[10233] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, July 22, 2014
daemon@ATHENA.MIT.EDU (Monique Buchanan)
Tue Jul 22 07:24:59 2014
Resent-From: ist-security-fyi@mit.edu
From: Monique Buchanan <myeaton@mit.edu>
To: ist-security-fyi <ist-security-fyi@mit.edu>
Date: Tue, 22 Jul 2014 11:23:34 +0000
Message-ID: <C9DB7F37-62BA-4F97-9DF9-5EE68A347248@mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0386013889=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============0386013889==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_C9DB7F3762BA4F979DF95EE68A347248mitedu_"
--_000_C9DB7F3762BA4F979DF95EE68A347248mitedu_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Personal Certificates Renewal Time
2. A Year After Sophos Was Released to MIT
3. Oracle Critical Patch Updates for July
4. The Toughest Job in the Business World?
---------------------------------------------------
1. Personal Certificates Renewal Time
---------------------------------------------------
Every year at MIT personal web certificates<http://ist.mit.edu/certificates=
> expire on July 31. Renewal is not automatic, so for continued access to M=
IT=92s secure web applications, such as Atlas, WebSIS, COEUS Lite, and ePay=
stubs, be sure to renew your certificate<https://ca.mit.edu/ca/>.
When you obtain your personal certificate, if you haven=92t changed your pa=
ssword for over a year, you will be prompted to do so as an additional secu=
rity measure. You may want to review password strength requirements<http://=
kb.mit.edu/confluence/x/3wNt> before choosing a new one.
Certificates obtained after June 30, 2014 are valid until July 31, 2015.
------------------------------------------------------------
2. A Year After Sophos Was Released to MIT
------------------------------------------------------------
There are over 14,000 MIT computers currently running Sophos Anti-Virus<htt=
p://ist.mit.edu/news/sophos_antivirus>. Users include those in the WIN doma=
in and self-administered MIT hosts. If you aren=92t familiar with Sophos, w=
hen installed, the software runs in the background, with little to no inter=
ruption to your work. When Sophos finds an infected file, the software aler=
ts you and locks the file. You can delete the file, using the Sophos Quaran=
tine Manager. Because the client communicates to the Sophos Management Cons=
ole (administered by IS&T), various useful pieces of information, such as t=
he status and health of the Sophos client on a machine is provided to the c=
onsole<http://kb.mit.edu/confluence/x/XAQYCQ>.
------------------------------------------------------
3. Oracle Critical Patch Updates for July
------------------------------------------------------
This month=92s Oracle Patch Update<http://www.oracle.com/technetwork/topics=
/security/cpujul2014-1972956.html> provides 113 new security fixes across a=
wide range of product families including: Oracle Database, Oracle Fusion M=
iddleware, Oracle Hyperion, Oracle Enterprise Manager Grid Control, Oracle =
E-Business Suite, Oracle PeopleSoft Enterprise, Oracle Siebel CRM, Oracle I=
ndustry Applications, Oracle Java SE, Oracle Linux and Virtualization, Orac=
le MySQL, and Oracle and Sun Systems Products Suite.
As a reminder, Critical Patch Update fixes are intended to address signific=
ant security vulnerabilities in Oracle products and also include code fixes=
that are prerequisites for the security fixes. As a result, Oracle recomme=
nds that this Critical Patch Update be applied as soon as possible by custo=
mers using the affected products.
-----------------------------------------------------------
4. The Toughest Job in the Business World?
-----------------------------------------------------------
A recent NY Times article reports on the profession of the chief informatio=
n security officer (CISO). This profession, which didn=92t exist only a few=
generations ago, is not considered to be for the fainthearted. As the arti=
cle describes, they must stay one step ahead of the criminal masterminds an=
d keep close tabs on leaky vendors and reckless employees. In addition to p=
utting out virtual fires and protecting data, they must also be skilled at =
communications and be experts in sophisticated technology.
