[10213] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, February 10, 2014
daemon@ATHENA.MIT.EDU (Monique Buchanan)
Mon Feb 10 11:45:48 2014
Resent-From: ist-security-fyi@MIT.EDU
From: Monique Buchanan <myeaton@MIT.EDU>
To: ist-security-fyi <ist-security-fyi@MIT.EDU>
Date: Mon, 10 Feb 2014 16:40:28 +0000
Message-ID: <37492407-B225-488C-BB32-2AC90144C7CC@mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0632352358=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============0632352358==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_37492407B225488CBB322AC90144C7CCmitedu_"
--_000_37492407B225488CBB322AC90144C7CCmitedu_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. February 2014 Security Updates from Microsoft
2. OUCH! Newsletter: What is Malware?
3. Risks of International Travel
4. For Fun: Information Security Problem
-------------------------------------------------------------------
1. February 2014 Security Updates from Microsoft
-------------------------------------------------------------------
On Tuesday, February 11, Microsoft is releasing five new security bulletins=
<http://technet.microsoft.com/en-us/security/bulletin/ms14-feb>. Two of the=
bulletins are critical. Microsoft systems that will be affected:
* Windows (all current operating systems and servers)
* Forefront Protection 2010 for Exchange
* Microsoft .NET Framework
It is recommended to accept the updates. MIT WAUS subscribers will receive =
the updates after they have been tested for compatibility within the MIT co=
mputing environment. Installing the bulletins manually may require a restar=
t.
On February 11, Microsoft is also planning to release the update for deprec=
ation of MD5 hashing algorithm for the Microsoft root certificate program. =
The announcement was made last August <http://technet.microsoft.com/en-us/s=
ecurity/advisory/2862973> to give customers six months to take the necessar=
y actions in their environments.
The action on February 11 will officially restrict the use of digital certi=
ficates with MD5 hashes<http://threatpost.com/microsoft-starts-countdown-on=
-eliminating-md5/101994>. The change applies only to certificates used for =
server authentication, code signing and time stamping. Microsoft said it wo=
uld not block other uses of MD5 and would allow signed binaries from before=
March 2009. The general recommendation is that customers move to a stronge=
r encryption algorithm such as SHA2 or better.
------------------------------------------------------
2. OUCH! Newsletter: What is Malware?
------------------------------------------------------
This month=92s issue of OUCH!, the monthly security awareness newsletter fo=
r computer users from SANS, explains what malware is, who is developing it =
and why and how to protect yourself against it.
You can download or view a copy online here:
http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201402_en.pdf
-----------------------------------------
3. Risks of International Travel
-----------------------------------------
Two weeks ago the International Coordinating Committee (ICC) at MIT hosted =
a presentation on international travel resources. Members of IS&T were ther=
e as co-presenters and addressed concerns regarding safe computing, mobile =
devices and data protection while traveling.
The event was well-attended but if you weren=92t able to be there, the slid=
es can be viewed online<http://osp.mit.edu/grant-and-contract-administratio=
n/international-activities/international-coordinating-committee> via the Of=
fice of Sponsored Programs website. A lot of the information presented by I=
S&T can also be found within this Knowledge Base article<http://kb.mit.edu/=
confluence/x/ODIYCQ>.
In addition, SANS shares a security awareness video each month, and this mo=
nth it is on International Travel. The video explains the risks with intern=
ational travel and how you can protect yourself and your data. It will be a=
vailable at the link below until the end of February.
