[2330] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, September 20, 2010
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Sep 20 15:05:49 2010
From: Monique Yeaton <myeaton@MIT.EDU>
Date: Mon, 20 Sep 2010 15:04:52 -0400
Message-Id: <E0784E38-DB99-46DC-A178-A390519480C8@mit.edu>
To: ist-security-fyi@MIT.EDU
Mime-Version: 1.0 (Apple Message framework v1081)
Cc: itss@MIT.EDU
Content-Type: multipart/mixed; boundary="===============0993242034=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============0993242034==
Content-Type: multipart/alternative; boundary=Apple-Mail-54--387869409
--Apple-Mail-54--387869409
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
In this issue:
1. Patch Issued for QuickTime for Windows
2. Study Says IT Security Workers Most Gullible
3. Tips on Laptop Security
-------------------------------------------------------
1. Patch Issued for QuickTime for Windows
-------------------------------------------------------
Apple has issued a patch for a critical flaw in QuickTime that could be =
exploited to hijack Microsoft Windows XP, Vista or Windows 7 running =
Internet Explorer with the QuickTime ActiveX control. The company was =
notified of the vulnerability in June through a bug bounty program. The =
update, QuickTime 7.6.8, also addresses the DLL load hijacking bug. =20
The update is for Windows versions of QuickTime only. It can be obtained =
from the Apple website:
<http://www.apple.com/quicktime/download/>
-------------------------------------------------------------
2. Study Says IT Security Workers Most Gullible
-------------------------------------------------------------
A vast portion of a study group were duped into revealing corporate and =
personal secrets after being invited to "friend" a seemingly honest but =
bogus profile on a popular social networking site. Out of the 2000 =
randomly selected people, 86 percent identified themselves as working in =
the IT industry and 31 percent of those said they worked in some =
capacity in IT security.
BitDefender, the vendor who ran the study believes this study should =
serve as a wake-up call to IT security professionals, because it =
demonstrates that those responsible for safeguarding enterprise data =
networks are the most likely to divulge sensitive personal and key =
corporate information to a stranger through a social networking site.
Read the full story:
=
<http://www.esecurityplanet.com/features/article.php/3901431/IT-Security-W=
orkers-Are-Most-Gullible-of-All-Study.htm>
----------------------------------
3. Tips on Laptop Security
----------------------------------
This week students, faculty and staff can obtain STOP (Security Tracking =
of Office Property) tags for their laptops. When you purchase a tag, it =
is glued to your laptop and MIT Police take down your contact =
information and computer's information for the STOP data base.
Next scheduled session: Wednesday, September 22 from 11:30 to 1:00 in =
Lobby 10. Bring your laptop and $10 cash or your department's cost =
object to purchase.
A STOP tag is a visible theft deterrent that is difficult to remove. If =
removed, it leaves behind a tattoo stating the item is stolen property. =
A recovered laptop with a tag can be traced back to its owner through =
the registration information. For more info on STOP tags see: =
www.stoptheft.com.
After the recent flurry of laptop thefts from dorms on campus earlier =
this semester, the one laptop stolen that had a STOP tag was retrieved =
by local police, and although damaged, the hard drive was still intact =
so the owner was able to get back all his data.
