[10219] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, April 1, 2014
daemon@ATHENA.MIT.EDU (Monique Buchanan)
Tue Apr 1 12:19:01 2014
Resent-From: ist-security-fyi@MIT.EDU
From: Monique Buchanan <myeaton@MIT.EDU>
To: ist-security-fyi <ist-security-fyi@MIT.EDU>
Date: Tue, 1 Apr 2014 16:17:31 +0000
Message-ID: <AF0E50BD-4681-4BA5-AF39-69E003A314A8@mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============2003594790=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============2003594790==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_AF0E50BD46814BA5AF3969E003A314A8mitedu_"
--_000_AF0E50BD46814BA5AF3969E003A314A8mitedu_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Join MIT=92s Security SIG
2. Microsoft Releases Security Advisory on Word Vulnerability
3. Event: Laptop Tagging and Registration, 4/2/14
4. Reminder: Windows XP Support Ends
-----------------------------------
1. Join MIT=92s Security SIG
-----------------------------------
* Are you responsible for managing the security of servers and/or deskt=
op computers?
* Are you a supervisor for anyone responsible for managing servers and/=
or desktop computers?
* Do you train, communicate with, or provide technical assistance to us=
ers about security issues, software, and settings?
* Are you simply interested in keeping computers and data safe?
If you answered yes to any of these questions, Security SIG (Special Intere=
st Group) may be for you.
Security SIG is a voluntary group of MIT faculty, staff and students dedica=
ted to the free exchange of IT Security information, resources, ideas and t=
ools via on-going discussions through email.
Find out how to join here<http://kb.mit.edu/confluence/x/6VAYCQ>.
---------------------------------------------------------------------------=
-------
2. Microsoft Releases Security Advisory on Word Vulnerability
---------------------------------------------------------------------------=
-------
Microsoft is notifying its customers via a Security Advisory<http://technet=
.microsoft.com/security/advisory/2953095> about a vulnerability in Microsof=
t Word that could allow remote code execution. The vulnerability is affecti=
ng all supported versions of Microsoft Word, although limited, targeted att=
acks are currently directed at Word 2010.
Read the full Microsoft Security Advisory here<http://technet.microsoft.com=
/security/advisory/2953095>.
Read the story in the news<http://arstechnica.com/security/2014/03/zero-day=
-vulnerability-in-microsoft-word-under-active-attack/>.
-------------------------------------------------------------------
3. Event: Laptop Tagging and Registration, 4/2/14
-------------------------------------------------------------------
This Wednesday, there is an opportunity to register and tag your laptop.
Where: Lobby of Building 10
When: Wed., April 2, 11:00 am - 12:30 pm
Cost: $10 cash (no cards) or MIT Cash Object
Just as you might register a bike with the police, you can also register yo=
ur laptop. Information Systems & Technology partners with MIT Police to pro=
vide STOP (Security Tracking of Office Property) tags for laptops. The tag =
is affixed to the device, has a unique number, and is registered with a wor=
ld-wide database.
Sgt. Cheryl Vossmer of the MIT Police says that although a STOP tag is not =
software that can track a device via GPS or other means, it has been very e=
ffective at providing a way for lost or stolen laptops to be returned to th=
eir rightful owners.
Read laptop recovery stories here<https://www.stoptheft.com/>.
Learn more about laptop registration at MIT<http://kb.mit.edu/confluence/di=
splay/istcontrib/MIT+Police+Laptop+Tagging+and+Registration>.
-------------------------------------------------------
4. Reminder: Windows XP Support Ends
-------------------------------------------------------
Just another reminder that after April 8, 2014, a week from today, Microsof=
t will no longer supply security patches for machines running Windows XP.
IS&T recommends that users of Windows XP upgrade to Windows 7 or 8.
Read the details here<http://kb.mit.edu/confluence/pages/viewpage.action?pa=
geId=3D152585503>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Read all archived Security FYI Newsletter articles and submit comments onli=
ne at http://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Monique Buchanan
IT Security Communications Consultant
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715
"Distrust and caution are the parents of security" - Benjamin Franklin
--_000_AF0E50BD46814BA5AF3969E003A314A8mitedu_
Content-Type: text/html; charset="Windows-1252"
Content-ID: <0E8DF74232421B44B54BFD78C7C30C5E@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space;">
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;">In th=
is issue:</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">1. Join MIT=92s Securit=
y SIG</div>
<div style=3D"margin: 0px; font-family: Helvetica;">2. Microsoft Releases S=
ecurity Advisory on Word Vulnerability</div>
<div style=3D"margin: 0px; font-family: Helvetica;">3. Event: Laptop Taggin=
g and Registration, 4/2/14</div>
<div style=3D"margin: 0px; font-family: Helvetica;">4. Reminder: Windows XP=
Support Ends<span class=3D"Apple-tab-span" style=3D"white-space:pre">
</span></div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
------------</div>
<div style=3D"margin: 0px; font-family: Helvetica;">1. Join MIT=92s Securit=
y SIG</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
------------</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<ul>
<li style=3D"margin: 0px; font-family: Helvetica;">Are you responsible for =
managing the security of servers and/or desktop computers?
