Re: Upgrading Eudora clients due to recent vulnerability

["H. Morrow Long" <morrow.long () YALE EDU>]

1. It appeared that we had possibly as long as 90 days
(before the details of the vulnerability in depth necessary
to create an exploit were made available).  Then again,
maybe not.

2.  We've discussed it preliminarily.  One recommendation -- 
to upgrade to Thunderbird sounded good to me :-)
We need to move a POA onto the front burner.

- H. Morrow Long, CISSP, CISM
University Information Security Officer
Director -- Information Security Office
Yale University, ITS


On Feb 10, 2005, at 2:46 PM, Robert Berlinger wrote:

> <x-tad-bigger>Is anyone else in a university (primarily decentralized) environment with a large number of installed Windows Eudora clients currently grappling with how best to get all of the systems upgraded due to the vulnerability recently discovered by NGSSoftware present in all versions prior to 6.2.1?</x-tad-bigger>
>
> <x-tad-bigger> </x-tad-bigger>
>
> <x-tad-bigger>We’re struggling with having users perform self-upgrades as they run into issues such as multiple versions of Eudora having been installed on one system, Eudora being installed into different Windows profiles, etc.  IT doesn’t have the resources to do all the work ourselves.</x-tad-bigger>
>
> <x-tad-bigger> </x-tad-bigger>
>
> <x-tad-bigger>Are other schools not concerned with the vulnerability and ignoring the issue, or just sending out awareness alerts, etc.  Any information or guidance would be appreciated since we haven’t seen any chatter on this topic in the usual places.</x-tad-bigger>
>
> <x-tad-bigger> </x-tad-bigger>
>
> <x-tad-bigger>Thanks.</x-tad-bigger>
>
> <x-tad-bigger> </x-tad-bigger>
>
> <x-tad-bigger> </x-tad-bigger>
>
> <x-tad-bigger> </x-tad-bigger>
>
> <x-tad-bigger> </x-tad-bigger>
> ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.

Attachment: smime.p7s
Description: