[Micronet] Does the campus use Cisco IP phones?

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] Does the campus use Cisco IP phones?

Bruce Satow
http://gizmodo.com/5974814/hack-turns-ciscos-desk-phone-into-a-spying-device
--
  Bruce Satow
  Systems Administrator
  University of California at Berkeley  
  Space Sciences Laboratory
  7 Gauss Way
  Berkeley, California 94720-7450

  Phone: (510) 643-2348
      Cell: (510) 847-1914



Si hoc legere scis nimium eruditionis habes

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

[Micronet] Java disable CERT blog post

Jeff Anderson-Lee
The "disable Java" CERT blog post seems to be getting a lot of media
attention, even though it has not yet been escalated to a CERT Advisory.
Anyone care to comment?

Jeff Anderson-Lee
Systems Manager, ERSO/EECS

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Java disable CERT blog post

Ian Crew
For what it's worth, both Apple and Mozilla appear to believe it's sufficiently serious to have pushed automatic security updates to disable the Java plug-ins in their browsers. I'm not sure why it's not a CERT Advisory yet, though....

Ian


On Jan 13, 2013, at 5:18 PM, Jeff Anderson-Lee <[hidden email]> wrote:

The "disable Java" CERT blog post seems to be getting a lot of media
attention, even though it has not yet been escalated to a CERT Advisory.
Anyone care to comment?

Jeff Anderson-Lee
Systems Manager, ERSO/EECS


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

___
Ian Crew
Platform and Services Manager, Research Hub

Content Management Technologies
IST-Architecture, Middleware and Common Applications
Earl Warren Hall, Second Floor
University of California, Berkeley


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Java disable CERT blog post

Beth Muramoto
Does disabling the Java plug-in affect using CalTime? Right now people are using Safari and Firefox with enabled Java plug-ins in order to use CalTime. 

Beth

Sent from my iPhone

On Jan 13, 2013, at 5:44 PM, Ian Crew <[hidden email]> wrote:

For what it's worth, both Apple and Mozilla appear to believe it's sufficiently serious to have pushed automatic security updates to disable the Java plug-ins in their browsers. I'm not sure why it's not a CERT Advisory yet, though....

Ian


On Jan 13, 2013, at 5:18 PM, Jeff Anderson-Lee <[hidden email]> wrote:

The "disable Java" CERT blog post seems to be getting a lot of media
attention, even though it has not yet been escalated to a CERT Advisory.
Anyone care to comment?

Jeff Anderson-Lee
Systems Manager, ERSO/EECS


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

___
Ian Crew
Platform and Services Manager, Research Hub

Content Management Technologies
IST-Architecture, Middleware and Common Applications
Earl Warren Hall, Second Floor
University of California, Berkeley


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Java disable CERT blog post

Noah N Bacon
Beth,

Without Java, accessing CalTime via opt. 2 (from caltime.berkeley.edu) isn't an option as it executes the program in Java on your local machine. However opt. 1 (which grants you CalTime access via connection to a remote machine) and opt. 3 (a limited, HTML version of CalTime) will function without issue. And since opt. 1 executes Java / CalTime on a remote system (a sandbox) as opposed to your local computer, it is and will continue to be a secure method of accessing the application.

Noah Bacon
Application Support Center
[hidden email]
(510) 642-8500 Option 5 and Press 6 for CalTime

On 1/13/2013 5:51 PM, Beth J MURAMOTO wrote:
Does disabling the Java plug-in affect using CalTime? Right now people are using Safari and Firefox with enabled Java plug-ins in order to use CalTime. 

Beth

Sent from my iPhone

On Jan 13, 2013, at 5:44 PM, Ian Crew <[hidden email]> wrote:

For what it's worth, both Apple and Mozilla appear to believe it's sufficiently serious to have pushed automatic security updates to disable the Java plug-ins in their browsers. I'm not sure why it's not a CERT Advisory yet, though....

Ian


On Jan 13, 2013, at 5:18 PM, Jeff Anderson-Lee <[hidden email]> wrote:

The "disable Java" CERT blog post seems to be getting a lot of media
attention, even though it has not yet been escalated to a CERT Advisory.
Anyone care to comment?

Jeff Anderson-Lee
Systems Manager, ERSO/EECS


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

___
Ian Crew
Platform and Services Manager, Research Hub

Content Management Technologies
IST-Architecture, Middleware and Common Applications
Earl Warren Hall, Second Floor
University of California, Berkeley


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Java disable CERT blog post

Beth Muramoto
Thanks, Noah. 

So this means that everyone we have told to use option 2 will now have to do option 1 due to this Java issue? 

