[2351] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, January 10, 2011
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Jan 10 13:03:17 2011
From: Monique Yeaton <myeaton@mit.edu>
To: "ist-security-fyi@mit.edu" <ist-security-fyi@mit.edu>
Date: Mon, 10 Jan 2011 13:02:26 -0500
Message-ID: <C950B3E2.F754%myeaton@exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Cc: "itss@mit.edu" <itss@mit.edu>
Content-Type: multipart/mixed; boundary="===============1902717343=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============1902717343==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_C950B3E2F754myeatonexchangemitedu_"
--_000_C950B3E2F754myeatonexchangemitedu_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. January 2011 Microsoft Security Updates
2. Apple Security Updates
3. Want a Job in Information Security?
4. Browser History and Cache
-------------------------------------------------------
1. January 2011 Microsoft Security Updates
-------------------------------------------------------
This month's security update to be released on Tuesday, January 11, contain=
s just two patches, addressing three vulnerabilities in all supported versi=
ons of Windows.
The update will NOT address a publicly known vulnerability in Internet Expl=
orer (announced in late December) or the Windows Graphics Rendering Engine =
flaw, disclosed earlier this month. Both flaws are reportedly used in targe=
ted attacks and users should look at the mitigation steps outlined in the a=
dvisories.
Read the full January security bulletin:
<http://www.microsoft.com/technet/security/bulletin/ms11-jan.mspx>
The IE vulnerability:
<http://www.scmagazineus.com/microsoft-confirms-ie-flaw-not-yet-being-explo=
ited/article/193310/>
The Graphics Engine vulnerability:
<http://www.scmagazineus.com/microsoft-advises-of-zero-day-flaw-in-its-grap=
hics-engine/article/193682/>
---------------------------------
2. Apple Security Updates
---------------------------------
Apple has released a major update for its Mac operating system. Mac OS X 10=
.6.6 offers improvements in stability, compatibility and security, includin=
g a fix for the man-in-the-middle attack that could force an application to=
quit or possibly allow the execution of arbitrary code. The update also co=
incides with the launch of the Mac App Store, which the updated operating s=
ystem supports. The update can be downloaded through Software Update prefer=
ences or from the Apple Downloads webpage <http://www.apple.com/support/dow=
nloads/>.
------------------------------------------------
3. Want a Job in Information Security?
------------------------------------------------
Now's your opportunity. According to a recent article in the Washington Pos=
t, the federal government will be hiring IT security professionals by the b=
usload in 2011 and beyond. The article states that the Department of Homela=
nd Security worked with the Office of Personnel Management to "attain new a=
uthority to recruit and hire up to 1,000 cyber-security professionals acros=
s the department over the next three years to help fulfill DHS's broad miss=
ion to protect the nation's cyberinfrastructure, systems and networks."
If you are interested in these jobs, keep an eye on the USA Jobs website <h=
ttp://usajobs.opm.gov> for openings.
Read the full article: <http://www.washingtonpost.com/wp-dyn/content/articl=
e/2010/12/29/AR2010122904362.html>
SANS for Security Training:
<http://www.sans.org/security-training.php>
--------------------------------------
4. Browser History and Cache
--------------------------------------
As more and more information moves from paper- to electronic-format, it is =
important to make sure that when you access sensitive information you do no=
t leave behind an electronic paper-trail. This is especially important on s=
hared and public computers or mobile devices because of their accessibility=
to others. IS&T offers some recommendations for your browser settings, inc=
luding removing browser history and clearing the cache.
Read the full article: <http://ist.mit.edu/news/securedata>
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
To read all current and archived articles online, visit the Security-FYI Bl=
og at <http://securityfyi.wordpress.com/>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_C950B3E2F754myeatonexchangemitedu_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html><head></head><body style=3D"word-wrap: break-word; -webkit-nbsp-mode:=
space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-si=
ze: 14px; font-family: Calibri, sans-serif; "><div><div><div><br></div><div=
><span class=3D"Apple-style-span" style=3D"font-family: Helvetica; "><div s=
tyle=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break=
: after-white-space; "><span class=3D"Apple-style-span" style=3D"border-col=
lapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-ver=
tical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size:=
14px; font-style: normal; font-variant: normal; font-weight: normal; lette=
r-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect:=
none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: no=
ne; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; -webkit-bord=
er-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rg=
b(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; fo=
nt-variant: normal; font-weight: normal; letter-spacing: normal; line-heigh=
t: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -web=
kit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: =
normal; widows: 2; word-spacing: 0px; "><span class=3D"Apple-style-span" st=
yle=3D"border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -=
webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helv=
etica; font-size: 14px; font-style: normal; font-variant: normal; font-weig=
ht: normal; letter-spacing: normal; line-height: normal; -webkit-text-decor=
ations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; t=
ext-transform: none; orphans: 2; white-space: normal; widows: 2; word-spaci=
ng: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separ=
ate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacin=
g: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-=
style: normal; font-variant: normal; font-weight: normal; letter-spacing: n=
ormal; line-height: normal; -webkit-text-decorations-in-effect: none; text-=
indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans:=
2; white-space: normal; widows: 2; word-spacing: 0px; "><span class=3D"App=
le-style-span" style=3D"border-collapse: separate; -webkit-border-horizonta=
l-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); =
font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: =
normal; font-weight: normal; letter-spacing: normal; line-height: normal; -=
webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-siz=
e-adjust: auto; text-transform: none; orphans: 2; white-space: normal; wido=
ws: 2; word-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"borde=
r-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-borde=
r-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-=
size: 12px; font-style: normal; font-variant: normal; font-weight: normal; =
letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-ef=
fect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transfor=
m: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><=
span class=3D"Apple-style-span" style=3D"border-collapse: separate; -webkit=
-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; colo=
r: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: norma=
l; font-variant: normal; font-weight: normal; letter-spacing: normal; line-=
