[2266] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, May 3, 2010
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon May 3 14:22:58 2010
Message-Id: <9271DC7C-DD48-441A-B922-0207A2429F7E@mit.edu>
From: Monique Yeaton <myeaton@mit.edu>
To: ist-security-fyi@mit.edu
Mime-Version: 1.0 (Apple Message framework v936)
Date: Mon, 3 May 2010 14:22:03 -0400
Cc: itss@mit.edu
Content-Type: multipart/mixed; boundary="===============1257782290=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============1257782290==
Content-Type: multipart/alternative; boundary=Apple-Mail-126-398463760
--Apple-Mail-126-398463760
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
In this issue:
1. Microsoft Security Update Re-Released
2. MIT's Response to Data Protection Law
3. Tip of the Week: Risky Cyber Cafe Computers
-----------------------------------------------------
1. Microsoft Security Update Re-Released
-----------------------------------------------------
Microsoft has released a new version of MS10-025, the security update
that was ineffective in protecting computers from a remote code
execution flaw in Windows 2000 computers running Windows Media Services.
The original version of the fix, released on Tuesday, April 13, was
pulled last week; the updated version was released on Tuesday, April
27. The flaw is rated critical, but affects only Windows 2000 users
running
Windows Media Services.
The full news story is here: <http://www.pcworld.com/businesscenter/article/195072/microsoft_rereleases_botched_windows_2000_update.html
>
The Microsoft security bulletin: <http://www.microsoft.com/technet/security/bulletin/ms10-025.mspx
>
[Source: SANS.org]
-----------------------------------------------------
2. MIT's Response to Data Protection Law
-----------------------------------------------------
With the new regulations for protecting the personal information of
residents of Massachusetts (201 CMR 17) going into effect on March 1,
2010, MIT has taken steps to ensure administrative, technical and
physical safeguards are being implemented on campus. As a first step,
MIT published a Written Information Security Program (WISP).
Starting this month and going forward, the IS&T Department, the Audit
Division and the Office of General Council are working together to
develop campus-wide communications, will continue meeting with areas
where handling personal information is a business requirement, and is
offering tools and technologies to comply with the security standards
as outlined in 201 CMR 17.
One of the technologies mentioned in the standards is full disk
encryption for laptops and portable devices containing personal
information (currently mobile devices such as smart phones are not
included). IS&T has now made PGP Desktop 10 available for Macintosh
and Windows computers with limited support -- see the Available
Software page <http://ist.mit.edu/services/software/available-software>.
Stay tuned for further information as the program moves forward. A
brief review of current developments has been posted to the IS&T news
page this morning <http://ist.mit.edu/news/wisp> and resources have
been added to the Protecting Sensitive Information website <http://web.mit.edu/infoprotect/index.html
>.
If you have any questions, please address them to infoprotect@mit.edu.
--------------------------------------------------------------
3. Tip of the Week: Risky Cyber Cafe Computers
--------------------------------------------------------------
Cyber cafes offer a convenient way to use a networked computer when
you are away from home or office. But be careful. It's impossible for
an ordinary user to tell what the state of their security might be.
Since anyone can use the computers for anything, they have probably
been exposed to viruses, worms, Trojans, keyloggers, and other nasty
malware. Should you use them at all? They're okay for casual web
browsing, but they pose a risk for connecting to your email, which may
contain personal information; to any secure system, like the network
or server at your office, bank or credit union; or for shopping online.
If you do need to check or write email from a public computer, or
check your bank account balance, know you are taking a risk and change
your password immediately afterwards (from your private computer!) to
protect yourself from shoulder surfers (people looking over your
shoulder at your screen), keystroke loggers and other ways cyber
criminals can steal your log-in information.