Read the story in full at the NY Times<http://www.nytimes.com/2014/07/21/bu=
siness/a-tough-corporate-job-asks-one-question-can-you-hack-it.html>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Read all archived Security FYI Newsletter articles and submit comments onli=
ne at http://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Monique Buchanan
IT Security Communications Coordinator
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715
--_000_C9DB7F3762BA4F979DF95EE68A347248mitedu_
Content-Type: text/html; charset="Windows-1252"
Content-ID: <E49080CD2BD646449D05F1CA85BDF3D6@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space;">
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">In this issue:</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">1. Personal Certificates Re=
newal Time</div>
<div style=3D"margin: 0px; font-family: Arial;">2. A Year After Sophos Was =
Released to MIT</div>
<div style=3D"margin: 0px; font-family: Arial;">3. Oracle Critical Patch Up=
dates for July</div>
<div style=3D"margin: 0px; font-family: Arial;">4. The Toughest Job in the =
Business World?</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
------------------------</div>
<div style=3D"margin: 0px; font-family: Arial;">1. Personal Certificates Re=
newal Time</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
------------------------</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Every year at <a href=3D"ht=
tp://ist.mit.edu/certificates">
MIT personal web certificates</a> expire on July 31. Renewal is not automat=
ic, so for continued access to MIT=92s secure web applications, such as Atl=
as, WebSIS, COEUS Lite, and ePaystubs, be sure to
<a href=3D"https://ca.mit.edu/ca/">renew your certificate</a>. </div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">When you obtain your person=
al certificate, if you haven=92t changed your password for over a year, you=
will be prompted to do so as an additional security measure. You may want =
to
<a href=3D"http://kb.mit.edu/confluence/x/3wNt">review password strength re=
quirements</a> before choosing a new one. </div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Certificates obtained after=
June 30, 2014 are valid until July 31, 2015.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
---------------------------------</div>
<div style=3D"margin: 0px; font-family: Arial;">2. A Year After Sophos Was =
Released to MIT</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
---------------------------------</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">There are over 14,000 MIT c=
omputers currently running
<a href=3D"http://ist.mit.edu/news/sophos_antivirus">Sophos Anti-Virus</a>.=
Users include those in the WIN domain and self-administered MIT hosts. If =
you aren=92t familiar with Sophos, when installed, the software runs in the=
background, with little to no interruption
to your work. When Sophos finds an infected file, the software alerts you =
and locks the file. You can delete the file, using the Sophos Quarantine Ma=
nager. Because the client communicates to the Sophos Management Console (ad=
ministered by IS&T), various useful
pieces of information, such as the status and health of the Sophos client =
on a machine is
<a href=3D"http://kb.mit.edu/confluence/x/XAQYCQ">provided to the console</=
a>. </div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
---------------------------</div>
<div style=3D"margin: 0px; font-family: Arial;">3. Oracle Critical Patch Up=
dates for July</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
---------------------------</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">This month=92s <a href=3D"h=
ttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html">
Oracle Patch Update</a> provides 113 new security fixes across a wide range=
of product families including: Oracle Database, Oracle Fusion Middleware, =
Oracle Hyperion, Oracle Enterprise Manager Grid Control, Oracle E-Business =
Suite, Oracle PeopleSoft Enterprise,
Oracle Siebel CRM, Oracle Industry Applications, Oracle Java SE, Oracle Li=
nux and Virtualization, Oracle MySQL, and Oracle and Sun Systems Products S=
uite. </div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">As a reminder, Critical Pat=
ch Update fixes are intended to address significant security vulnerabilitie=
s in Oracle products and also include code fixes that are prerequisites for=
the security fixes. As a result,
Oracle recommends that this Critical Patch Update be applied as soon as po=
ssible by customers using the affected products.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
--------------------------------</div>
<div style=3D"margin: 0px; font-family: Arial;">4. The Toughest Job in the =
Business World?</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
--------------------------------</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">A recent NY Times article r=
eports on the profession of the chief information security officer (CISO). =
This profession, which didn=92t exist only a few generations ago, is not co=
nsidered to be for the fainthearted.
As the article describes, they must stay one step ahead of the criminal ma=
sterminds and keep close tabs on leaky vendors and reckless employees. In a=
ddition to putting out virtual fires and protecting data, they must also be=
skilled at communications and be
experts in sophisticated technology.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;"><a href=3D"http://www.nytim=
es.com/2014/07/21/business/a-tough-corporate-job-asks-one-question-can-you-=
hack-it.html">Read the story in full at the NY Times</a>.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Read all archived Secur=
ity FYI Newsletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"color: rgb(4, =
46, 238);">http://securityfyi.wordpress.com/</span></a>.</div>
<div style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</div>
<div><br>
</div>
<div apple-content-edited=3D"true">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<br>
Monique Buchanan<br>
IT Security Communications Coordinator<br>
Information Systems & Technology (IS&T)<br>
Massachusetts Institute of Technology<br>
<a href=3D"http://ist.mit.edu/secure">http://ist.mit.edu/secure</a><br>
tel: 617.253.2715<br>
<br>
<br>
</div>
</div>
</div>
</div>
<br>
</body>
</html>
--_000_C9DB7F3762BA4F979DF95EE68A347248mitedu_--
--===============0386013889==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0386013889==--
