UPDATE: Symantec Releases Patch for pcAnywhere

February 2nd, 2012 in Incidents, Information Security, News

Last week, Symantec said it was unable to predict when it would complete its patching of pcAnywhere, citing the unpredictability of its investigation and the creation of the necessary fixes.  However, they have now released an update that addresses the security issues we reported earlier this week.  We therefore will not be implementing an inbound filter to 5631/TCP, 5632/UDP on Sunday 2/5 as previously mentioned.

The updates can be manually downloaded from Symantec’s website, or customers can use pcAnywhere’s built-in updating service to retrieve and install the patches.  http://www.symantec.com/business/support/index?page=content&id=TECH179960

Modena also confirmed that customers running versions of pcAnywhere prior to version 12.0 will be offered a free upgrade to 12.5.  “If requested, Symantec will honor an update to version 12.5 for the customer.”

Warm Regards,

-IRT

Information Security Incident Response Team, Information Services & Technology
Boston University
T(617)358-1100
F(617)353-6260
irt@bu.edu

Security Issue with pcAnywhere

January 30th, 2012 in Information Security, News

Security Alert – Due to a security issue with pcAnywhere, we plan to create a new rule to block in bound traffic to ports: 5631/TCP, 5632/UDP.  This rule will go into effect on Sunday, 2/5.

If you are using pcAnywhere, please read this message in its entirety.

In a white paper released on 1/23, Symantec revealed that  proprietary source code for current versions of its pcAnywhere software were stolen in 2006 and that all users are at risk of attack and should disable the product.

Symantec, in their official report on this event, provides this statement:  “Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks.“

What you should do:

• For any system that contains Restricted Use information, pcAnywhere must be disabled and alternatives sought.  (For a definition of Restricted Use information, please see the Data Classification Guide, part of the Data Protection Standards: http://www.bu.edu/infosec/policies/data-protection-standards/)
• For any other system where you are using pcAnywhere and where an alternative solution will work, you should switch to the alternate solutions.  Some possible solutions include:
  1. Windows Remote Desktop (see http://www.bu.edu/tech/security/protect/bestpractice/remote-desktop/ for details)
  2. GotomyPC (security has not evaluated this product and it does have a price tag, so this is not a specific recommendation of this product, but simply an alternative if Remote Desktop will not work)
  3. Avoid RealVNC.  It is known to have significant security issues.
• Where you (1) have a business critical function (2) on a system not containing Restricted Use information and (3) pcAnywhere is the only solution that will work for that function, you may continue to use it provided you do the following:
  1. Upgrade to the latest version
  2. Update your pcAnywhere configuration as recommended in the white paper from Symantec in the “pcAnywhere Security Best Practices” section, beginning on page 5
  3. Set up your pcAnywhere connection to use different authentication credentials than you use for any other BU system
  4. If you are outside of BU, Connect to BU via VPN prior to establishing the pcAnywhere connection
  5. Monitor Symantec’s site for further security information and updates

What we will be doing:

• As recommended by the vendor, we will be writing a new rule to block traffic coming in to BU using the standard pcAnywhere communication ports: 5631/TCP, 5632/UDP.  This rule will go into effect on Sunday, 2/5.

References:

• The story as told by Sophos
• The story as told by Techspot
• The white paper from Symantec

UIS/HOD Important Information About Java Updates, IE 8

March 28th, 2011 in Information Security, News

Sun Java 6.0.24

As announced in a notification from IBM, Host On-Demand is not supported by Java 6, update 24 and will not work after the computer has been upgraded. If you have upgraded to the most recent version of Java, we recommend downgrading to update 23:

1. Uninstall Java from your computer.
2. Download update 23 from Oracle’s website.
3. Install Java 6.0.23.

Sun Java 6.0.21

When using Java 6 update 21, you will receive a security notification when trying to connect with Host On-Demand.

To remove this warning, named HODAPPlet:

1. Open your Control Panel.
2. Click on the Java icon.
3. Select the Advanced tab.
4. Choose Security.
5. For “Mixed code (sandboxed vs trusted) security verification,” choose Hide warning and run with protections.

Sun Java 6.0.15, 6.0.16, and 6.0.17

If you are using either Sun Java 6.0 update 15, 16, or 17, Host On-Demand will not install or start in any browser.

As a work around, the next-generation plug-in can be disabled in the Java control panel.

1. Open the Java control panel (Start/Control Panel/Java).
2. Select the Advanced tab.
3. Select Java plug-in.
4. Uncheck Enable the next-generation Java plug-in.
5. Click OK.
6. A confirmation dialog box will appear. Click OK.
7. Restart HOD.

Internet Explorer 8

If you are using IE 8, Host On-Demand may not install or start, depending on the version of Sun Java that is installed.

As a workaround, revert back to Sun Java 6.0.14.

1. Uninstall Java 6.0.15 (or any more recent version, if installed)
2. Download Java 6.0.14.
3. Double-click on the 6.0.14 file to install.
4. Re-install Host On-Demand.

Note: Administrative privileges are required.

“Verify Your BU Account Now” E-Mail is spam – Delete it

January 31st, 2008 in Information Security, News

Managing Spam at BUMC

April 4th, 2006 in Information Security, News

Click here for more information about Information Security.