[2308] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, July 12, 2010
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Jul 12 11:10:20 2010
From: Monique Yeaton <myeaton@mit.edu>
Date: Mon, 12 Jul 2010 11:07:15 -0400
Message-Id: <6CD9720B-FAA8-4F57-B423-E1FCBC4C83CF@mit.edu>
To: ist-security-fyi@mit.edu
Mime-Version: 1.0 (Apple Message framework v1081)
Cc: itss@mit.edu
Content-Type: multipart/mixed; boundary="===============0053505765=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============0053505765==
Content-Type: multipart/alternative; boundary=Apple-Mail-73--7674869
--Apple-Mail-73--7674869
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
=20
In this issue:
1. Microsoft Security Updates for July 2010
2. US Falls Behind on CyberSecurity
3. Event: SANS Boston 2010
4. Tip of the Week: Protection from Identity Theft
------------------------------------------------------
1. Microsoft Security Updates for July 2010
------------------------------------------------------
On Tuesday, July 13, 2010, Microsoft will issue four security bulletins =
to address a total of five vulnerabilities. Three of the bulletins have =
been rated critical; one has been rated important.
Systems affected:
Windows XP, Windows 7
Windows Server 2003, and 2008 R2
Microsoft Office XP, 2003 and 2007 (Mac OS X versions not affected)
All bulletins address remote code execution vulnerabilities. Among the =
flaws that will be addressed in this security update is a recently =
disclosed vulnerability in the Windows XP Help and Support Center.
Read the full bulletin:
<http://www.microsoft.com/technet/security/bulletin/ms10-jul.mspx>
----------------------------------------------
2. US Falls Behind on CyberSecurity
----------------------------------------------
According to a report released last week by the Government =
Accountability Office (GAO), the White House Office of Science and =
Technology Policy (OSTP) has so far failed to live up to its =
responsibility to coordinate a national cybersecurity research and =
development (R&D) agenda and risks falling behind other countries in =
cybersecurity matters.
Although the OSTP has taken steps toward developing such an agenda, the =
GAO notes the existing documents are either outdated or lack sufficient =
detail. There have been numerous calls for more centralized oversight =
and coordination of the R&D efforts over the years.
In response to the GAO report, the OSTP insisted it already has a =
five-year plan for cybersecurity research which is available online and =
will soon be updated (it is dated 2006). More plans will also be =
released in the days ahead, according to the OSTP.
Read the full story: =
<http://www.computerworld.com/s/article/9178959/GAO_slams_White_House_for_=
failing_to_lead_on_cybersecurity>
The GAO report: <http://www.gao.gov/new.items/d10466.pdf>
------------------------------------
3. Event: SANS Boston 2010
------------------------------------
SANS will be in Boston with audit, management and security training. =
Among the 11 courses are Hacker Techniques, Exploits and Incident =
Handling; Auditing Networks, Perimeters and Systems; Securing Windows; =
Computer Forensic Essentials; and Metasploit Kung Fu for Enterprise Pen =
Testing.
Where: Hyatt Regency Boston
When: August 2 - 9, 2010
See the details: <http://www.sans.org/boston-2010/>
--------------------------------------------------------------
4. Tip of the Week: Protection from Identity Theft
--------------------------------------------------------------
Have you ever had your wallet stolen or heard stories from friends or =
family members who went through this ordeal? Did you know that within =
days the thieves can order expensive monthly cell phone packages, apply =
for a VISA credit card using your ID, have a credit line approved to buy =
a computer, get a PIN number from DMV to change the victim's driving =
record information online, and more?=20
So what to do if this happens to you:
Cancel your credit cards immediately. Keep the toll free numbers and =
your card numbers handy in a secure place so you know whom to call.
File a police report immediately. This proves to credit providers you =
were diligent, a first step toward an investigation.
Call the three national credit reporting organizations immediately to =
place a fraud alert on your name and Social Security number. The alert =
means any company that checks your credit has to contact you to =
authorize new credit.