=
=
=
========================================================================
Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB
>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--Apple-Mail-126-398463760
Content-Type: text/html;
charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">In =
this issue:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">1. =
Microsoft Security Update Re-Released</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; ">2. MIT's Response to Data =
Protection Law</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">3. Tip of the Week: Risky Cyber Cafe =
Computers</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; =
">-----------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">1. =
Microsoft Security Update Re-Released</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">-----------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Microsoft has released a new version =
of MS10-025, the security update that was ineffective in protecting =
computers from a remote code execution flaw in Windows 2000 computers =
running Windows Media Services. </div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">The original version of the fix, released on =
Tuesday, April 13, was pulled last week; the updated version was =
released on Tuesday, April 27. The flaw is rated critical, but affects =
only Windows 2000 users running</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Windows Media Services.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">The full news story is here: <<a =
href=3D"http://www.pcworld.com/businesscenter/article/195072/microsoft_rer=
eleases_botched_windows_2000_update.html">http://www.pcworld.com/businessc=
enter/article/195072/microsoft_rereleases_botched_windows_2000_update.html=
</a>></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">The Microsoft security =
bulletin: <<a =
href=3D"http://www.microsoft.com/technet/security/bulletin/ms10-025.mspx">=
http://www.microsoft.com/technet/security/bulletin/ms10-025.mspx</a>></=
div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">[Source: SANS.org]</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">-----------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">2. =
MIT's Response to Data Protection Law</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">-----------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">With the new regulations for =
protecting the personal information of residents of Massachusetts (201 =
CMR 17) going into effect on March 1, 2010, MIT has taken steps to =
ensure administrative, technical and physical safeguards are being =
implemented on campus. As a first step, MIT published a Written =
Information Security Program (WISP).</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Starting this month and going forward, the IS&T Department, the =
Audit Division and the Office of General Council are working together to =
develop campus-wide communications, will continue meeting with areas =
where handling personal information is a business requirement, and is =
offering tools and technologies to comply with the security standards as =
outlined in 201 CMR 17. </div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">One of the technologies mentioned in the standards is full disk =
encryption for laptops and portable devices containing personal =
information (currently mobile devices such as smart phones are not =
included). IS&T has now made PGP Desktop 10 available for Macintosh =
and Windows computers with limited support -- see the Available Software =
page <<a =
href=3D"http://ist.mit.edu/services/software/available-software">http://is=
t.mit.edu/services/software/available-software</a>>.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Stay tuned for further =
information as the program moves forward. A brief review of current =
developments has been posted to the IS&T news page this morning =
<<a =
href=3D"http://ist.mit.edu/news/wisp">http://ist.mit.edu/news/wisp</a>>=
and resources have been added to the Protecting Sensitive Information =
website <<a =
href=3D"http://web.mit.edu/infoprotect/index.html">http://web.mit.edu/info=
protect/index.html</a>>.</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">If =
you have any questions, please address them to <a =
href=3D"mailto:infoprotect@mit.edu">infoprotect@mit.edu</a>.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">--------------------------------------------------------------</div><div=
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">3. =
Tip of the Week: Risky Cyber Cafe Computers</div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">--------------------------------------------------------------</div><div=
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Cyber cafes offer a convenient way to =
use a networked computer when you are away from home or office. But be =
careful. It's impossible for an ordinary user to tell what the state of =
their security might be. Since anyone can use the computers for =
anything, they have probably been exposed to viruses, worms, Trojans, =
keyloggers, and other nasty malware. Should you use them at all? They're =
okay for casual web browsing, but they pose a risk for connecting to =
your email, which may contain personal information; to any secure =
system, like the network or server at your office, bank or credit union; =
or for shopping online.</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">If you =
do need to check or write email from a public computer, or check your =
bank account balance, know you are taking a risk and change your =
password immediately afterwards (from your private computer!) to protect =
yourself from shoulder surfers (people looking over your shoulder at =
your screen), keystroke loggers and other ways cyber criminals can steal =
your log-in information.</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Find current and older issues =
of Security FYI Newsletter: <<a =
href=3D"http://kb.mit.edu/confluence/x/ehBB"><span =
style=3D"text-decoration: underline ; color: =
#2151aa">http://kb.mit.edu/confluence/x/ehBB</span></a>></div><div><fon=
t class=3D"Apple-style-span" face=3D"Arial"><br></font></div><div =
apple-content-edited=3D"true"><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: medium; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; =
white-space: normal; widows: 2; word-spacing: 0px; =
-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: =
0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><div><div><span class=3D"Apple-style-span" =
style=3D"font-size: medium;"><br></span><div>Monique Yeaton</div><div>IT =
Security Awareness Consultant</div><div>MIT Information Services & =
Technology (IS&T)</div><div>(617) 253-2715</div><div><a =
href=3D"http://ist.mit.edu/security">http://ist.mit.edu/security</a></div>=
<div><br></div><br></div></div><br></div></span><br =
class=3D"Apple-interchange-newline"></div></span><br =
class=3D"Apple-interchange-newline"> </div><br></body></html>=
--Apple-Mail-126-398463760--
--===============1257782290==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1257782290==--
