[2366] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, February 28, 2011
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Feb 28 16:32:54 2011
From: Monique Yeaton <myeaton@mit.edu>
To: "ist-security-fyi@mit.edu" <ist-security-fyi@mit.edu>
Date: Mon, 28 Feb 2011 16:31:58 -0500
Message-ID: <C9917E7E.11732%myeaton@exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Cc: "itss@mit.edu" <itss@mit.edu>
Content-Type: multipart/mixed; boundary="===============2011100693=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============2011100693==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_C9917E7E11732myeatonexchangemitedu_"
--_000_C9917E7E11732myeatonexchangemitedu_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Microsoft Releases Windows 7 Service Pack 1
2. Tip of the Week: Computers in Public Spaces
-------------------------------------------------------------
1. Microsoft Releases Windows 7 Service Pack 1
-------------------------------------------------------------
Microsoft has released Windows 7 Service Pack 1 (SP1) and, as of February 2=
2, is available for download from Microsoft. It will be released via the Wi=
ndows Update service at an as yet non-specified date.
IS&T strongly recommends Windows users at MIT to WAIT to install the servic=
e pack until it becomes available via the MIT Windows Automatic Update Serv=
ice (WAUS) at <http://ist.mit.edu/services/os/windows/updates>.
If you are not using WAUS, IS&T recommends subscribing to it to prevent you=
r machine from getting SP1 before support becomes available. IT staff in de=
partments, labs and centers (DLCs) should test SP1 in their own environment=
s to ensure it is compatible with their supported applications and services=
. IS&T will work with the DLCs to help find solutions if there are any prob=
lems.
If you do intend to download the service pack prior to support becoming ava=
ilable, it is a good idea to back up your data before installing. Service p=
acks have been known to crash systems for one reason or another.
For help or to share your findings with the Software Release Team, send mai=
l to windows7-release@mit.edu.
-------------------------------------------------------------
2. Tip of the Week: Computers in Public Spaces
-------------------------------------------------------------
Computers in Internet cafes, public libraries and other public places const=
itute a great risk to security. As a news article about a library in the UK=
illustrates (see link below), it is fairly easy to add devices containing =
keystroke loggers to public computers. These devices can capture any kind o=
f sensitive information you type into the keyboard, such as the log on info=
rmation for your online accounts, applications for items such as a passport=
or driver's license that contain personal information, and bank or credit =
card information when making online purchases. Because the keystroke loggin=
g devices can capture information despite a website's encryption feature, t=
hey can do quite a bit of damage, leading to identity theft and fraud.
What can you do about staying safe when using unsure public computers?
* Be aware of what is plugged into the computer's ports and connected to=
the computer's wires. Are the ports visible? If a USB device is plugged in=
, don't use the computer. Also look for anything added between the keyboard=
's chord and the port.
* If the ports or wires are not visible and you need to use a public com=
puter, don't use it for going into any personal accounts, such as Facebook,=
your bank, or your email.
* If you temporarily don't have access to your own computer and need to =
use an unsure public computer for accessing a personal account, change your=
password using a private computer within a day of last logging into the ac=
count.
* Do not use an unsure public computer to enter your debit or credit car=
d information into online forms.
Read the story in the news:
<http://www.h-online.com/security/news/item/Hardware-keyloggers-found-in-pu=
blic-libraries-1190097.html>
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
To read all current and archived articles online, visit the Security-FYI Bl=
og at <http://securityfyi.wordpress.com/>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
The IT Security Team moved on 2/11/11: Come see us in our new location at W=
92-236.