Other tips and resources for protecting personal information can be =
found here:
<http://web.mit.edu/infoprotect/personalinfo.html>
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
Find current and older issues of Security FYI Newsletter: =
<http://kb.mit.edu/confluence/x/ehBB>
--Apple-Mail-73--7674869
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><p =
style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; =
min-height: 16.0px"> <br class=3D"webkit-block-placeholder"></p><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">In =
this issue:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">1. Microsoft Security Updates =
for July 2010</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">2. US Falls Behind on CyberSecurity</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">3. =
Event: SANS Boston 2010</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">4. Tip of the Week: Protection from =
Identity Theft</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; =
">------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">1. =
Microsoft Security Updates for July 2010</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">On Tuesday, July 13, 2010, Microsoft =
will issue four security bulletins to address a total of five =
vulnerabilities. Three of the bulletins have been rated critical; =
one has been rated important.</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">Systems affected:</div>
<ul style=3D"list-style-type: disc">
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Arial">Windows XP, Windows 7</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Arial">Windows Server 2003, and 2008 R2</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Arial">Microsoft Office XP, 2003 and 2007 (Mac OS X versions not =
affected)</li>
</ul><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">All bulletins address remote code =
execution vulnerabilities. Among the flaws that will be addressed in =
this security update is a recently disclosed vulnerability in the =
Windows XP Help and Support Center.</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Read =
the full bulletin:</div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; "><<a =
href=3D"http://www.microsoft.com/technet/security/bulletin/ms10-jul.mspx">=
http://www.microsoft.com/technet/security/bulletin/ms10-jul.mspx</a>></=
div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">----------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">2. US =
Falls Behind on CyberSecurity</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; =
">----------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">According to a report released last =
week by the Government Accountability Office (GAO), the White House =
Office of Science and Technology Policy (OSTP) has so far failed to live =
up to its responsibility to coordinate a national cybersecurity research =
and development (R&D) agenda and risks falling behind other =
countries in cybersecurity matters.</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">Although the OSTP has taken steps toward developing such an agenda, =
the GAO notes the existing documents are either outdated or lack =
sufficient detail. There have been numerous calls for more centralized =
oversight and coordination of the R&D efforts over the =
years.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">In response to the GAO report, =
the OSTP insisted it already has a five-year plan for cybersecurity =
research which is available online and will soon be updated (it is dated =
2006). More plans will also be released in the days ahead, according to =
the OSTP.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Read the full story: <<a =
href=3D"http://www.computerworld.com/s/article/9178959/GAO_slams_White_Hou=
se_for_failing_to_lead_on_cybersecurity">http://www.computerworld.com/s/ar=
ticle/9178959/GAO_slams_White_House_for_failing_to_lead_on_cybersecurity</=
a>></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; color: rgb(19, 79, 174); "><span =
style=3D"color: #000000">The GAO report: <</span><span =
style=3D"text-decoration: underline"><a =
href=3D"http://www.gao.gov/new.items/d10466.pdf">http://www.gao.gov/new.it=
ems/d10466.pdf</a></span><span style=3D"color: =
#000000">></span></div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">3. =
Event: SANS Boston 2010</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; =
">------------------------------------</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">SANS will be in Boston with audit, management and =
security training. Among the 11 courses are Hacker Techniques, Exploits =
and Incident Handling; Auditing Networks, Perimeters and Systems; =
Securing Windows; Computer Forensic Essentials; and Metasploit Kung Fu =
for Enterprise Pen Testing.</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Where: =
Hyatt Regency Boston</div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">When: August 2 - 9, 2010</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">See the details: <<a =
href=3D"http://www.sans.org/boston-2010/">http://www.sans.org/boston-2010/=
</a>></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; =
">--------------------------------------------------------------</div><div=
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">4. Tip =
of the Week: Protection from Identity Theft</div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">--------------------------------------------------------------</div><div=
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><b></b><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Have you ever had your wallet stolen =
or heard stories from friends or family members who went through this =
ordeal? Did you know that within days the thieves can order expensive =
monthly cell phone packages, apply for a VISA credit card using your ID, =
have a credit line approved to buy a computer, get a PIN number from DMV =
to change the victim's driving record information online, and =
more? </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">So what to do if this happens =
to you:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div>
<ol style=3D"list-style-type: decimal">
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Cancel =
your credit cards immediately. Keep the toll free numbers and your card =
numbers handy in a secure place so you know whom to call.</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">File a =
police report immediately. This proves to credit providers you were =
diligent, a first step toward an investigation.</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Call =
the three national credit reporting organizations immediately to place a =
fraud alert on your name and Social Security number. The alert means any =
company that checks your credit has to contact you to authorize new =
credit.</li>
</ol><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; ">Other tips and resources for protecting personal =
information can be found here:</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><<a =
href=3D"http://web.mit.edu/infoprotect/personalinfo.html">http://web.mit.e=
du/infoprotect/personalinfo.html</a>></div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; =
">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Find current and older issues =
of Security FYI Newsletter: <<a =
href=3D"http://kb.mit.edu/confluence/x/ehBB"><span =
style=3D"text-decoration: underline ; color: =
#2f69b5">http://kb.mit.edu/confluence/x/ehBB</span></a>></div><div><br>=
</div></body></html>=
--Apple-Mail-73--7674869--
--===============0053505765==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0053505765==--
