protect yourself. The ISO will send at least three rounds of emails
You may have received an error or warning in your web browser about a site you visit not being secure. This can happen for many reasons. Usually, the fault lies with the web server because the server administrator has not been keeping up with the latest security best practices or has made a mistake in implementing a security measure. Nevertheless, in a surprising number of cases, the cause can be a non-server issue, such as your machine's clock being off by more than several minutes, or from your using a free public WiFi service that has a captive login portal.
Vulnerable versions of Adobe Flash are being actively exploited. Please patch your copy of Flash as soon as possible.
Title: Adobe Flash Releases Out-of-Band Flash Player Security Update Description: Adobe has released an out-of-band security update for Flash Player in response to CVE-2017-11292, a zero-day vulnerability under active exploitation. CVE-2017-11292 manifests as a type confusion vulnerability. Reports have indicated that this vulnerability is being leveraged by the Black Oasis APT group. Users are advised to update as soon as possible to reduce the
Earlier today an announcement was made of a serious security vulnerability in a protocol that encrypts almost all WiFi traffic today. An attack against this vulnerability exposes all encrypted wireless traffic for an attacker to read, record, or possibly manipulate. The vulnerability exists on all unpatched platforms and wireless access points, although testing by the people who discovered this vulnerability shows that Android phones and Linux and BSD computers are the easiest for hackers to exploit.
To exploit this vulnerability, a hacker needs only to be within
The UT Information Security Office (ISO) has just released a draft of new guidelines1 for using Facial Recognition and other biometric methods for authentication. This was brought about mostly by Apple Face ID on new iPhones, but Microsoft Windows' facial recognition Hello software is similar and getting a lot of attention, as well.
The ISO has rated Apple Face ID and Windows Hello for Business as highly secure. In the lesser category of secure (as opposed to highly secure), they add eye/iris scanners, finger/thumb scanners (including Apple Touch ID), and other facial