height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px;=
-webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-sp=
ace: normal; widows: 2; word-spacing: 0px; "><div style=3D"font-size: 12px;=
"><p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min=
-height: 17.0px">In this issue:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">1. Jan=
uary 2011 Microsoft Security Updates</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">2. App=
le Security Updates</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">3. Wan=
t a Job in Information Security?</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">4. Bro=
wser History and Cache</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
-------------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">1. Jan=
uary 2011 Microsoft Security Updates</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
-------------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">This m=
onth's security update to be released on Tuesday, January 11, contains just=
two patches, addressing three vulnerabilities in all supported versions of=
Windows.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">The up=
date will NOT address a publicly known vulnerability in Internet Explorer (=
announced in late December) or the Windows Graphics Rendering Engine flaw, =
disclosed earlier this month. Both flaws are reportedly used in targeted at=
tacks and users should look at the mitigation steps outlined in the advisor=
ies.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Read t=
he full January security bulletin: </p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica"><ht=
tp://www.microsoft.com/technet/security/bulletin/ms11-jan.mspx></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">The IE=
vulnerability:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica"><ht=
tp://www.scmagazineus.com/microsoft-confirms-ie-flaw-not-yet-being-exploite=
d/article/193310/></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">The Gr=
aphics Engine vulnerability:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica"><ht=
tp://www.scmagazineus.com/microsoft-advises-of-zero-day-flaw-in-its-graphic=
s-engine/article/193682/></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
---------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">2. App=
le Security Updates</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
---------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Apple =
has released a major update for its Mac operating system. Mac OS X 10.6.6 o=
ffers improvements in stability, compatibility and security, including a fi=
x for the man-in-the-middle attack that could force an application to quit =
or possibly allow the execution of arbitrary code. The update also coincide=
s with the launch of the Mac App Store, which the updated operating system =
supports. The update can be downloaded through Software Update preferences =
or from the Apple Downloads webpage <http://www.apple.com/support/downlo=
ads/>.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">3. Wan=
t a Job in Information Security?</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Now's =
your opportunity. According to a recent article in the Washington Post, the=
federal government will be hiring IT security professionals by the busload=
in 2011 and beyond. The article states that the Department of Homeland Sec=
urity worked with the Office of Personnel Management to "attain new authori=
ty to recruit and hire up to 1,000 cyber-security professionals across the =
department over the next three years to help fulfill DHS's broad mission to=
protect the nation's cyberinfrastructure, systems and networks."</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">If you=
are interested in these jobs, keep an eye on the USA Jobs website <http=
://usajobs.opm.gov> for openings. </p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Read t=
he full article: <http://www.washingtonpost.com/wp-dyn/content/article/2=
010/12/29/AR2010122904362.html></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">SANS f=
or Security Training:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica"><ht=
tp://www.sans.org/security-training.php></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
--------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">4. Bro=
wser History and Cache</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
--------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">As mor=
e and more information moves from paper- to electronic-format, it is import=
ant to make sure that when you access sensitive information you do not leav=
e behind an electronic paper-trail. This is especially important on shared =
and public computers or mobile devices because of their accessibility to ot=
hers. IS&T offers some recommendations for your browser settings, inclu=
ding removing browser history and clearing the cache. </p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Read t=
he full article: <http://ist.mit.edu/news/securedata></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">To read al=
l current and archived articles online, visit the Security-FYI Blog at <=
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"text-decoratio=
n: underline ; color: #3369b5">http://securityfyi.wordpress.com/</span></a>=
></p><div><br></div><div><br></div><div><br></div></div><div style=3D"fo=
nt-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px;=
"><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=
=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-styl=
e-span" style=3D"font-size: 12px; ">Monique Yeaton</span></span></span></sp=
an></div><div style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-=
size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; ">=
<span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D=
"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-s=
pan" style=3D"font-size: 12px; ">IT Security Awareness Consultant</span></s=
pan></span></span></span></span></div><div style=3D"font-size: 12px; "><spa=
n class=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"App=
le-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span"=
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font=
-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "=
><span class=3D"Apple-style-span" style=3D"font-size: 12px; ">MIT Informati=
on Services & Technology (IS&T)</span></span></span></span></span><=
/span></div><div style=3D"font-size: 12px; "><span class=3D"Apple-style-spa=
n" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"fo=
nt-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px;=
"><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=
=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-styl=
e-span" style=3D"font-size: 12px; ">(617) 253-2715</span></span></span></sp=
an></span></span></div><div style=3D"font-size: 12px; "><span class=3D"Appl=
e-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-=
size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; ">=
<span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D=
"Apple-style-span" style=3D"font-size: 12px; ">http://ist.mit.edu/security<=
/span></span></span></span></span></span></div><div style=3D"font-size: 12p=
x; "><br class=3D"khtml-block-placeholder"></div><br class=3D"Apple-interch=
ange-newline"></span></span></span></span></span></span></span></div></span=
></div></div></div></body></html>
--_000_C950B3E2F754myeatonexchangemitedu_--
--===============1902717343==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1902717343==--