As the IT for the Graduate School of Education, I need to know how to advise our HR people and what to communicate to our users, currently just exempt employees, myself included.

Thanks.

Beth

Sent from my iPhone

On Jan 13, 2013, at 6:28 PM, nbacon <[hidden email]> wrote:

Beth,

Without Java, accessing CalTime via opt. 2 (from caltime.berkeley.edu) isn't an option as it executes the program in Java on your local machine. However opt. 1 (which grants you CalTime access via connection to a remote machine) and opt. 3 (a limited, HTML version of CalTime) will function without issue. And since opt. 1 executes Java / CalTime on a remote system (a sandbox) as opposed to your local computer, it is and will continue to be a secure method of accessing the application.

Noah Bacon
Application Support Center
[hidden email]
(510) 642-8500 Option 5 and Press 6 for CalTime

On 1/13/2013 5:51 PM, Beth J MURAMOTO wrote:
Does disabling the Java plug-in affect using CalTime? Right now people are using Safari and Firefox with enabled Java plug-ins in order to use CalTime. 

Beth

Sent from my iPhone

On Jan 13, 2013, at 5:44 PM, Ian Crew <[hidden email]> wrote:

For what it's worth, both Apple and Mozilla appear to believe it's sufficiently serious to have pushed automatic security updates to disable the Java plug-ins in their browsers. I'm not sure why it's not a CERT Advisory yet, though....

Ian


On Jan 13, 2013, at 5:18 PM, Jeff Anderson-Lee <[hidden email]> wrote:

The "disable Java" CERT blog post seems to be getting a lot of media
attention, even though it has not yet been escalated to a CERT Advisory.
Anyone care to comment?

Jeff Anderson-Lee
Systems Manager, ERSO/EECS


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

___
Ian Crew
Platform and Services Manager, Research Hub

Content Management Technologies
IST-Architecture, Middleware and Common Applications
Earl Warren Hall, Second Floor
University of California, Berkeley


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Java disable CERT blog post

Ben Gross
Oracle released a Java 7 update 11 today that resolves the current published vulnerability. The majority of the machines on campus are running Java 6. The vulnerability did not apply to Java 6 as far as I understand.

In my limited testing CalTime/Kronos Workforce Manager, ReadyTalk, and WebEx all work with Java 7, even if the documentation says otherwise.

To the best of my knowledge BFS, BAIRS, ImageNow, and the SEP Java Console will all fail with Java 7, but work with Java 6.

Oracle has already included Java 7 in its updater for Windows. This means that if you manage your own machine and you run the Java updater you will end up with Java 7 update 11.

The only supported version of Java with MacOS X 10.7 and 10.8 is Java 7. Java 7 does not work with Chrome on the Mac as Google has not yet produced a 64-bit version of Google Chrome on the Mac and oracle only provides 64-bit plugins for the Mac.

I have started to collect a bit of information related to campus applications that require Java. I would welcome additional data points.

Common Applications on Campus That Require Java
https://wikihub.berkeley.edu/display/AMCA/Common+Applications+on+Campus+That+Require+Java

Thank you,
Ben Gross
Manager, Endpoint Engineering and Infrastructure
Information Services and Technology Division
University of California, Berkeley
[hidden email]

On Jan 13, 2013, at 6:45 PM, Beth J MURAMOTO <[hidden email]> wrote:

