Thanks, everyone for replying.
cheers
alessandra
Alessandra Forti wrote:
> hi,
>
> could you look at this and send an acknowledgement as he asks with cc to
> me so i'm aware of your answers?
>
> ta
>
> cheers
> alessandra
>
> -------- Original Message --------
> Subject: Debian/Ubuntu openssl vulnerability
> Date: Mon, 19 May 2008 20:10:23 +0100
> From: Ma, M (Mingchao) <[log in to unmask]>
> To: <[log in to unmask]>, Duncan Rand <[log in to unmask]>,
> Graeme Stewart <[log in to unmask]>, Peter Gronbech
> <[log in to unmask]>, Grid Ireland
> <[log in to unmask]>, Security - Gridpp
> <[log in to unmask]>
> CC: Coles, J (Jeremy) <[log in to unmask]>, Kelsey, DP (David)
> <[log in to unmask]>, ukiroc Security <[log in to unmask]>
>
> Dear Tier2 Technical Coordinators, GridIreland security contact and Tier1
> security contact,
>
> As required by PMB, all GridPP sites are required to follow up the
> Debian/Ubuntu openssl vulnerability advised via various channels. Details
> see links below:
>
> <http://osct.web.cern.ch/osct/alerts/openssl-16-05-2008.txt>
> http://osct.web.cern.ch/osct/alerts/openssl-16-05-2008.txt
>
> <http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0805&L=tb-support&T=0&F=&S
>
> =&P=1820>
> http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0805&L=tb-support&T=0&F=&S=
>
> &P=1820
>
> In response to the request from GridPP PMB, would you please notify the
> Tier2 sites in your region to carry out following actions:
>
> 1. Please confirm that site is aware of the problem and working on it by
> sending an acknowledgement email to "[log in to unmask]" using subject
> title "Debian/Ubuntu openssl vulnerability - XXX" where XXX is the name of
> the site ASAP?
>
> 2. Please also confirm in above email if site has received the security
> alert (sent by me) on last Wednesday (14 May 2008). If site did not receive
> the alert via the security contact (registered in GOCDB) last Wednesday,
> please say so and provide the security contact detail in above email and
> updated the GOCDB accordingly (should it be out of dated).
>
> 3. Please detail the actions have been taken so far in above email or in
> following emails (if no actions have been taken, but please do send an
> acknowledgement email simply say "We are working on it").
>
> Required actions (as specified in this email -
> <http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0805&L=tb-support&T=0&F=&S
>
> =&P=1820>
> http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0805&L=tb-support&T=0&F=&S=
>
> &P=1820) - Please run the detection tool to audit all SSH keys (users,
> system administrators etc.) in your system; Remove any detected vulnerable
> keys and report any suspect/malicious activates should they be found. And
> any other reasonable actions to mitigate the risk.
>
> 4. The deadline of completion of the audit is Friday 23 May 2008, 13:00.
> All
> reports (what have been done to mitigate the risk and what have been found)
> should be sent to "[log in to unmask]" on or before the deadline with
> the subject title "Debian/Ubuntu openssl vulnerability - XXX" where XXX is
> the name of the site.
>
> Please note, the quality of the response from sites are measured by how
> prompt the initial acknowledgement email is; how sites follow it up and the
> quality of the report. The result will be reported to PMB by David Kelsey.
>
> Side note: Could please Tier2 Coordinators let me know when you notify
> Tier2
> sites in your region so that I can measure their response more precisely?
>
> (BTW: I am out of office until Thursday inclusive so that I will not be
> able
> to check my email at daytime (I can only check emails in the evening when I
> am back home)).
>
> Thank you very much for your help.
>
> Regards,
>
> Mingchao
>
>
>
--
"Well you'll still need a tray"
|