京都大学東南アジア地域研究研究所 情報処理室 > Announcements > Critical Information

(Fixed) Trouble of CSEAS E-mail Delay

Dear all, The Center’s e-mail had been delayed during the following period. I apologize for your inconvenience and my response delay. [Date] 29th January, 2015 12:00 – 2nd February 10:00 [Influence] The receipt of CSEAS e-mail (@cseas.kyoto-u.ac.jp) messages had been delayed. [Reason] CSEAS SPAM filtering system was unstable due to the update of glibc library for coping with the security vulnerability. Now, the delayed messages are being received. However, a part of the mail servers were replied the error message (undelivered message and so on). If you could not receive the needed e-mail during above period, please ask for resending it. 2nd February, 2015  Chief of Information Processing Office: Kitani.

[Emergency countermeasure]: UNIX (Linux) Users – Please apply “glibc” library security patch!

If you use UNIX OS (including Linux), please apply “glibc” security patch (CVE-2015-0235) as soon as possible. “glibc” library is used by most UNIX OS and software, so the influent area is huge! About the detail information, please see the following related information. Related Information Linux “Ghost” Remote Code Execution Vulnerability (US-CERT) Operation for applying the patch (Redhat Linux with yum) yum update glibc reboot more /etc/sysconfig/clock Please check the timezone. Security Patch Information (Redhat Linux) Redhat Linux ES 5: glibc-2.5-123.el5_11.1: https://rhn.redhat.com/errata/RHSA-2015-0090.html Redhat Linux ES 6: glibc-2.12-1.149: https://rhn.redhat.com/errata/RHSA-2015-0092.html   29th January, 2015 Chief of Information Processing Office: Kitani.

(KUINS) Announcement of Tentative network service suspension

Dear all, The network center of Kyoto University announced about the urgent network maintenance today. Date: December 25, 2014  0:00 a.m. — 4:00 a.m. Influence: During above period, Kyoto University E-mail including CSEAS Email cannot be received or sent. PPTP connection won’t be available. Wi-Fi connection (MIAKO, eduroam)  won’t be available. HP  (including CSEAS HP) won’t be sometimes available. 24 December, 2014:  Chief of Information Processing Office: Kitani.

(Mac Users) Please check the security update immediately!

Dear all. Apple announced about OS X NTP Security Update. This is critical vulnerability, so please check the security update as soon as possible if you have Macintosh. This Update is supported by MacOS 10.8, 10.9, 10.10. *If you have old MacOS (10.7 or before), please consider to upgrade MacOS 10.10 as soon as possible. Basically, in case of using MacOS 10.6.8 or above version, the Macintosh can be upgrade to MacOS 10.10. – Please see http://www.apple.com/osx/how-to-upgrade/ . How to check the installation of OS X NTP Security Update. Select “Apple Store” in Apple menu Click on “Update” tab and confirm Software Update. If OS X NTP Security Update is displayed, please “Update” button....Read More

[Important]: PLEASE cope with the critical vulnerability regarding secure connection “SSL” (POODLE SSLv3)!

Dear all, Last month, the critical vulnerability regarding the secure connection (SSL) was discovered. Especially, there is possibility of leaking the private information, a credit card, addresses, password and so on when you access a web browser to secure web sites, such as an online shopping, an online bank, or a local page with password. Countermeasure of not only servers but also PCs are needed!! Have my browser this vulnerability? This is good question! Please access to https://www.poodletest.com. If “Vulnerable” message is displayed, the browser has probably the vulnerability. Please cope with the following operation. How to cope with the vulnerability (for Web browser) Internet Explorer Update/Check Internet Explore to the latest...Read More

【IT担当者向け】POODLE SSLv3 ウェブ暗号化通信脆弱性への対策メモ

IT担当者向けに備忘録メモをつけておきます。 そのため、細かい説明は割愛し端的に説明します。 脆弱性診断テストは必ずしも正しいとは限らない https://www.poodletest.com などについては、ブラウザがSSL v3を有効にしているか無効にしているかの判断しかしません。 そのためSSL v3を有効にしつつ、他の手法で回避策を講じている場合、脆弱性があると診断されてしまう場合があります。 Internet Explorerについて インターネットオプションの詳細設定より、TLSのみONにしておいてください。 WindowsXPのInternet Explorer 6では、デフォルトでTLSがOFFになっているので、SSL v3のOFFだけでなく、TLSのONも必要です。 Mozilla Firefoxについて アドオンを使ってうまくいかないようなら、手動で設定を変更してみてください。 URLに「about:config」と入れて、設定を出し、「securty.tls.version.min」の値を「1」にし、TLSしか使わないようにします。 なお次期Firefox 34でSSL v3は削除されます。 Google Chromeについて Chrome 40(開発版)では、SSL v3は削除されています。現在38が最新であり6週間に1度メジャーバージョンアップを出すサイクルのため、数カ月先には対...

[Attention]: Please enable 2-step verification for Dropbox users!

Users, According to some internet news (*1), the hacker put the criminal declaration which hacked more than 7,000,000 Dropbox accounts on the web. Dropbox accounted “Dropbox wasn’t haced” in Official blog. *1 [Update] Hundreds of Dropbox passwords leaked online but Dropbox denies it was hacked (TNW Blog) At least, please consider to enable 2 step verification system for Dropbox! By this system, the Dropbox account will be locked not only the password but also the device or software registration system. Thus, your account can prevent from sign in unknown device or software. About how to enable it, please see the following web site. Have you enabled two-step verification?   There are 2-step...Read More

[Notice]: Please update “bash” shell command!!

Dear all, The critical vulnerability was found out on “bash” shell. This “bash” is installed in Linux, MacOSX, Windows (with only Linux emulator, such as Cygwin) and so on. By this vulnerability, any commands are carried out by the attacker. Kyoto University alerted the issue (Only Japanese), [京都大学の情報 [学内限定]] 【追加情報】UNIXベースOSの基幹ソフトウェア「GNU bash」に重大な脆弱性 If you manage the Linux or MacOSX server using “bash”, please update it immediately!! And if you use Linux, MacOSX, or Windows with Linux emulator, please update “bash” program. Especially, in case of MacOSX (including the PC), please download and install the bash update in the following url. MacOS 10.9 “OS X bash Update 1.0 – OS X Mavericks“ MacOS...Read More

[Announcement] Google Hangouts service was released in the Center.

Dear all, On 4th September, 2014, the Information processing office began to provide the Google Hangouts service to the CSEAS Account. Moreover, the Office provides the Google+ service for using the full functions of Google Hangouts. Please see  about  the detail information. 4th September, 2014  Information Processing Office  

[Announcement]: How to cope with the frequent disconnection of PPTP connection for Wi-Fi in case of Tablet or SmartPhone.

Dear all, When you’d like to connect your device to the Wi-Fi service in Kyoto University, you need to use the PPTP connection after connected to “MIAKO” wi-fi access point. However, the PPTP connection may be frequently disconnected due to the sleep setting in a Tablet or a Smartphone. Please see the following information if you want to avoid this issue. Section 1. Wi-Fi “MIAKO” in  (HP of Information Processing Office in CSEAS) 4th September, 2014 Chief of Information Processing Office: Kitani.