Computing Services News & Alerts 
Synthesis, the company that makes the SyncML client for UMCal, has announced that due to limitations with the Apple software development kit (SDK) the SyncML client they are producing will only work to synchronize contacts. Calendar synchronization will not be available at this time.
Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system.
Some vulnerabilities have been reported in Mozilla Thunderbird, which potentially can be exploited by malicious people to compromise a user's system.
The WebMail Pro and WebMail 3.0 decommission schedule has been extended to August 4, 2008. These systems were initially set to be decommissioned July 1.
Cougarmail will continue as a Web-based e-mail application for central e-mail accounts and is available at cougarmail.morris.umn.edu. U of M e-mail accounts will remain the same and e-mail addresses will not change. Any e-mail located in WebMail Pro/3.0 also is available in CougarMail.
WebMail Pro for non-central systems mail used by departmental e-mail servers also will be decommissioned.
A vulnerability in Internet Explorer, which can be exploited by malicious people to conduct spoofing attacks.
The problem is that it is possible for a website to modify the location of another frame in another window by setting the location to an object instead of a string. This can be exploited to load malicious content into a frame of a trusted website.
A vulnerability in Internet Explorer 6, which can be exploited by malicious people to conduct cross-domain scripting attacks.
The vulnerability is caused due to an input validation error when handling the "location" or "location.href" property of a window object. This can be exploited by a malicious website to e.g. open a trusted site and execute arbitrary script code in a user's browser session in context of the trusted site.
A vulnerability has been reported in Adobe Reader/Acrobat, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the implementation of an unspecified JavaScript method and can be exploited to cause a crash or potentially execute arbitrary code via a specially crafted PDF file.
A vulnerability has been reported in Mozilla Firefox, which can be exploited by malicious people to compromise a vulnerable system.
Mozilla has released the newest version of Firefox. Version 3.0 comes with many added features and upgraded security. Please note that if you have add-ons installed on your current Firefox they may not all transfer to the new version until there are new versions of those add-ons released.
University of Minnesota e-mail account holders have been targeted with waves of fraudulent e-mails. These messages are not from the University of Minnesota. We will NEVER ask you to provide personal information such as passwords over e-mail. If you receive an unsolicited e-mail or you are unsure of the sender, do not reply, do not click any links contained within it, and do not open any attached files.
After several weeks of evaluation, OIT's Internet Services has deployed more aggressive anti-phishing technology on the central mail servers used for all inbound e-mail. The software currently is detecting more than 1,000 additional phishing messages daily. |
