[10215] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, March 4, 2014
daemon@ATHENA.MIT.EDU (Monique Buchanan)
Tue Mar 4 09:42:10 2014
Resent-From: ist-security-fyi@MIT.EDU
From: Monique Buchanan <myeaton@MIT.EDU>
To: ist-security-fyi <ist-security-fyi@MIT.EDU>
Date: Tue, 4 Mar 2014 14:40:11 +0000
Message-ID: <467FAE99-7680-41EA-BA52-D7F670BDB880@mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0727910698=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============0727910698==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_467FAE99768041EABA52D7F670BDB880mitedu_"
--_000_467FAE99768041EABA52D7F670BDB880mitedu_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Event: Laptop Tagging and Registration, 3/5/14
2. Google Safety Center
3. Apple Update for OS X
-------------------------------------------------------------------
1. Event: Laptop Tagging and Registration, 3/5/14
-------------------------------------------------------------------
This Wednesday, there is an opportunity to register and tag your laptop.
Where: Lobby of Building 10
When: Wed., March 5, 11:00 am - 12:30 pm
Cost: $10 cash (no cards) or MIT Cash Object
Just as you might register a bike with the police, you can also register yo=
ur laptop. Information Systems & Technology partners with MIT Police to pro=
vide STOP (Security Tracking of Office Property) tags for laptops. The tag =
is affixed to the device, has a unique number, and is registered with a wor=
ld-wide database.
Sgt. Cheryl Vossmer of the MIT Police says that although a STOP tag is not =
software that can track a device via GPS or other means, it has been very e=
ffective at providing a way for lost or stolen laptops to be returned to th=
eir rightful owners.
Read laptop recovery stories here<https://www.stoptheft.com/>.
Learn more about laptop registration at MIT<http://kb.mit.edu/confluence/di=
splay/istcontrib/MIT+Police+Laptop+Tagging+and+Registration>.
---------------------------------
2. Google Safety Center
---------------------------------
Whether for work, school or personal use, you may be using Google=92s produ=
cts in one form or another, including an Android device, Gmail, Chrome, Goo=
gle Docs or other applications. Google is committed to keeping the web safe=
for everyone and understands that it is a shared responsibility. They have=
put together a website to help you learn what you can do to protect yourse=
lf and your family online.
Topics include securing your password, managing your Google account, checki=
ng settings, and more to help you to stay secure and private when online<ht=
tp://www.google.com/safetycenter/everyone/start/>. They also show ways to k=
eep the bad guys out<http://www.google.com/safetycenter/everyone/cybercrime=
/> of your stuff.
There is a wealth of information included in the Google Safety Center<http:=
//www.google.com/safetycenter/>, so it=92s well worth while checking out.
-----------------------------------
3. Apple Update for OS X
-----------------------------------
Last week Apple issued an update for OS X Mavericks (Security Update 2014-0=
01<http://support.apple.com/kb/DL1726>) that addresses a critical SSL flaw.=
The same issue was fixed earlier in iOS. Users are urged to update their s=
ystems as soon as possible as exploit code has already been released. The n=
ewest version of OS X is now 10.9.2.
The update fixes 32 additional issues, including six in the QuickTime media=
player and four that could be exploited to circumvent the application sand=
box.
The company issued security updates for OS X Lion 10.7.5, OS X Mountain Lio=
n 10.8.5, and OS X Lion Server 10.7.5, although none of them are reportedly=
vulnerable to the SSL flaw. Apple and IS&T at MIT are no longer supporting=
Snow Leopard (OS X 10.6).
Apple issued updates for Safari, bringing the browser's latest versions to =
6.1.2 and 7.0.2. According to Apple, the patch addresses "multiple memory c=
orruption issues" in the WebKit software on which Safari is based, and whic=
h an attacker could exploit by tricking a user into visiting a malicious we=
bsite.
