Educause Security Discussion mailing list archives

Re: Upgrading Eudora clients due to recent vulnerability

From: Robert Berlinger <rnb () AECOM YU EDU>
Date: Mon, 14 Feb 2005 10:17:46 -0500

On the vulnerability, see

http://www.ngssoftware.com/advisories/eudora-01.txt


Is your version control/installation program something that you're in a
position to share?

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Wayne J. Hauber
Sent: Monday, February 14, 2005 9:37 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Upgrading Eudora clients due to recent vulnerability

At 04:11 AM 2/11/2005, Gary Dobbins wrote:

Joe St Sauver wrote:

I'd really be interested if anyone's found my fantasy agent-based "tell
users which of all their applications need to be updated"-type application
(particularly if it is open source or cheap enough that I can afford it
for everyone who needs it on campus!)


We have had a version control/automated installation program since the
mid-90's. It has been our main way to install programs like Eudora. It
isn't an agent based thing, you must launch it to see what needs updating.
It highlights out of date packages in red.

Our installer also remembers where each program was installed and installs
it in the correct directory. Thus, we aren't struggling with the original
issue that started this thread.

I haven't seen any description of the vulnerability that has everyone
concerned. If I knew what the problem was, I could justify making a big
push to upgrade Eudora. We won't have a hard time doing the installs. We
always have a hard time getting people excited enough to take the time.

We too are trying to push that Eudora update here.  And will get in
line to get that magic "oil-change" application to give our users.

These updates are critical to us, but not to the users with nothing on
fire as far as they can tell.  We have to close that perception gap.
Awareness plus incentives?

--

  ------------------------------------------------------------
  Gary Dobbins, CISSP -- Director, Information Security
  University of Notre Dame, Office of Information Technologies

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.



Wayne Hauber (515) 294-9890
Network Information & Microcomputer Network Services
Office of Academic Information Technologies
109 Durham Center, ISU, Ames, Iowa 50011
wjhauber () iastate edu

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

Upgrading Eudora clients due to recent vulnerability Robert Berlinger (Feb 10)
- <Possible follow-ups>
- Re: Upgrading Eudora clients due to recent vulnerability H. Morrow Long (Feb 10)
- Re: Upgrading Eudora clients due to recent vulnerability Joe St Sauver (Feb 10)
- Re: Upgrading Eudora clients due to recent vulnerability Valdis Kletnieks (Feb 10)
- Re: Upgrading Eudora clients due to recent vulnerability Gary Dobbins (Feb 11)
- Re: Upgrading Eudora clients due to recent vulnerability Wayne J. Hauber (Feb 14)
- Re: Upgrading Eudora clients due to recent vulnerability Robert Berlinger (Feb 14)
- Re: Upgrading Eudora clients due to recent vulnerability Wayne J. Hauber (Feb 16)
- Re: Upgrading Eudora clients due to recent vulnerability H. Morrow Long (Feb 23)
- Re: Upgrading Eudora clients due to recent vulnerability Robert Berlinger (Feb 24)