> Thanks, Noah.
>
> So this means that everyone we have told to use option 2 will now have to do option 1 due to this Java issue?
>
> As the IT for the Graduate School of Education, I need to know how to advise our HR people and what to communicate to our users, currently just exempt employees, myself included.
>
> Thanks.
>
> Beth
>
> Sent from my iPhone
>
> On Jan 13, 2013, at 6:28 PM, nbacon <[hidden email]> wrote:
>
>> Beth,
>>
>> Without Java, accessing CalTime via opt. 2 (from caltime.berkeley.edu) isn't an option as it executes the program in Java on your local machine. However opt. 1 (which grants you CalTime access via connection to a remote machine) and opt. 3 (a limited, HTML version of CalTime) will function without issue. And since opt. 1 executes Java / CalTime on a remote system (a sandbox) as opposed to your local computer, it is and will continue to be a secure method of accessing the application.
>>
>> Noah Bacon
>> Application Support Center
>> [hidden email]
>> (510) 642-8500 Option 5 and Press 6 for CalTime
>>
>> On 1/13/2013 5:51 PM, Beth J MURAMOTO wrote:
>>> Does disabling the Java plug-in affect using CalTime? Right now people are using Safari and Firefox with enabled Java plug-ins in order to use CalTime.
>>>
>>> Beth
>>>
>>> Sent from my iPhone
>>>
>>> On Jan 13, 2013, at 5:44 PM, Ian Crew <[hidden email]> wrote:
>>>
>>>> For what it's worth, both Apple and Mozilla appear to believe it's sufficiently serious to have pushed automatic security updates to disable the Java plug-ins in their browsers. I'm not sure why it's not a CERT Advisory yet, though....
>>>>
>>>> Ian
>>>>
>>>>
>>>> On Jan 13, 2013, at 5:18 PM, Jeff Anderson-Lee <[hidden email]> wrote:
>>>>
>>>>> The "disable Java" CERT blog post seems to be getting a lot of media
>>>>> attention, even though it has not yet been escalated to a CERT Advisory.
>>>>> Anyone care to comment?
>>>>>
>>>>> Jeff Anderson-Lee
>>>>> Systems Manager, ERSO/EECS
>>>>>
>>>>>
>>>>> -------------------------------------------------------------------------
>>>>> The following was automatically added to this message by the list server:
>>>>>
>>>>> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>>>>>
>>>>> http://micronet.berkeley.edu
>>>>>
>>>>> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>>>>
>>>> ___
>>>> Ian Crew
>>>> Platform and Services Manager, Research Hub
>>>> http://hub.berkeley.edu
>>>>
>>>> Content Management Technologies
>>>> IST-Architecture, Middleware and Common Applications
>>>> Earl Warren Hall, Second Floor
>>>> University of California, Berkeley
>>>>
>>>>
>>>> -------------------------------------------------------------------------
>>>> The following was automatically added to this message by the list server:
>>>>
>>>> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>>>>
>>>> http://micronet.berkeley.edu
>>>>
>>>> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>>>
>>>
>>>  
>>> -------------------------------------------------------------------------
>>> The following was automatically added to this message by the list server:
>>>
>>> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>>>
>>>
>>> http://micronet.berkeley.edu
>>>
>>>
>>> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>>>
>>
>>
>> -------------------------------------------------------------------------
>> The following was automatically added to this message by the list server:
>>
>> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>>
>> http://micronet.berkeley.edu
>>
>> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Does the campus use Cisco IP phones?

Isaac Orr
In reply to this post by Bruce Satow
I never saw any responses to this...

IST-Telecommunications does not operate any cisco IP phones.

That does not mean that someone on campus might not be using them somewhere...

iso


On Fri, Jan 11, 2013 at 11:05 AM, Bruce Satow <[hidden email]> wrote:

>
>
> http://gizmodo.com/5974814/hack-turns-ciscos-desk-phone-into-a-spying-device
> --
>   Bruce Satow
>   Systems Administrator
>   University of California at Berkeley
>   Space Sciences Laboratory
>   7 Gauss Way
>   Berkeley, California 94720-7450
>
>   Phone: (510) 643-2348
>       Cell: (510) 847-1914
>
>
>
> Si hoc legere scis nimium eruditionis habes
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe
> from its mailing list and how to find out about upcoming meetings, please
> visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and
> the list's archives can be browsed and searched on the Internet.  This means
> these messages can be viewed by (among others) your bosses, prospective
> employers, and people who have known you in the past.
>



--
Isaac Simon Orr
Manager, Network Operations and Services
IST Telecommunications, UC Berkeley
P: +1 510 643 9837 C: +1 510 517 9408 E: [hidden email]

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Does the campus use Cisco IP phones?

Bruce Satow
Thanks Isaac... now to find a laptop with a serial port... just kidding...

On 1/14/2013 9:48 AM, Isaac Orr wrote:
I never saw any responses to this...

IST-Telecommunications does not operate any cisco IP phones.

That does not mean that someone on campus might not be using them somewhere...

iso


On Fri, Jan 11, 2013 at 11:05 AM, Bruce Satow [hidden email] wrote:

http://gizmodo.com/5974814/hack-turns-ciscos-desk-phone-into-a-spying-device
--
  Bruce Satow
  Systems Administrator
  University of California at Berkeley
  Space Sciences Laboratory
  7 Gauss Way
  Berkeley, California 94720-7450

  Phone: (510) 643-2348
      Cell: (510) 847-1914



Si hoc legere scis nimium eruditionis habes


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe
from its mailing list and how to find out about upcoming meetings, please
visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and
the list's archives can be browsed and searched on the Internet.  This means
these messages can be viewed by (among others) your bosses, prospective
employers, and people who have known you in the past.



