SecureIT

Members of the Brandeis community have recently started receiving automated telephone calls claiming to be from a credit union indicating that their credit card has been compromised. The automated caller requests that the individual receiving the call press various keys on their touch tone key pad, and then enter their credit card number. This is a scam and attempts to steal credit card information similar to phishing email messages that you may have received.

Please DO NOT enter any personal information (credit card number, debit card number, Social Security Number, etc.) if you receive such a phone call. NO legitimate institution will ever request confidential information in this manner via an automated phone call or an email message.

If you receive such a call please notify us at security@brandeis.edu. The messages are coming from many different compromised phone numbers and it will not be possible to block all possible numbers.

Thank you for your diligence and cooperation to help protect yourself and Brandeis.

Orientation is underway and we’re doing out part with our updated Digital Self-Defense series to make sure incoming first-years are educated about information security.

The main resource workshop for first-years will be in Alumni Lounge in Usdan on Wednesday, August 26 from 10:30am to 11:30am. We will be going over the current threat landscape on campus and letting students know what they can to to protect themselves and their friends.

The handout we’ll be loosely basing our presentation on is available in PDF form here. The Facebook event page is here.

We just released our shiny new website to the public. It took a few weeks to make and we hope it’s easier to use, less cluttered, and less ugly than what used to be there. There might be some broken links to our old site, but we’re working to fix those as soon as possible. If you find any broken links, miss an old page that we scrapped, or have any other questions or comments, feel free to contact us or comment below.

Tavis Ormandy and Julien Tinnes discovered a local privilege escalation vulnerability in Linux that works across distributions and kernel versions.

There is exploit code in the wild that would allow anybody with shell access to easily gain root.

Debian released a fix. RedHat has an unofficial set of workarounds that work for now but might be compromised in the future.

If you use another distribution or want to use the fix on RedHat instead of the workarounds, it might be possible to apply the patch from the Debian update to your distribution’s kernel source. For rpm-based distributions: download and unpack the source rpm, patch the kernel code, and rpmbuild a binary rpm. We have not tested this method, so use at your own risk!