Other suggestions for protecting your laptop:
When traveling with your laptop, don't leave it in a car or leave it =
behind for "just a sec", no matter where you are
Pay attention in airports, especially when going through security
Use a cable or lock to attach the laptop to a desk or other immovable =
object
More information about loss prevention can be found online at: =
<http://ist.mit.edu/security/loss>.=20
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
Find current and older issues of Security FYI Newsletter in Hermes at =
<http://kb.mit.edu/confluence/x/ehBB> or by visiting the Security FYI =
Blog at <http://securityfyi.wordpress.com/>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--Apple-Mail-54--387869409
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">In this issue:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">1. Patch Issued for QuickTime for =
Windows</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">2. Study Says IT Security Workers Most =
Gullible</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">3. Tips on Laptop Security</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">-------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">1. =
Patch Issued for QuickTime for Windows</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">-------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Apple has issued a patch for a =
critical flaw in QuickTime that could be exploited to hijack Microsoft =
Windows XP, Vista or Windows 7 running Internet Explorer with the =
QuickTime ActiveX control. The company was notified of the =
vulnerability in June through a bug bounty program. The update, =
QuickTime 7.6.8, also addresses the DLL load hijacking bug. =
</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">The update is for Windows =
versions of QuickTime only. It can be obtained from the Apple =
website:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; "><<a =
href=3D"http://www.apple.com/quicktime/download/">http://www.apple.com/qui=
cktime/download/</a>></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; =
">-------------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">2. =
Study Says IT Security Workers Most Gullible</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">-------------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">A vast portion of a study group were =
duped into revealing corporate and personal secrets after being invited =
to "friend" a seemingly honest but bogus profile on a popular social =
networking site. Out of the 2000 randomly selected people, 86 percent =
identified themselves as working in the IT industry and 31 percent of =
those said they worked in some capacity in IT security.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">BitDefender, the vendor who ran the =
study believes this study should serve as a wake-up call to IT security =
professionals, because it demonstrates that those responsible for =
safeguarding enterprise data networks are the most likely to divulge =
sensitive personal and key corporate information to a stranger through a =
social networking site.</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Read =
the full story:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; "><<a =
href=3D"http://www.esecurityplanet.com/features/article.php/3901431/IT-Sec=
urity-Workers-Are-Most-Gullible-of-All-Study.htm">http://www.esecurityplan=
et.com/features/article.php/3901431/IT-Security-Workers-Are-Most-Gullible-=
of-All-Study.htm</a>></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; =
">----------------------------------</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">3. Tips on Laptop Security</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">----------------------------------</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">This =
week students, faculty and staff can obtain STOP (Security Tracking of =
Office Property) tags for their laptops. When you purchase a tag, it is =
glued to your laptop and MIT Police take down your contact information =
and computer's information for the STOP data base.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Next scheduled session: Wednesday, =
September 22 from 11:30 to 1:00 in Lobby 10. Bring your laptop and $10 =
cash or your department's cost object to purchase.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">A STOP tag is a visible theft =
deterrent that is difficult to remove. If removed, it leaves behind a =
tattoo stating the item is stolen property. A recovered laptop =
with a tag can be traced back to its owner through the registration =
information. For more info on STOP tags see: <a =
href=3D"http://www.stoptheft.com">www.stoptheft.com</a>.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">After the recent flurry of laptop =
thefts from dorms on campus earlier this semester, the one laptop stolen =
that had a STOP tag was retrieved by local police, and although damaged, =
the hard drive was still intact so the owner was able to get back all =
his data.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Other suggestions for =
protecting your laptop:</div>
<ul style=3D"list-style-type: disc">
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">When =
traveling with your laptop, don't leave it in a car or leave it behind =
for "just a sec", no matter where you are</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Pay =
attention in airports, especially when going through security</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Use a =
cable or lock to attach the laptop to a desk or other immovable =
object</li>
</ul><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">More information about loss =
prevention can be found online at: <<a =
href=3D"http://ist.mit.edu/security/loss">http://ist.mit.edu/security/loss=
</a>>. </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; =
">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Find current and older issues =
of Security FYI Newsletter in Hermes at <<a =
href=3D"http://kb.mit.edu/confluence/x/ehBB"><span =
style=3D"text-decoration: underline ; color: =
#2f69b5">http://kb.mit.edu/confluence/x/ehBB</span></a>> or by =
visiting the Security FYI Blog at <<a =
href=3D"http://securityfyi.wordpress.com/">http://securityfyi.wordpress.co=
m/</a>></div><div><br></div><br><div><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: medium; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; =
white-space: normal; widows: 2; word-spacing: 0px; =
-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: =
0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><div><div><font class=3D"Apple-style-span" =
face=3D"'Lucida Grande'"><span class=3D"Apple-style-span" =
style=3D"font-size: medium;"><br></span></font><div>Monique =
Yeaton</div><div>IT Security Awareness Consultant</div><div>MIT =
Information Services & Technology (IS&T)</div><div>(617) =
253-2715</div><div><a =
href=3D"http://ist.mit.edu/security">http://ist.mit.edu/security</a></div>=
<div><br></div><br></div></div><br></div></span><br =
class=3D"Apple-interchange-newline"></span><br =
class=3D"Apple-interchange-newline">
</div>
<br></body></html>=
--Apple-Mail-54--387869409--
--===============0993242034==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0993242034==--
