Csadmin

If there is a systems emergency during non-business hours, please contact the emergency hotline (434-982-2271); there is contact information on the hotline for reaching staff at home if no information is posted there. If you aren't sure what constitutes an emergency, please click here.

Java 7 Exploit - 1/14/13

A significant security vulnerability has been discovered in Java 7 (earlier versions are not affected); the vulnerability allows hackers to take over computers and install malicious software. You machine may be compromised by visiting an apparently innocuous web site which contains malicious code which is run using the Java "plug-in" in your web broswer.

The vulnerability is serious enough that the U.S. Department of Homeland Security, Oracle and CERT have advised users to disable Java in their web browser:

http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html

http://www.kb.cert.org/vuls/id/625617

Oracle has provided a patch which the Java Update Manager on your individual computer will install; this patch was pushed out by Oracle beginning Sunday, January 13, 2013.

This patch simply ensures you are prompted whenever your broswer tries to load an unsigned (and potentially dangerous) applet so that you have a chance to block it. It does not actually fix the vulnerability! For complete security, Oracle recommends disabling java in your web browser.

To disable Java in your browswer:

IE:

1. Open Tools (menu or gear icon) and click Manage Add-ons
2. Under the 'Show' drop-down select 'All add-ons'
3. Under the Sun Microsystems entry right-click each 'Java Plug-in' and select 'Disable'
4. Restart the browser

--

Firefox:

1) Press CTRL+SHIFT+A to bring up the "addon-ons" tab.
2) Select "plugins" from the menu on the left.
3) Click "disable" on the Java Plug-in.

--

Chrome:

1) In the URI window of your browser, type:

 	chrome://plugins/

2) On the page that loads, simply click on "disable" under java.

--

Safari:

1) choose Safari > Preferences or press Command-comma (⌘-,)
2) Click "Security".
3) Uncheck (deselect) "Enable Java".
4) Close the Safari preferences window.

None

Ubuntu 12.04LTS Available! 1/15/13

Our CS-configured distribution of Ubuntu 10.04 LTS is now available. This is our new standard distribution, and we want to encourage folks to move to this as quickly as possible. All new desktop machines we deploy will have this distribution, and we plan to have upgraded all the shared department resources - the 'interactives' and the compute clusters - by the end of January.

There is an update to GCC and glibc in this upgrade; although this is a minor release update, it's quite common for that to cause 'breakage', and a couple of users have already reported issues to us. There may be other packages which are now deprecated or no longer available, or now have substitutes which need to be installed.

In order to facilitate testing, we have already upgraded the upper power nodes - interactives - please log on to power[4..6] and test your code and environment!. Please help us find what's missing or broken before we start pushing this out across the department!

We will not force upgrades on older Ubuntu 10.04 desktop boxes until security updates are no longer available, but we will not be able to provide updated packages for those systems either; Debian/Ubuntu packages of newer software versions (eg, the latest python, GCC or emacs). However, if you hold back your box because of incompatibilities with the newest glibc, etc. we encourage you not to allow the drift to get too big.

By e-mail: root@cs.virginia.edu
Emergency hotline: 982-2271 (What constitutes an emergency?)
Who we are