--
Isaac Simon Orr
Manager, Network Operations and Services
IST Telecommunications, UC Berkeley
P: +1 510 643 9837 C: +1 510 517 9408 E: [hidden email]

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

--
  Bruce Satow
  Systems Administrator
  University of California at Berkeley  
  Space Sciences Laboratory
  7 Gauss Way
  Berkeley, California 94720-7450

  Phone: (510) 643-2348
      Cell: (510) 847-1914



Si hoc legere scis nimium eruditionis habes

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Does the campus use Cisco IP phones?

Ian Crew
In reply to this post by Bruce Satow
Huh. Strikes me that this is also a hardware bug--I'd think that an LED should have been wired in series with the power line to the mics so that it would be impossible to turn on the mic without also turning on the LED...

Glad to hear we don't have those phones around here, even if all someone would be likely to get by listening to me is really bored! ;-)

Ian

_____________
Sent from my phone. Please excuse the brevity and typos.

On Jan 11, 2013, at 11:05 AM, Bruce Satow <[hidden email]> wrote:

http://gizmodo.com/5974814/hack-turns-ciscos-desk-phone-into-a-spying-device
--
<SSL-logo.gif>
  Bruce Satow
  Systems Administrator
  University of California at Berkeley  
  Space Sciences Laboratory
  7 Gauss Way
  Berkeley, California 94720-7450

  Phone: (510) 643-2348
      Cell: (510) 847-1914



Si hoc legere scis nimium eruditionis habes

-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Does the campus use Cisco IP phones?

Jay Bryon
>From what I've seen in many recent device designs, almost everything goes back to a microcontroller as a "feature" and to provide flexibility and reduce component count and therefore cost.  Since microcontrollers are now so cheap, it's not surprising.  Now you can also flash that LED to indicate if it's the NSA or just a corporate subcontractor that's listening in... 

On Mon, Jan 14, 2013 at 10:04 AM, Ian Crew <[hidden email]> wrote:
Huh. Strikes me that this is also a hardware bug--I'd think that an LED should have been wired in series with the power line to the mics so that it would be impossible to turn on the mic without also turning on the LED...

Glad to hear we don't have those phones around here, even if all someone would be likely to get by listening to me is really bored! ;-)

Ian

_____________
Sent from my phone. Please excuse the brevity and typos.

On Jan 11, 2013, at 11:05 AM, Bruce Satow <[hidden email]> wrote:

http://gizmodo.com/5974814/hack-turns-ciscos-desk-phone-into-a-spying-device
--
<SSL-logo.gif>
  Bruce Satow
  Systems Administrator
  University of California at Berkeley  
  Space Sciences Laboratory
  7 Gauss Way
  Berkeley, California 94720-7450

  Phone: (510) 643-2348
      Cell: (510) 847-1914



Si hoc legere scis nimium eruditionis habes

-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.




--
Jay Bryon
Senior Network Engineer, U.C. Berkeley/IST/IS/Network Operations and Services 
2-5636

"No problem can withstand the assault of sustained thinking."
-Voltaire

[Unless stated explicitly otherwise, all opinions are my own and do not represent official policy of any part of IST, U.C. Berkeley or the U.C. Regents]


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Java disable CERT blog post

Noah N Bacon
In reply to this post by Ben Gross
Beth,

Opt. 2 was always intended as merely a backup in case Opt. 1 failed a user for whatever reason. If you wouldn't mind advising your HR department and users to try opt. 1 before anything else, that would be appreciated (plus the RDP method allows load balancing, is a dedicated sandbox (useful for security) and doesn't rely on local settings to properly function. And I'd imagine troubleshooting one thing (the RDP file association) as opposed to three or four (Java, browser, etc) would simplify your task). But yes, if someone uninstalled Java because of fears over this exploit they'd be unable to use opt. 2. 

Oh... And officially CalTime has been tested and works best in IE 7 & 8 (as opposed to 9) & Safari 7 for Mac OSX but we've had regular success running it in Chrome and Firefox (Chrome is useful because it essentially sandboxes the Java runtime) but always suggest first trying it in IE. Regardless, if users encounter any errors, have trouble logging in, etc. please feel free to direct them to us here at the Application Support Center.

PS Ben: the CalTime team is considering pushing out an update for the application which will allow it to work properly with 7u11 but right now some functionality is broken if users use anything besides 6u33.

Noah Bacon
Application Support Center
[hidden email]
(510) 642-8500 Option 5 and Press 6 for CalTime

On Sun, Jan 13, 2013 at 8:25 PM, Ben Gross <[hidden email]> wrote:
Oracle released a Java 7 update 11 today that resolves the current published vulnerability. The majority of the machines on campus are running Java 6. The vulnerability did not apply to Java 6 as far as I understand.

