|
sidemenu
|
- August 31, 2006: New How-To Guide on Trusting
Certificates and
downloading the CA Certificates added.
- Oct 20, 2005: Avoiding
Phishing Scams
- Oct 20, 2005: Social
Engineering Information
- Aug 03, 2005: New HowTo page on Rules and
Procedures for Using Special Kerberos Principals
- Apr 2004: All network address
assignments now
require registration
of a sysadmin or contact point.
- Apr 2004: Information about network
blocks
is now online (onsite access only). Automated procedures for unblocking
critical vulnerability blocks are under development.
- June 22, 2007: Added entry to How
To
page with links to the Kerberos principal to Distinguished Name (DN)
translations that will appear in KCA certificates. These
tables are now automatically updated on a weekly basis.
- June 13, 2007: The special plugin
profile "low hanging fruit" has been added to nessquik
2.5 beta. Many thanks to the ANL security team for sharing
this list
- May 30, 2007: nessquik
2.5 beta available on site. Please test and report bugs or
other problems to the helpdesk
- May 25, 2007: Vulnerability
in SRMWATCH
- April 4, 2007: Vulnerability
in MIT Kerberos Telnet server
- April 2, 2007: Vulnerability
in Windows Animated Cursor Handling (935423)
- February 09, 2007: PortScanMeNow
has
been updated. You can now specify the ports you want to scan.
- January 12, 2007: Critical
Vulnerability: MS07-004
Vector Markup Language
- December 27, 2006: Updated the krb5.conf
template
file to match the Kits version (V2.0) restoring the PILOT.FNAL.GOV
realm definitions, adding another KDC (krb-fnal-7) and updating the
Windows Domain DC list.
- November 20, 2006: Ehanced the page
on current SSH problems, adding instructions for Mac users to install
and setup the old SSH version.
- October 24, 2006: Updated the krb5.conf
template file to match the Kits version (V1.16) restoring the
PILOT.FNAL.GOV realm definitions.
- October 23, 2006: Critical
Vulnerability in OpenPBS/Torque
- October 16, 2006: get-cert for
Mac OSX
has been updated with universal binaries. Get it here.
- October 10, 2006: New get-cert
for Mac
OSX available here!
No more editing of scripts needed! Import into Firefox and Keychain and
away you go!
- September 13, 2006: Added
to page
on current SSH problems, the information on the test release of OpenSSH
for Scientific Linux Fermi and information on how to get these updates
and install them.
- September 07, 2006: Nessquik
available for
production use. Please send all comments, questions, bug reports and
feature requests to CST.
- August 28, 2006: Added a page on
current SSH problems
with Mac OS X and Scientific Linux.
- August 09, 2006: Critical
Vulnerability: MS06-040
- MS Server Service
- July 20, 2006: Updated roaster's
SSL
certificate. You will need to remove your old KCA trusted authority,
and install the new authority if you havent already done so (see this
link), or else you will be prompted to accept and trust the certificate
offered everytime you start up your browser.
- July 20, 2006: Sysadmin
Roundtable: Oracle Mitigations video is now available for
those who missed it
- July 20, 2006: Sysadmin
Roundtable: Oracle Demonstration video is now available for
those who missed it
- July 18, 2006: Prototype version
of
get-cert for Mac OSX that supports inserting certificates into Firefox
is available. Please report any issues. Download it here get-cert-proto.tar.gz
- July 17, 2006: Security page
modified
to remove mouse over drop list in sidemenu. Please report display or
navigation errors to us so we can fix them.
- April 24,2006: Perform a ScanMeNow
from outside the FNAL border
- March 15, 2006: ScanMeNow
- Easily perform
a Critical Vulnerability scan or Full Nessus scan against your computer
- Feb 10, 2006: View the slides
from the Scanning
with Nessus step-by-step
- July 10, 2006: Restored links for
KCA
Certificate Revocation List (CRL) to PKI
Policy page.
- June 12, 2006: Updated the list
of
Kerberos ports to include the kx509/KCA port usage.
- June 1, 2006: Updated the krb5.conf
template file to match the Kits version (V1.12) adding the master_kdc
definition.
- May 16, 2006: RealVNC
4.1.1 and earlier Authentication Bypass
- March 17,2006: Added second KCA
DN
translation list for certificates used by cron/kcron jobs.
