The protection of information resources at McNeese State University is a high priority. The Information Security website is designed to educate the university community about technology policies and information security best practices, and equip students, faculty and staff with the tools needed to protect the information resources of the University, it's members and connected networks. McNeese State University is committed to implementing policies and encouraging best practices that do not impose on the University's established culture of openness, trust, and integrity.
Please read the Policies, Guidelines, and Laws Relating to Information Security.
McNeese will NEVER ask for account information via email. Messages about quotas, upgrades or maintenance are likely Phishing attempts. Read about Compromised Credentials.
Critical Bourne Again SHell (BASH) Vulnerability Allows for Remote Code Execution
CIS ADVISORY NUMBER: 2014-080
A recent vulnerability has been discovered affecting the Bourne Again SHell (BASH). BASH is the default command-line shell processor that is often run in a text window on Linux and UNIX systems. BASH allows users to type commands that cause actions. In addition, BASH has the ability to read commands from a scripted file. Based on the wide use of Linux and UNIX systems, it can be assumed that most distributions running Linux and UNIX, as well Mac OS X, are likely vulnerable.
Successful exploitation could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Multiple Vulnerabilities in Adobe Flash Player and Adobe AIR
CIS ADVISORY NUMBER: 2014-074
Multiple vulnerabilities have been discovered in Adobe Flash Player and Adobe AIR. Adobe Flash Player is a widely distributed multimedia and application player used to enhance the user experience when visiting web pages or reading email messages. Adobe AIR is a cross platform runtime used for developing Internet applications that run outside of a browser.
Successful exploitation could result in an attacker compromising data security, potentially allowing access to confidential data, or could compromise processing resources in a user's computer. Failed exploit attempts will likely cause denial-of-service conditions.
Multiple Vulnerabilities in Mozilla Products
CIS ADVISORY NUMBER: 2014-062
Multiple vulnerabilities have been identified in Mozilla Firefox and Thunderbird which could allow for remote code execution. Mozilla Firefox is a web browser used to access the Internet and Mozilla Thunderbird is an email client. Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user, or gaining session authentication credentials. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.
There are currently no reports of these vulnerabilities being exploited in the wild.
- Mozilla Firefox versions prior to 31
- Mozilla Firefox Extended Support Release (ESR) version prior to 24.7
- Mozilla Thunderbird versions prior to 31
- Large and medium government entities: High
- Small government entities: High
- Large and medium business entities: High
- Small business entities: High