In my limited testing CalTime/Kronos Workforce Manager, ReadyTalk, and WebEx all work with Java 7, even if the documentation says otherwise.

To the best of my knowledge BFS, BAIRS, ImageNow, and the SEP Java Console will all fail with Java 7, but work with Java 6.

Oracle has already included Java 7 in its updater for Windows. This means that if you manage your own machine and you run the Java updater you will end up with Java 7 update 11.

The only supported version of Java with MacOS X 10.7 and 10.8 is Java 7. Java 7 does not work with Chrome on the Mac as Google has not yet produced a 64-bit version of Google Chrome on the Mac and oracle only provides 64-bit plugins for the Mac.

I have started to collect a bit of information related to campus applications that require Java. I would welcome additional data points.

Common Applications on Campus That Require Java
https://wikihub.berkeley.edu/display/AMCA/Common+Applications+on+Campus+That+Require+Java

Thank you,
Ben Gross
Manager, Endpoint Engineering and Infrastructure
Information Services and Technology Division
University of California, Berkeley
[hidden email]

On Jan 13, 2013, at 6:45 PM, Beth J MURAMOTO <[hidden email]> wrote:

> Thanks, Noah.
>
> So this means that everyone we have told to use option 2 will now have to do option 1 due to this Java issue?
>
> As the IT for the Graduate School of Education, I need to know how to advise our HR people and what to communicate to our users, currently just exempt employees, myself included.
>
> Thanks.
>
> Beth
>
> Sent from my iPhone
>
> On Jan 13, 2013, at 6:28 PM, nbacon <[hidden email]> wrote:
>
>> Beth,
>>
>> Without Java, accessing CalTime via opt. 2 (from caltime.berkeley.edu) isn't an option as it executes the program in Java on your local machine. However opt. 1 (which grants you CalTime access via connection to a remote machine) and opt. 3 (a limited, HTML version of CalTime) will function without issue. And since opt. 1 executes Java / CalTime on a remote system (a sandbox) as opposed to your local computer, it is and will continue to be a secure method of accessing the application.
>>
>> Noah Bacon
>> Application Support Center
>> [hidden email]
>> (510) 642-8500 Option 5 and Press 6 for CalTime
>>
>> On 1/13/2013 5:51 PM, Beth J MURAMOTO wrote:
>>> Does disabling the Java plug-in affect using CalTime? Right now people are using Safari and Firefox with enabled Java plug-ins in order to use CalTime.
>>>
>>> Beth
>>>
>>> Sent from my iPhone
>>>
>>> On Jan 13, 2013, at 5:44 PM, Ian Crew <[hidden email]> wrote:
>>>
>>>> For what it's worth, both Apple and Mozilla appear to believe it's sufficiently serious to have pushed automatic security updates to disable the Java plug-ins in their browsers. I'm not sure why it's not a CERT Advisory yet, though....
>>>>
>>>> Ian
>>>>
>>>>
>>>> On Jan 13, 2013, at 5:18 PM, Jeff Anderson-Lee <[hidden email]> wrote:
>>>>
>>>>> The "disable Java" CERT blog post seems to be getting a lot of media
>>>>> attention, even though it has not yet been escalated to a CERT Advisory.
>>>>> Anyone care to comment?
>>>>>
>>>>> Jeff Anderson-Lee
>>>>> Systems Manager, ERSO/EECS
>>>>>
>>>>>
>>>>> -------------------------------------------------------------------------
>>>>> The following was automatically added to this message by the list server:
>>>>>
>>>>> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>>>>>
>>>>> http://micronet.berkeley.edu
>>>>>
>>>>> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>>>>
>>>> ___
>>>> Ian Crew
>>>> Platform and Services Manager, Research Hub
>>>> http://hub.berkeley.edu
>>>>
>>>> Content Management Technologies
>>>> IST-Architecture, Middleware and Common Applications
>>>> Earl Warren Hall, Second Floor
>>>> University of California, Berkeley
>>>>
>>>>
>>>> -------------------------------------------------------------------------
>>>> The following was automatically added to this message by the list server:
>>>>
>>>> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>>>>
>>>> http://micronet.berkeley.edu
>>>>
>>>> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>>>
>>>
>>>
>>> -------------------------------------------------------------------------
>>> The following was automatically added to this message by the list server:
>>>
>>> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>>>
>>>
>>> http://micronet.berkeley.edu
>>>
>>>
>>> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>>>
>>
>>
>> -------------------------------------------------------------------------
>> The following was automatically added to this message by the list server:
>>
>> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>>
>> http://micronet.berkeley.edu
>>
>> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



--
Noah Bacon
Application Support Center
University of California, Berkeley
Ph: (510) 664-4610

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.