</li><li style=3D"margin: 0px; font-family: Helvetica;">Are you a superviso=
r for anyone responsible for managing servers and/or desktop computers?
</li><li style=3D"margin: 0px; font-family: Helvetica;">Do you train, commu=
nicate with, or provide technical assistance to users about security issues=
, software, and settings?
</li><li style=3D"margin: 0px; font-family: Helvetica;">Are you simply inte=
rested in keeping computers and data safe?
</li></ul>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">If you answered yes to =
any of these questions, Security SIG (Special Interest Group) may be for yo=
u.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Security SIG is a volun=
tary group of MIT faculty, staff and students dedicated to the free exchang=
e of IT Security information, resources, ideas and tools via on-going discu=
ssions through email. </div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"http://kb.mi=
t.edu/confluence/x/6VAYCQ">Find out how to join here</a>.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
-----------------------------------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica;">2. Microsoft Releases S=
ecurity Advisory on Word Vulnerability</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
-----------------------------------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Microsoft is notifying =
its customers via a
<a href=3D"http://technet.microsoft.com/security/advisory/2953095">Security=
Advisory</a> about a vulnerability in Microsoft Word that could allow remo=
te code execution. The vulnerability is affecting all supported versions of=
Microsoft Word, although limited,
targeted attacks are currently directed at Word 2010.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"http://techn=
et.microsoft.com/security/advisory/2953095">Read the full Microsoft Securit=
y Advisory here</a>.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"http://arste=
chnica.com/security/2014/03/zero-day-vulnerability-in-microsoft-word-under-=
active-attack/">Read the story in the news</a>.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
--------------------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica;">3. Event: Laptop Taggin=
g and Registration, 4/2/14</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
--------------------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">This Wednesday, there i=
s an opportunity to register and tag your laptop.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Where: <b>Lobby of Buil=
ding 10</b></div>
<div style=3D"margin: 0px; font-family: Helvetica;">When: <b>Wed., April 2,=
11:00 am - 12:30 pm</b></div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Cost: $10 cash (no card=
s) or MIT Cash Object</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Just as you might regis=
ter a bike with the police, you can also register your laptop. Information =
Systems & Technology partners with MIT Police to provide STOP (Security=
Tracking of Office Property) tags for
laptops. The tag is affixed to the device, has a unique number, and is reg=
istered with a world-wide database.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Sgt. Cheryl Vossmer of =
the MIT Police says that although a STOP tag is not software that can track=
a device via GPS or other means, it has been very effective at providing a=
way for lost or stolen laptops to
be returned to their rightful owners.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; color: rgb(71, 135, 255)=
;"><span style=3D"color: #000000">Read
<a href=3D"https://www.stoptheft.com/">laptop recovery stories here</a>.</s=
pan></div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; color: rgb(71, 135, 255)=
;"><span style=3D"text-decoration: underline"><a href=3D"http://kb.mit.edu/=
confluence/display/istcontrib/MIT+Police+Laptop+Tagging+and=
+Registration">Learn more about laptop registration at
MIT</a></span><span style=3D"color: #000000">.</span></div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
--------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica;">4. Reminder: Windows XP=
Support Ends<span class=3D"Apple-tab-span" style=3D"white-space:pre">
</span></div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
--------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Just another reminder t=
hat after April 8, 2014,
<span style=3D"text-decoration: underline">a week from today</span>, Micros=
oft will no longer supply security patches for machines running Windows XP.=
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">IS&T recommends tha=
t users of Windows XP upgrade to Windows 7 or 8.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"http://kb.mi=
t.edu/confluence/pages/viewpage.action?pageId=3D152585503">Read the details=
here</a>.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div apple-content-edited=3D"true">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<div style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Read all archived Secur=
ity FYI Newsletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"color: rgb(4, =
46, 238);">http://securityfyi.wordpress.com/</span></a>.</div>
<div style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
Monique Buchanan<br>
IT Security Communications Consultant<br>
Information Systems & Technology (IS&T)<br>
Massachusetts Institute of Technology<br>
<a href=3D"http://ist.mit.edu/secure">http://ist.mit.edu/secure</a><br>
tel: 617.253.2715<br>
<br>
<span style=3D"font-family: Helvetica;">"Distrust and caution are the =
parents of security" - Benjamin Franklin</span></div>
</div>
</div>
<br>
</body>
</html>
--_000_AF0E50BD46814BA5AF3969E003A314A8mitedu_--
--===============2003594790==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============2003594790==--