A full listing of the recent security updates can be found at support.apple=
.com<http://support.apple.com/kb/HT1222>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Read all archived Security FYI Newsletter articles and submit comments onli=
ne at http://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Monique Buchanan
IT Security Communications Consultant
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715
"Distrust and caution are the parents of security" - Benjamin Franklin
--_000_467FAE99768041EABA52D7F670BDB880mitedu_
Content-Type: text/html; charset="Windows-1252"
Content-ID: <E162D4A5F2547243A9ABD5E18725C1C1@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space;">
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;">In th=
is issue:</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">1. Event: Laptop Taggin=
g and Registration, 3/5/14</div>
<div style=3D"margin: 0px; font-family: Helvetica;">2. Google Safety Center=
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">3. Apple Update for OS =
X </div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
--------------------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica;">1. Event: Laptop Taggin=
g and Registration, 3/5/14</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
--------------------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">This Wednesday, there i=
s an opportunity to register and tag your laptop.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Where: <b>Lobby of Buil=
ding 10</b></div>
<div style=3D"margin: 0px; font-family: Helvetica;">When: <b>Wed., March 5,=
11:00 am - 12:30 pm</b></div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Cost: $10 cash (no card=
s) or MIT Cash Object</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Just as you might regis=
ter a bike with the police, you can also register your laptop. Information =
Systems & Technology partners with MIT Police to provide STOP (Security=
Tracking of Office Property) tags for
laptops. The tag is affixed to the device, has a unique number, and is reg=
istered with a world-wide database.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Sgt. Cheryl Vossmer of =
the MIT Police says that although a STOP tag is not software that can track=
a device via GPS or other means, it has been very effective at providing a=
way for lost or stolen laptops to
be returned to their rightful owners.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; color: rgb(71, 135, 255)=
;"><span style=3D"color: #000000">Read
<a href=3D"https://www.stoptheft.com/">laptop recovery stories here</a>.</s=
pan></div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; color: rgb(71, 135, 255)=
;"><span style=3D"text-decoration: underline"><a href=3D"http://kb.mit.edu/=
confluence/display/istcontrib/MIT+Police+Laptop+Tagging+and=
+Registration">Learn more about laptop registration at
MIT</a></span><span style=3D"color: #000000">.</span></div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
----------</div>
<div style=3D"margin: 0px; font-family: Helvetica;">2. Google Safety Center=
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
----------</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Whether for work, schoo=
l or personal use, you may be using Google=92s products in one form or anot=
her, including an Android device, Gmail, Chrome, Google Docs or other appli=
cations. Google is committed to keeping
the web safe for everyone and understands that it is a shared responsibili=
ty. They have put together a website to help you learn what you can do to p=
rotect yourself and your family online.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Topics include securing=
your password, managing your Google account, checking settings, and more t=
o help you to
<a href=3D"http://www.google.com/safetycenter/everyone/start/">stay secure =
and private when online</a>. They also show
<a href=3D"http://www.google.com/safetycenter/everyone/cybercrime/">ways to=
keep the bad guys out</a> of your stuff.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">There is a wealth of in=
formation included in the
<a href=3D"http://www.google.com/safetycenter/">Google Safety Center</a>, s=
o it=92s well worth while checking out.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
------------</div>
<div style=3D"margin: 0px; font-family: Helvetica;">3. Apple Update for OS =
X </div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
------------</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Last week Apple issued =
an update for OS X Mavericks (<a href=3D"http://support.apple.com/kb/DL1726=
">Security Update 2014-001</a>) that addresses a critical SSL flaw. The sam=
e issue was fixed earlier in iOS. Users
are urged to update their systems as soon as possible as exploit code has =
already been released. The newest version of OS X is now 10.9.2. </div=
>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">The update fixes 32 add=
itional issues, including six in the QuickTime media player and four that c=
ould be exploited to circumvent the application sandbox. </div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">The company issued secu=
rity updates for OS X Lion 10.7.5, OS X Mountain Lion 10.8.5, and OS X Lion=
Server 10.7.5, although none of them are reportedly vulnerable to the SSL =
flaw. Apple and IS&T at MIT are no
longer supporting Snow Leopard (OS X 10.6).</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Apple issued updates fo=
r Safari, bringing the browser's latest versions to 6.1.2 and 7.0.2. Accord=
ing to Apple, the patch addresses "multiple memory corruption issues&q=
uot; in the WebKit software on which Safari
is based, and which an attacker could exploit by tricking a user into visi=
ting a malicious website.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">A full listing of the r=
ecent security updates can be found at
<a href=3D"http://support.apple.com/kb/HT1222">support.apple.com</a>. =
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Read all archived Secur=
ity FYI Newsletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"color: rgb(4, =
46, 238);">http://securityfyi.wordpress.com/</span></a>.</div>
<div style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</div>
<div><br>
</div>
<div apple-content-edited=3D"true">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<br>
Monique Buchanan<br>
IT Security Communications Consultant<br>
Information Systems & Technology (IS&T)<br>
Massachusetts Institute of Technology<br>
<a href=3D"http://ist.mit.edu/secure">http://ist.mit.edu/secure</a><br>
tel: 617.253.2715<br>
<br>
<br>
</div>
</div>
</div>
<span style=3D"font-family: Helvetica;">"Distrust and caution are the =
parents of security" - Benjamin Franklin</span>
</body>
</html>
--_000_467FAE99768041EABA52D7F670BDB880mitedu_--
--===============0727910698==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0727910698==--