SANS: Monthly Awareness Video.<http://www.securingthehuman.org/resources/nc=
sam>
-------------------------------------------------------
4. For Fun: Information Security Problem<http://www.glasbergen.com/wp-conte=
nt/gallery/technology-cartoons/toon567.gif>
-------------------------------------------------------
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Read all archived Security FYI Newsletter articles and submit comments onli=
ne at http://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Monique Buchanan
IT Security Communications Consultant
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715
"Distrust and caution are the parents of security" - Benjamin Franklin
--_000_37492407B225488CBB322AC90144C7CCmitedu_
Content-Type: text/html; charset="Windows-1252"
Content-ID: <F8D47080F9A0304095A312CDA76AA6EE@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space;">
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;">In th=
is issue:</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">1. February 2014 Securi=
ty Updates from Microsoft</div>
<div style=3D"margin: 0px; font-family: Helvetica;">2. OUCH! Newsletter: Wh=
at is Malware?</div>
<div style=3D"margin: 0px; font-family: Helvetica;">3. Risks of Internation=
al Travel</div>
<div style=3D"margin: 0px; font-family: Helvetica;">4. For Fun: Information=
Security Problem</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
--------------------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica;">1. February 2014 Securi=
ty Updates from Microsoft</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
--------------------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">On Tuesday, February 11=
, Microsoft is releasing
<a href=3D"http://technet.microsoft.com/en-us/security/bulletin/ms14-feb">f=
ive new security bulletins</a>. Two of the bulletins are critical. Microsof=
t systems that will be affected:</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<ul>
<li style=3D"margin: 0px; font-family: Helvetica;">Windows (all current ope=
rating systems and servers)
</li><li style=3D"margin: 0px; font-family: Helvetica;">Forefront Protectio=
n 2010 for Exchange
</li><li style=3D"margin: 0px; font-family: Helvetica;">Microsoft .NET Fram=
ework </li></ul>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;">It is=
recommended to accept the updates. MIT WAUS subscribers will receive the u=
pdates after they have been tested for compatibility within the MIT computi=
ng environment. Installing the bulletins
manually may require a restart.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">On February 11, Microso=
ft is also planning to release the update for deprecation of MD5 hashing al=
gorithm for the Microsoft root certificate program. The
<a href=3D"http://technet.microsoft.com/en-us/security/advisory/2862973">an=
nouncement was made last August
</a>to give customers six months to take the necessary actions in their env=
ironments. </div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">The action on February =
11 will officially
<a href=3D"http://threatpost.com/microsoft-starts-countdown-on-eliminating-=
md5/101994">
restrict the use of digital certificates with MD5 hashes</a>. The change ap=
plies only to certificates used for server authentication, code signing and=
time stamping. Microsoft said it would not block other uses of MD5 and wou=
ld allow signed binaries from before
March 2009. The general recommendation is that customers move to a stronge=
r encryption algorithm such as SHA2 or better.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
-------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica;">2. OUCH! Newsletter: Wh=
at is Malware?</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
-------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">This month=92s issue of=
OUCH!, the monthly security awareness newsletter for computer users from S=
ANS, explains what malware is, who is developing it and why and how to prot=
ect yourself against it.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">You can download or vie=
w a copy online here:</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"http://www.s=
ecuringthehuman.org/newsletters/ouch/issues/OUCH-201402_en.pdf">http://www.=
securingthehuman.org/newsletters/ouch/issues/OUCH-201402_en.pdf</a></div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica;">3. Risks of Internation=
al Travel</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Two weeks ago the Inter=
national Coordinating Committee (ICC) at MIT hosted a presentation on inter=
national travel resources. Members of IS&T were there as co-presenters =
and addressed concerns regarding safe
computing, mobile devices and data protection while traveling. </div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">The event was well-atte=
nded but if you weren=92t able to be there,
<a href=3D"http://osp.mit.edu/grant-and-contract-administration/internation=
al-activities/international-coordinating-committee">
the slides can be viewed online</a> via the Office of Sponsored Programs we=
bsite. A lot of the information presented by IS&T can also be found wit=
hin
<a href=3D"http://kb.mit.edu/confluence/x/ODIYCQ">this Knowledge Base artic=
le</a>.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">In addition, SANS share=
s a security awareness video each month, and this month it is on Internatio=
nal Travel. The video explains the risks with international travel and how =
you can protect yourself and your
data. It will be available at the link below until the end of February.</d=
iv>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"http://www.s=
ecuringthehuman.org/resources/ncsam">SANS: Monthly Awareness Video.</a></di=
v>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
--------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica;">4. For Fun: <a href=3D"=
http://www.glasbergen.com/wp-content/gallery/technology-cartoons/toon567.gi=
f">
Information Security Problem</a> </div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
--------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Read all archived Secur=
ity FYI Newsletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"color: rgb(4, =
46, 238);">http://securityfyi.wordpress.com/</span></a>.</div>
<div style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div apple-content-edited=3D"true">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
Monique Buchanan<br>
IT Security Communications Consultant<br>
Information Systems & Technology (IS&T)<br>
Massachusetts Institute of Technology<br>
<a href=3D"http://ist.mit.edu/secure">http://ist.mit.edu/secure</a><br>
tel: 617.253.2715<br>
<br>
<span style=3D"font-family: Helvetica;">"Distrust and caution are the =
parents of security" - Benjamin Franklin</span></div>
</div>
</div>
<br>
</body>
</html>
--_000_37492407B225488CBB322AC90144C7CCmitedu_--
--===============0632352358==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0632352358==--
