[2270] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, May 17, 2010
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon May 17 12:31:16 2010
Message-Id: <E824DE3F-FF0B-4297-995F-3B6408D310B3@mit.edu>
From: Monique Yeaton <myeaton@MIT.EDU>
To: ist-security-fyi@MIT.EDU
Mime-Version: 1.0 (Apple Message framework v936)
Date: Mon, 17 May 2010 12:30:21 -0400
Cc: itss@MIT.EDU
Content-Type: multipart/mixed; boundary="===============1546619887=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============1546619887==
Content-Type: multipart/alternative; boundary=Apple-Mail-51--546121251
--Apple-Mail-51--546121251
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
In this issue:
1. Security FYI is Becoming a Blog
2. Event: National Information Security Group, May 20
3. Tip of the Week: Protecting USB Drives from Malware
--------------------------------------------
1. Security FYI is Becoming a Blog
--------------------------------------------
For several years the issues of the Security FYI Newsletter have
arrived in our email in-boxes through a Mailman list. To move with the
times of Web 2.0, the writers of the newsletter have now duplicated
the articles online into a blog. For the present time, WordPress is
hosting the content, but the plan by IS&T is to host the blog within
the IS&T website and have it be incorporated with other IS&T news,
hopefully by some time this summer.
I invite you to take a look and offer us feedback so that we can
determine which features the blog should include to enhance its
readership. Naturally, a blog will change the nature of the newsletter
a bit. The online version of Security FYI would allow us to post
videos and images, add articles more frequently, and build an archive
where articles are searchable by category. We envision readers posting
comments, sharing the articles with others, and possibly subscribing
via RSS so they can be notified when a new article is posted.
There is no plan to get rid of the Mailman list in the near future as
we understand some people still prefer to receive news via email.
However, a blog will not necessarily cause the email version of the
newsletter to become obsolete; the idea is just to offer more features
and versatility.
Please visit the blog in its current format and let us know what you
think: <http://securityfyi.wordpress.com/>
--------------------------------------------------------------------
2. Event: National Information Security Group, May 20
--------------------------------------------------------------------
"Over 80% of the vulnerabilities that exist today come from flaws that
reside in the application layer. The only effective way to stop these
threats is to build security into applications." The SANS Institute.
This presentation on the extremely important topic of application
security will focus on common mistakes that are systemic to
organizations as gleaned from over a decade of application and
development process assessments. It will address solutions that lead
to direct cost savings and improvements to quality and compliance
mandates.
Title: Charting the Course for Application Security: Five Costly
Mistakes to Avoid
Date/time: Thursday, May 20, 2010 at 6:30 PM
Location: Microsoft, 201 Jones Road, 6th Floor, Waltham, MA 02451
Cost: Free to the public
Reservations requested: Please send an e-mail to Meetings-Boston@naisg.org
indicating that you plan to attend so that the correct quantity of
pizza can be ordered.
Presentation will include: A) Why is software still insecure and what
are the underlying causes of application security problems? B) What
are the most common critical security mistakes, oversights, and tips
for avoidance? C) And what are the best practices to avoid pitfalls?
More information about the event can be found at National Information
Security Group (NAISG) - Boston, MA Chapter <http://boston.naisg.org/meetings.asp
>
-----------------------------------------------------------------------
3. Tip of the Week: Protecting USB Drives from Malware
-----------------------------------------------------------------------
USB flash drives, those little devices we put our files on when we
need to transport them easily, are prone to infection, especially if
we plug them into computers that are not in our control. We might do
this frequently without thinking about the risk: at our local print
shop, a hotel kiosk, a computer lab, or some other poorly managed
computer system. Many of us don't think about the possibility that a
virus on a computer could spread to one of those memory sticks and in
turn, infect the next computer it comes into contact with.
There is an easy and practical solution to this risk. Buy a USB flash
drive with a write-protect switch and flip in on to write-protect mode
before sticking it into a strange computer. Similar to write
protection on the old floppy disks and zip disks, this protects the
drive from being overwritten and will also protect it from accidental
erasure and deletion. Find these drives by doing a quick search on
Froogle with the term "usb drive with write protect mode" or by going
to your local office supply or computer supply store.