- March 10, 2006: Basic Computer
Security
training - March
28 & March 30
- Jan 11, 2006: View the slides
from the FNAL
Observations from the ASSIST visit
- Jan 5, 2006: Read the CriticalVulnerability:
MS06-01 (912840) Microsoft WMF image handling
- Dec 13, 2005: New pages on certificates are available.
User feedback to cst@fnal.gov is encouraged.
- Nov 09, 2005: Updated the krb5.conf
template file to match the version currently in UPS/UPD (V1.11).
- Oct 27, 2005: New Fermilab Policy
on Computing Published
- Oct 24, 2005: Are people having
problems accessing your web site? Are they getting messages about
expired KCA certificates? Do you still have the old KCA CA certificate
(expired on Sunday, Oct 23) installed in your web server? A new KCA CA
certificate has been available for awhile from here.
Please install it immediately!
- Oct 13, 2005: Read the Critical
Vulnerability: MS05-051 MS Windows MSDTC and TIP
- Oct 12, 2005: Read the Critical
Vulnerability: MS05-047 MS Windows Plug and Play (MS05-039 Update)
- Sep 13, 2005: Read the Directors
message on OS versions and patching
- Sep 13, 2005: New cookbooks
available: Quick Start to Certificates, Offsite Email, Webmail
- Sep 09, 2005: KCA CA
certificate re-created with expiration date of OCt 2008, get it from here
or
click here
to load into your browser (you might have to delete the old one before
you are able to re-load the newer one).
- Sep 08, 2005: Added contributions
and
bugfixes in the Linux get-cert
utility
- Aug 29, 2005: Fixed path handling
issue
in the Linux get-cert utility
- Aug 12, 2005: Critical Vulnerability:
MS05-039 MS Windows Plug-n-Play
- Aug 11, 2005: Critical
Vulnerability: Backup Exec Remote Agent
- Aug 04, 2005: Updated
Unix get-cert utility to permit certificate conversion for
Globus use (fixed bugs)
- July 28, 2005: VHOST security.fnal.gov
setup and old site redirected - remember to change your bookmarks
- July 18, 2005: Requesting
DOEGrids certificates for IIS
- July 11, 2005: KCA
certificates with IIS
- July 7, 2005: Posted
July 2005 Sysadmin Round Table slides
- July 7, 2005: CA Security
Advisor Alerts
- July 1, 2005: Backup
Exec Critical Vulnerability
- June 24, 2005: National
Credit Union Phishing Scam
- June 23, 2005: CST RSS
Feed available
- June 20, 2005: TIssue vulnerability
tracking database now live
- June 17, 2005: Links to Spyware
removal
tools on the Tools
page
- June 9, 2005: Microsoft SQL
Server and
MSDE critical
vulnerability accouncement
- May 26, 2005: A brief guide to
Kerberos
can be found
at Quick
and Easy guide to Kerberos (hosted by ISI.EDU)
- May 19, 2005: Bank
of Oklahoma phishing scam
- May 15, 2005: Another eBay
phishing scam
- May 13, 2005: Linux version of get-cert
available
for testing
- May 12, 2005: Test your KCA
& DOEGrids certificates
- May 12, 2005: Updated page on getting
a KCA Certificate with instructions on using OpenSSL under
Linux to
import the certificate into Mozilla/Firefox and a sub-page
with information about Distinguished Names (DNs) and text
interpretation of DNs.
- May 10, 2005: New KCA CA
certificate
available (old
one
expires in October 2005), get it from here
or
click here
to load into your browser
- May 7, 2005: More eGreeting
spam containing a virus
- May 6, 2005: New eBay
Phishing email going around
- May 5, 2005: Exemption and
Scanning Tools
Request forms now available online
- May 5, 2005: Check out the new CookBooks and How-To guides
section
- May 4, 2005: Computing
Checklist for Connecting to Fermilab Resources added
- May 4, 2005: Updated GetCert
utility for Windows (updated OpenSSL to 0.9.7f)
- May 2, 2005: New virus, SOBER.O
detected
- May 1, 2005: Check out the CST
Metrics and Graphs (requires a KCA certificate)
- Mar 8, 2005: Talks and
handouts from Security Awareness Day
|