--_000_C9917E7E11732myeatonexchangemitedu_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html><head></head><body style=3D"word-wrap: break-word; -webkit-nbsp-mode:=
space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-si=
ze: 14px; font-family: Calibri, sans-serif; "><div><div><div><font class=3D=
"Apple-style-span" face=3D"Helvetica"><font class=3D"Apple-style-span" face=
=3D"Calibri,sans-serif"><br></font></font></div><div><div>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">In this is=
sue:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">1. Microso=
ft Releases Windows 7 Service Pack 1</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">2. Tip=
of the Week: Computers in Public Spaces</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
---------------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">1. Microso=
ft Releases Windows 7 Service Pack 1</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
---------------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Microsoft =
has released Windows 7 Service Pack 1 (SP1) and, as of February 22, is avai=
lable for download from Microsoft. It will be released via the Windows Upda=
te service at an as yet non-specified date.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">IS&T s=
trongly recommends Windows users at MIT to <font class=3D"Apple-style-=
span" color=3D"#FC2218">WAIT</font> to install the service pack until it be=
comes available via the MIT Windows Automatic Update Service (WAUS) at <=
http://ist.mit.edu/services/os/windows/updates>.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">If you are=
not using WAUS, IS&T recommends subscribing to it to prevent your mach=
ine from getting SP1 before support becomes available. IT staff in departme=
nts, labs and centers (DLCs) should test SP1 in their own environments to e=
nsure it is compatible with their supported applications and services. IS&a=
mp;T will work with the DLCs to help find solutions if there are any proble=
ms.</p><p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica;=
min-height: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">If you=
do intend to download the service pack prior to support becoming available=
, it is a good idea to back up your data before installing. Service pa=
cks have been known to crash systems for one reason or another.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">For he=
lp or to share your findings with the Software Release Team, send mail to w=
indows7-release@mit.edu.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
---------------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">2. Tip=
of the Week: Computers in Public Spaces</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
---------------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Comput=
ers in Internet cafes, public libraries and other public places constitute =
a great risk to security. As a news article about a library in the UK illus=
trates (see link below), it is fairly easy to add devices containing keystr=
oke loggers to public computers. These devices can capture any kind of sens=
itive information you type into the keyboard, such as the log on informatio=
n for your online accounts, applications for items such as a passport or dr=
iver's license that contain personal information, and bank or credit card i=
nformation when making online purchases. Because the keystroke logging devi=
ces can capture information despite a website's encryption feature, they ca=
n do quite a bit of damage, leading to identity theft and fraud.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">What c=
an you do about staying safe when using unsure public computers? </p>
<ul style=3D"list-style-type: disc">
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Be aw=
are of what is plugged into the computer's ports and connected to the compu=
ter's wires. Are the ports visible? If a USB device is plugged in, don't us=
e the computer. Also look for anything added between the keyboard's chord a=
nd the port.</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">If th=
e ports or wires are not visible and you need to use a public computer, don=
't use it for going into any personal accounts, such as Facebook, your bank=
, or your email.</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">If yo=
u temporarily don't have access to your own computer and need to use an uns=
ure public computer for accessing a personal account, change your password =
using a private computer within a day of last logging into the account.&nbs=
p;</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Do no=
t use an unsure public computer to enter your debit or credit card informat=
ion into online forms.</li>
</ul>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Read t=
he story in the news:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica"><ht=
tp://www.h-online.com/security/news/item/Hardware-keyloggers-found-in-publi=
c-libraries-1190097.html></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">To read al=
l current and archived articles online, visit the Security-FYI Blog at <=
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"text-decoratio=
n: underline ; color: #3369b5">http://securityfyi.wordpress.com/</span></a>=
></p><p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial"><b=
r></p><p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial"><br>=
</p><p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial"><br></=
p></div><div><font class=3D"Apple-style-span" color=3D"rgb(0, 0, 0)"><font =
class=3D"Apple-style-span" face=3D"Calibri"><span class=3D"Apple-style-span=
" style=3D"font-size: 12px; font-family: Helvetica; "><div style=3D"font-si=
ze: 12px; ">Monique Yeaton</div><div style=3D"font-size: 12px; ">IT Securit=
y Awareness Consultant</div><div style=3D"font-size: 12px; ">MIT Informatio=
n Services & Technology (IS&T)</div><div style=3D"font-size: 12px; =
">(617) 253-2715</div><div style=3D"font-size: 12px; "><a href=3D"http://is=
t.mit.edu/security">http://ist.mit.edu/security</a></div><div style=3D"font=
-size: 12px; "><br></div><div style=3D"font-size: 12px; "><font class=3D"Ap=
ple-style-span" color=3D"#FC2218">The IT Security Team moved on 2/11/11: </=
font>Come see us in our new location at W92-236. </div></span></font><=
/font></div></div></div></div></body></html>
--_000_C9917E7E11732myeatonexchangemitedu_--
--===============2011100693==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============2011100693==--
