[Emergency countermeasure]: UNIX (Linux) Users – Please apply “glibc” library security patch!

2015/01/29

If you use UNIX OS (including Linux), please apply “glibc” security patch (CVE-2015-0235) as soon as possible. “glibc” library is used by most UNIX OS and software, so the influent area is huge! About the detail information, please see the following related information. Related Information Linux “Ghost” Remote Code Execution Vulnerability (US-CERT) Operation for applying the patch (Redhat Linux with yum) yum update glibc reboot more /etc/sysconfig/clock Please check the timezone. Security Patch Information (Redhat Linux) Redhat Linux ES 5: glibc-2.5-123.el5_11.1: https://rhn.redhat.com/errata/RHSA-2015-0090.html Redhat Linux ES 6: glibc-2.12-1.149: https://rhn.redhat.com/errata/RHSA-2015-0092.html 29th January, 2015 Chief of Information Processing Office: Kitani.

(KUINS) Announcement of Tentative network service suspension

2014/12/25

Dear all, The network center of Kyoto University announced about the urgent network maintenance today. Date: December 25, 2014 0:00 a.m. — 4:00 a.m. Influence: During above period, Kyoto University E-mail including CSEAS Email cannot be received or sent. PPTP connection won’t be available. Wi-Fi connection (MIAKO, eduroam) won’t be available. HP (including CSEAS HP) won’t be sometimes available. 24 December, 2014: Chief of Information Processing Office: Kitani.

(Mac Users) Please check the security update immediately!

2014/12/24

Dear all. Apple announced about OS X NTP Security Update. This is critical vulnerability, so please check the security update as soon as possible if you have Macintosh. This Update is supported by MacOS 10.8, 10.9, 10.10. *If you have old MacOS (10.7 or before), please consider to upgrade MacOS 10.10 as soon as possible. Basically, in case of using MacOS 10.6.8 or above version, the Macintosh can be upgrade to MacOS 10.10. – Please see http://www.apple.com/osx/how-to-upgrade/ . How to check the installation of OS X NTP Security Update. Select “Apple Store” in Apple menu Click on “Update” tab and confirm Software Update. If OS X NTP Security Update is displayed, please “Update” button....Read More

[Local]: Announcement of Network Maintenance (Done)

2014/12/08

Dear CSEAS members, The network maintenance was done by the network center during the following period. [Date]：December 8, 2014 0:00 — 8:00 [Influence Area]：Inamori Center, Library, East and Common building. [Summary]：The network in the influence area had been intermittently unavailable for 10 minutes by the network maintenance during the maintenance period. 8th December, 2014 : Chief of Information Processing Office: Kitani.

[Important]: PLEASE cope with the critical vulnerability regarding secure connection “SSL” (POODLE SSLv3)!

2014/11/14

Dear all, Last month, the critical vulnerability regarding the secure connection (SSL) was discovered. Especially, there is possibility of leaking the private information, a credit card, addresses, password and so on when you access a web browser to secure web sites, such as an online shopping, an online bank, or a local page with password. Countermeasure of not only servers but also PCs are needed!! Have my browser this vulnerability? This is good question! Please access to https://www.poodletest.com. If “Vulnerable” message is displayed, the browser has probably the vulnerability. Please cope with the following operation. How to cope with the vulnerability (for Web browser) Internet Explorer Update/Check Internet Explore to the latest...Read More

[Fixed]: Delayed or Unreached E-mail due to Trouble of Name Service in Kyoto University

2014/11/14

Dear all, According to the announcement from the network center of Kyoto University, During the following period, the e-mail in Kyoto University (including the Center) had been delayed or unreached due to the trouble of Name service in Kyoto University. [Date]: November 11 17:00 — 12 17:00 (for one day) [Influence]: In case of sending or receving the e-mail in Kyoto University, it might be replied the error message, such as “Host Unknown” or “Host not found”. If the error message was received when you or a sender sent the message or you worry, please resends the message. 14th November, 2014 Chief of Information Processing Office: Kitani.

【IT担当者向け】POODLE SSLv3 ウェブ暗号化通信脆弱性への対策メモ

2014/11/12

IT担当者向けに備忘録メモをつけておきます。そのため、細かい説明は割愛し端的に説明します。脆弱性診断テストは必ずしも正しいとは限らない https://www.poodletest.com などについては、ブラウザがSSL v3を有効にしているか無効にしているかの判断しかしません。そのためSSL v3を有効にしつつ、他の手法で回避策を講じている場合、脆弱性があると診断されてしまう場合があります。 Internet Explorerについてインターネットオプションの詳細設定より、TLSのみONにしておいてください。 WindowsXPのInternet Explorer 6では、デフォルトでTLSがOFFになっているので、SSL v3のOFFだけでなく、TLSのONも必要です。 Mozilla Firefoxについてアドオンを使ってうまくいかないようなら、手動で設定を変更してみてください。 URLに「about:config」と入れて、設定を出し、「securty.tls.version.min」の値を「1」にし、TLSしか使わないようにします。なお次期Firefox 34でSSL v3は削除されます。 Google Chromeについて Chrome 40（開発版）では、SSL v3は削除されています。現在38が最新であり6週間に1度メジャーバージョンアップを出すサイクルのため、数カ月先には対...

[Notice]: Noise due to the projector replacement in Tonantei

2014/11/12

Dear all, The Office informs you about the replacement to new projector. Keep in mind that the noise will be made due to the project replacement during the following period. Please cooperate with us. Date: Nobember 12, 2014 10:00 — 18:00 Place: Tonantei in Inamori Center Operation: Replacement of the projector 5th November, 2014 Chief of Information Processing Office: Kitani.

[Attention]: Please enable 2-step verification for Dropbox users!

2014/10/14

Users, According to some internet news (*1), the hacker put the criminal declaration which hacked more than 7,000,000 Dropbox accounts on the web. Dropbox accounted “Dropbox wasn’t haced” in Official blog. *1 [Update] Hundreds of Dropbox passwords leaked online but Dropbox denies it was hacked (TNW Blog) At least, please consider to enable 2 step verification system for Dropbox! By this system, the Dropbox account will be locked not only the password but also the device or software registration system. Thus, your account can prevent from sign in unknown device or software. About how to enable it, please see the following web site. Have you enabled two-step verification? There are 2-step...Read More

(Local) Announcement of temporary suspension of network services

2014/10/12

Users. The electric power supply will be tentatively suspended in the following time. [Date]: October 12, 2014 13:00 — 16:00 (Sunday) [Area]: Inamori Center and Library. [Summary]: The electric power supply in the buildings in the area will be suspended. [Influence]: CSEAS HP and CSEAS E-mail won’t be influenced. * ARIS database (http://aris.cseas.kyoto-u.ac.jp) will be suspended. * Of course, the Desktop PC and the network won’t be used because the power supply will be suspended. I recommend to plug off the electric adapters in your PC, HUB, and other electric devices. 9th October, 2014: Chief of Information Processing Office: Kitani.