[2368] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, March 8, 2011
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Tue Mar 8 10:16:34 2011
From: Monique Yeaton <myeaton@MIT.EDU>
To: "ist-security-fyi@mit.edu" <ist-security-fyi@MIT.EDU>
Date: Tue, 8 Mar 2011 10:15:45 -0500
Message-ID: <C99BB251.12F63%myeaton@exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Cc: "itss@mit.edu" <itss@MIT.EDU>
Content-Type: multipart/mixed; boundary="===============1260270533=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============1260270533==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_C99BB25112F63myeatonexchangemitedu_"
--_000_C99BB25112F63myeatonexchangemitedu_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. March 2011 Microsoft Security Updates
2. Security on Mobile Devices
3. Riskiest Place for Your SSN?
-----------------------------------------------------
1. March 2011 Microsoft Security Updates
-----------------------------------------------------
Microsoft plans to issue three security bulletins on Patch Tuesday, March 8=
, to address a total of four vulnerabilities. One of the bulletins is rated=
critical, the other two are rated important.
The bulletins provide fixes for flaws in Windows and Office, as well as for=
a dynamic link library (DLL) hijacking vulnerability in the Microsoft Groo=
ve application.
The bulletins do not fix an Internet Explorer (IE) zero day flaw, as mentio=
ned in a January Security Advisory <http://www.microsoft.com/technet/securi=
ty/advisory/2501696.mspx>.
Read the full March security bulletin:
<http://www.microsoft.com/technet/security/bulletin/ms11-mar.mspx>
--------------------------------------
2. Security on Mobile Devices
--------------------------------------
For iPhone, iPad, Android and Blackberry users, the Mobile Devices Team has=
compiled some platform-specific information regarding setting passwords as=
well as how to remotely wipe and disable your device if lost or stolen. Ac=
cess the information on all of these devices from the Mobile Device Ninja p=
age: <http://kb.mit.edu/confluence/x/XQdS>.
Additional security recommendations:
* Make sure your smartphone is running the latest operating system avail=
able and is regularly backed up.
* Avoid storing personally identifiable information (PII) on your smartp=
hone.
* Do not store web or application passwords with the smartphone auto-sav=
e features.
Read the full article on mobile device security tips and recommendations at=
IS&T News:
<http://ist.mit.edu/news/secure_smartphones>.
----------------------------------------
3. Riskiest Place for Your SSN?
----------------------------------------
According to McAfee, the antivirus software company, universities and colle=
ges are at the top of the list of the most dangerous places to give your So=
cial Security number (SSN).
The ranking is based on the number of data breaches involving SSNs from Jan=
uary 2009 to October 2010. Until recently SSNs were used at universities to=
provide many of their services to students and staff. More awareness aroun=
d the proper use of a SSN has helped to minimize the collection of these nu=
mbers by universities, however there are still many of these records retain=
ed in electronic and paper files.
If you are requesting a service, be hesitant about giving your number out s=
o quickly. Ask the requestor what it will be used for and whether it is abs=
olutely necessary. You may be able to just give the last four digits rather=
than the full number, or an alternative number, such as your school ID num=
ber.
If you are offering a service, and collecting a SSN is required, make sure =
that it is handled appropriately -- meaning that access to these records is=
restricted and the security protecting them is strong enough to minimize t=
he risk of exposure and identity theft.
