[2370] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, March 15, 2011
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Tue Mar 15 12:22:18 2011
From: Monique Yeaton <myeaton@mit.edu>
To: "ist-security-fyi@mit.edu" <ist-security-fyi@mit.edu>
Date: Tue, 15 Mar 2011 12:21:07 -0400
Message-ID: <C9A50A33.132FF%myeaton@exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Cc: "itss@mit.edu" <itss@mit.edu>
Content-Type: multipart/mixed; boundary="===============1464725816=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============1464725816==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_C9A50A33132FFmyeatonexchangemitedu_"
--_000_C9A50A33132FFmyeatonexchangemitedu_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Two Browser Updates from Last Week
2. Microsoft and Security
----------------------------------------------------
1. Two Browser Updates from Last Week
----------------------------------------------------
Safari 5 Update:
Last week Apple issued a large update for its Safari web browser. The updat=
e fixes a total of 62 security issues in Safari 5 for Mac and Windows, and =
brings the most current version to 5.0.4. Fifty-six of the flaws could be e=
xploited to allow arbitrary code execution. On the same day, Apple issued a=
n update for its iOS, bringing the most recent version of its mobile operat=
ing system to 4.3, which addresses most of the same flaws in the Safari upd=
ate.
Read the story in the news:
<http://www.computerworld.com/s/article/9213939/Apple_patches_62_bugs_in_ma=
ssive_Safari_update>
Google Chrome 10:
Also last week, Google released Chrome 10 to the stable channel, making the=
update available to all users. Google Chrome 10 supports password sync and=
also comes with the latest Flash player (10.2).
Read the story in the news:
<http://techie-buzz.com/browsers/download-google-chrome-10.html>
--------------------------------
2. Microsoft and Security
--------------------------------
Ok, the above title might make some of us (Apple users) snicker. However, M=
icrosoft has shown several signs of making security a priority for the user=
s of their software.
The company has put out a plea to the world to drop Internet Explorer 6 (IE=
6) usage. They are now actively discouraging people from using IE6 and have=
released an official IE6 Countdown Site with graphics, showing the percent=
age of market share IE6 holds in countries around the world; Microsoft hope=
s to see usage drop to less than 1 percent worldwide (it currently stands a=
t 12%). IE6 was introduced a decade ago. The next version of IE, version 9,=
is slated to be released this year.
Visit the site: <http://www.theie6countdown.com/>
Why the move?: <http://www.theie6countdown.com/educate-others.html>
In addition to the above, earlier this month Microsoft pushed an update tha=
t disables AutoRun on Windows XP and Vista systems. This Windows feature ha=
s been exploited by the computer viruses Confickr and Stuxnet to infect com=
puters. The update was initially released in February; Microsoft said at th=
e time that the patch would be optional, meaning that users would have had =
to select it manually in Windows Update. Now the patch is being pushed out =
through the Automatic Updates feature of Windows Update.
Read the story in the news:
<http://www.computerworld.com/s/article/9212938/Microsoft_pushes_anti_AutoR=
un_update_at_XP_Vista_users>
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
To read all current and archived articles online, visit the Security-FYI Bl=
og at <http://securityfyi.wordpress.com/>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_C9A50A33132FFmyeatonexchangemitedu_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html><head></head><body style=3D"word-wrap: break-word; -webkit-nbsp-mode:=
space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-si=
ze: 14px; font-family: Calibri, sans-serif; "><div><div><div><font class=3D=
"Apple-style-span" face=3D"Helvetica"><font class=3D"Apple-style-span" face=
=3D"Calibri,sans-serif"><br></font></font></div><div>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">In thi=
s issue:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">1. Two=
Browser Updates from Last Week</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">2. Mic=
rosoft and Security</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
----------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">1. Two=
Browser Updates from Last Week</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
----------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Safari=
5 Update:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Last w=
eek Apple issued a large update for its Safari web browser. The update fixe=
s a total of 62 security issues in Safari 5 for Mac and Windows, and brings=
the most current version to 5.0.4. Fifty-six of the flaws could be exploit=
ed to allow arbitrary code execution. On the same day, Apple issued an upda=
te for its iOS, bringing the most recent version of its mobile operating sy=
stem to 4.3, which addresses most of the same flaws in the Safari update.&n=
bsp;</p><p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica=
; min-height: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Read t=
he story in the news:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica"><ht=
tp://www.computerworld.com/s/article/9213939/Apple_patches_62_bugs_in_massi=
ve_Safari_update></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Google=
Chrome 10:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Also l=
ast week, Google released Chrome 10 to the stable channel, making the updat=
e available to all users. Google Chrome 10 supports password sync and also =
comes with the latest Flash player (10.2).</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Read t=
he story in the news:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica"><ht=
tp://techie-buzz.com/browsers/download-google-chrome-10.html></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
--------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">2. Mic=
rosoft and Security</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
--------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Ok, th=
e above title might make some of us (Apple users) snicker. However, Microso=
ft has shown several signs of making security a priority for the users of t=
heir software. </p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">The co=
mpany has put out a plea to the world to drop Internet Explorer 6 (IE6) usa=
ge. They are now actively discouraging people from using IE6 and have relea=
sed an official IE6 Countdown Site with graphics, showing the percentage of=
market share IE6 holds in countries around the world; Microsoft hopes to s=
ee usage drop to less than 1 percent worldwide (it currently stands at 12%)=
. IE6 was introduced a decade ago. The next version of IE, version 9, is sl=
ated to be released this year.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Visit =
the site: <http://www.theie6countdown.com/></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Why th=
e move?: <http://www.theie6countdown.com/educate-others.html></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">In add=
ition to the above, earlier this month Microsoft pushed an update that disa=
bles AutoRun on Windows XP and Vista systems. This Windows feature has been=
exploited by the computer viruses Confickr and Stuxnet to infect computers=
. The update was initially released in February; Microsoft said at the time=
that the patch would be optional, meaning that users would have had to sel=
ect it manually in Windows Update. Now the patch is being pushed out throug=
h the Automatic Updates feature of Windows Update.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Read t=
he story in the news: </p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica"><ht=
tp://www.computerworld.com/s/article/9212938/Microsoft_pushes_anti_AutoRun_=
update_at_XP_Vista_users></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">To read al=
l current and archived articles online, visit the Security-FYI Blog at <=
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"text-decoratio=
n: underline ; color: #3369b5">http://securityfyi.wordpress.com/</span></a>=
></p></div><div><br></div><div><div><br></div><div><font class=3D"Apple-=
style-span" color=3D"rgb(0, 0, 0)"><font class=3D"Apple-style-span" face=3D=
"Calibri"><span class=3D"Apple-style-span" style=3D"font-size: 12px; font-f=
amily: Helvetica; "><div style=3D"font-size: 12px; ">Monique Yeaton</div><d=
iv style=3D"font-size: 12px; ">IT Security Awareness Consultant</div><div s=
tyle=3D"font-size: 12px; ">MIT Information Services & Technology (IS&am=
p;T)</div><div style=3D"font-size: 12px; ">(617) 253-2715</div><div style=
=3D"font-size: 12px; "><a href=3D"http://ist.mit.edu/security">http://ist.m=
it.edu/security</a></div><div style=3D"font-size: 12px; "><br></div></span>=
</font></font></div></div></div></div></body></html>
--_000_C9A50A33132FFmyeatonexchangemitedu_--
--===============1464725816==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1464725816==--