=
=
=
========================================================================
Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB
>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--Apple-Mail-51--546121251
Content-Type: text/html;
charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">In =
this issue:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">1. Security FYI is Becoming a =
Blog</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">2. Event: National Information Security Group, May =
20</div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">3. Tip of the Week: Protecting USB Drives from Malware</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">--------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">1. =
Security FYI is Becoming a Blog</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; =
">--------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">For several years the issues of the =
Security FYI Newsletter have arrived in our email in-boxes through a =
Mailman list. To move with the times of Web 2.0, the writers of the =
newsletter have now duplicated the articles online into a blog. For the =
present time, WordPress is hosting the content, but the plan by IS&T =
is to host the blog within the IS&T website and have it be =
incorporated with other IS&T news, hopefully by some time this =
summer. </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">I invite you to take a look =
and offer us feedback so that we can determine which features the blog =
should include to enhance its readership. Naturally, a blog will change =
the nature of the newsletter a bit. The online version of Security FYI =
would allow us to post videos and images, add articles more frequently, =
and build an archive where articles are searchable by category. We =
envision readers posting comments, sharing the articles with others, and =
possibly subscribing via RSS so they can be notified when a new article =
is posted.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">There is no plan to get rid of =
the Mailman list in the near future as we understand some people still =
prefer to receive news via email. However, a blog will not necessarily =
cause the email version of the newsletter to become obsolete; the idea =
is just to offer more features and versatility. </div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Please visit the blog in its current =
format and let us know what you think: <<a =
href=3D"http://securityfyi.wordpress.com/">http://securityfyi.wordpress.co=
m/</a>></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; =
">--------------------------------------------------------------------</di=
v><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">2. =
Event: National Information Security Group, May 20</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">--------------------------------------------------------------------</di=
v><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">"Over 80% of the vulnerabilities that =
exist today come from flaws that reside in the application layer. The =
only effective way to stop these threats is to build security into =
applications." The SANS Institute.</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">This =
presentation on the extremely important topic of application security =
will focus on common mistakes that are systemic to organizations as =
gleaned from over a decade of application and development process =
assessments. It will address solutions that lead to direct cost savings =
and improvements to quality and compliance mandates. </div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Title: Charting the Course for =
Application Security: Five Costly Mistakes to Avoid</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">Date/time: Thursday, May 20, 2010 at 6:30 PM</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">Location: Microsoft, 201 Jones Road, 6th Floor, Waltham, MA =
02451</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">Cost: Free to the public</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Reservations requested: Please send =
an e-mail to <a href=3D"mailto:Meetings-Boston@naisg.org"><span =
style=3D"text-decoration: underline ; color: =
#2151aa">Meetings-Boston@naisg.org</span></a> indicating that you plan =
to attend so that the correct quantity of pizza can be =
ordered.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Presentation will include: A) =
Why is software still insecure and what are the underlying causes of =
application security problems? B) What are the most common =
critical security mistakes, oversights, and tips for avoidance? C) =
And what are the best practices to avoid pitfalls?</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">More information about the event can =
be found at National Information Security Group (NAISG) - Boston, MA =
Chapter <<a href=3D"http://boston.naisg.org/meetings.asp"><span =
style=3D"text-decoration: underline ; color: =
#2151aa">http://boston.naisg.org/meetings.asp</span></a>></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">-----------------------------------------------------------------------<=
/div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">3. Tip of the Week: Protecting USB Drives from Malware</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">-----------------------------------------------------------------------<=
/div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">USB flash drives, those little =
devices we put our files on when we need to transport them easily, are =
prone to infection, especially if we plug them into computers that are =
not in our control. We might do this frequently without thinking about =
the risk: at our local print shop, a hotel kiosk, a computer lab, or =
some other poorly managed computer system. Many of us don't think about =
the possibility that a virus on a computer could spread to one of those =
memory sticks and in turn, infect the next computer it comes into =
contact with.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">There is an easy and practical =
solution to this risk. Buy a USB flash drive with a write-protect switch =
and flip in on to write-protect mode before sticking it into a strange =
computer. Similar to write protection on the old floppy disks and zip =
disks, this protects the drive from being overwritten and will also =
protect it from accidental erasure and deletion. Find these drives by =
doing a quick search on Froogle with the term "usb drive with write =
protect mode" or by going to your local office supply or computer supply =
store.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Find current and older issues =
of Security FYI Newsletter: <<a =
href=3D"http://kb.mit.edu/confluence/x/ehBB"><span =
style=3D"text-decoration: underline ; color: =
#2151aa">http://kb.mit.edu/confluence/x/ehBB</span></a>></div><div><fon=
t class=3D"Apple-style-span" face=3D"Arial" size=3D"4"><span =
class=3D"Apple-style-span" style=3D"font-size: =
14px;"><br></span></font></div><br><div =
apple-content-edited=3D"true"><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: medium; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; =
white-space: normal; widows: 2; word-spacing: 0px; =
-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: =
0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><div><div><div>Monique Yeaton</div><div>IT Security =
Awareness Consultant</div><div>MIT Information Services & Technology =
(IS&T)</div><div>(617) 253-2715</div><div><a =
href=3D"http://ist.mit.edu/security">http://ist.mit.edu/security</a></div>=
<div><br></div><br></div></div><br></div></span><br =
class=3D"Apple-interchange-newline"></div></span><br =
class=3D"Apple-interchange-newline"> </div><br></body></html>=
--Apple-Mail-51--546121251--
--===============1546619887==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1546619887==--