Learn about information protection at MIT: <http://web.mit.edu/infoprotect/=
>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
To read all current and archived articles online, visit the Security-FYI Bl=
og at <http://securityfyi.wordpress.com/>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_C99BB25112F63myeatonexchangemitedu_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html><head></head><body style=3D"word-wrap: break-word; -webkit-nbsp-mode:=
space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-si=
ze: 14px; font-family: Calibri, sans-serif; "><div><div><div><p style=3D"ma=
rgin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br>=
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">In this is=
sue:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">1. March 2=
011 Microsoft Security Updates</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">2. Securit=
y on Mobile Devices</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">3. Riskies=
t Place for Your SSN?</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
-------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">1. March 2=
011 Microsoft Security Updates</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
-------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Microsoft =
plans to issue three security bulletins on Patch Tuesday, March 8, to addre=
ss a total of four vulnerabilities. One of the bulletins is rated critical,=
the other two are rated important.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">The bullet=
ins provide fixes for flaws in Windows and Office, as well as for a dynamic=
link library (DLL) hijacking vulnerability in the Microsoft Groove applica=
tion.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">The bullet=
ins do not fix an Internet Explorer (IE) zero day flaw, as mentioned in a J=
anuary Security Advisory <http://www.microsoft.com/technet/security/advi=
sory/2501696.mspx>. </p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Read the f=
ull March security bulletin:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial"><http:/=
/www.microsoft.com/technet/security/bulletin/ms11-mar.mspx></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
----------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">2. Securit=
y on Mobile Devices</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
----------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">For iPhone=
, iPad, Android and Blackberry users, the Mobile Devices Team has compiled =
some platform-specific information regarding setting passwords as well as h=
ow to remotely wipe and disable your device if lost or stolen. Access the i=
nformation on all of these devices from the Mobile Device Ninja page: <h=
ttp://kb.mit.edu/confluence/x/XQdS>.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Additional=
security recommendations:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<ul style=3D"list-style-type: disc">
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Make sure=
your smartphone is running the latest operating system available and is re=
gularly backed up.</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Avoid sto=
ring personally identifiable information (PII) on your smartphone. </l=
i>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Do not st=
ore web or application passwords with the smartphone auto-save features.</l=
i>
</ul>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Read the f=
ull article on mobile device security tips and recommendations at IS&T =
News:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial"><http:/=
/ist.mit.edu/news/secure_smartphones>.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">3. Riskies=
t Place for Your SSN?</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">According =
to McAfee, the antivirus software company, universities and colleges are at=
the top of the list of the most dangerous places to give your Social Secur=
ity number (SSN).</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">The rankin=
g is based on the number of data breaches involving SSNs from January 2009 =
to October 2010. Until recently SSNs were used at universities to provide m=
any of their services to students and staff. More awareness around the prop=
er use of a SSN has helped to minimize the collection of these numbers by u=
niversities, however there are still many of these records retained in elec=
tronic and paper files.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">If you are=
requesting a service, be hesitant about giving your number out so quickly.=
Ask the requestor what it will be used for and whether it is absolutely ne=
cessary. You may be able to just give the last four digits rather than the =
full number, or an alternative number, such as your school ID number.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">If you are=
offering a service, and collecting a SSN is required, make sure that it is=
handled appropriately -- meaning that access to these records is restricte=
d and the security protecting them is strong enough to minimize the risk of=
exposure and identity theft.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Learn abou=
t information protection at MIT: <http://web.mit.edu/infoprotect/>.</=
p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">To read al=
l current and archived articles online, visit the Security-FYI Blog at <=
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"text-decoratio=
n: underline ; color: #3369b5">http://securityfyi.wordpress.com/</span></a>=
></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p></div><div><div><font class=3D"Apple-style-span" color=3D=
"rgb(0, 0, 0)"><font class=3D"Apple-style-span" face=3D"Calibri"><span clas=
s=3D"Apple-style-span" style=3D"font-size: 14px;"><span class=3D"Apple-styl=
e-span" style=3D"font-size: 12px; font-family: Helvetica; "><div style=3D"f=
ont-size: 12px; ">Monique Yeaton</div><div style=3D"font-size: 12px; ">IT S=
ecurity Awareness Consultant</div><div style=3D"font-size: 12px; ">MIT Info=
rmation Services & Technology (IS&T)</div><div style=3D"font-size: =
12px; ">(617) 253-2715</div><div style=3D"font-size: 12px; "><a href=3D"htt=
p://ist.mit.edu/security">http://ist.mit.edu/security</a></div><div style=
=3D"font-size: 12px; "><font class=3D"Apple-style-span" color=3D"#FC2218"><=
font class=3D"Apple-style-span" color=3D"#000000"><br></font></font></div><=
/span></span></font></font></div></div></div></div></body></html>
--_000_C99BB25112F63myeatonexchangemitedu_--
--===============1260270533==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1260270533==--
