[2374] in Security FYI


home	help	back	first	fref	pref	prev	next	nref	lref	last	post
[IS&T Security-FYI] SFYI Newsletter, March 28, 2011

daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Mar 28 12:55:25 2011

From: Monique Yeaton <myeaton@mit.edu>
To: "ist-security-fyi@mit.edu" <ist-security-fyi@mit.edu>
Date: Mon, 28 Mar 2011 12:54:19 -0400
Message-ID: <C9B6357B.13C7C%myeaton@exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Cc: "itss@mit.edu" <itss@mit.edu>
Content-Type: multipart/mixed; boundary="===============1155280484=="
Errors-To: ist-security-fyi-bounces@mit.edu

--===============1155280484==
Content-Language: en-US
Content-Type: multipart/alternative;
	boundary="_000_C9B6357B13C7Cmyeatonexchangemitedu_"

--_000_C9B6357B13C7Cmyeatonexchangemitedu_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


In this issue:


1. Mozilla Releases Firefox 4

2. Apple Issues Security Updates

3. Event: Secure Coding Course in Boston



-------------------------------------

1. Mozilla Releases Firefox 4

-------------------------------------


IS&T at MIT strongly recommends that users WAIT to install Firefox 4 while =
testing is completed for compatibility with IS&T-supported software. The re=
lease review will be completed by the end of April 2011.


Staff in departments, labs and centers (DLCs) who maintain web applications=
 will want to test their web sites, extensions, and applications to make su=
re they are compatible with Firefox 4. IS&T will work with DLCs to find app=
ropriate solutions if you run into problems. Please contact the Firefox Rel=
ease Team at firefox-release@mit.edu for assistance and to share your findi=
ngs.


The updated browser includes a number of new security features. Content Sec=
urity Policy (CSP), which is enabled by default, helps stop cross-site scri=
pting (XSS), data injection and other web-based attacks. CSP allows sites t=
o let the browser know what information is legitimate. Firefox 4 also lets =
users automatically connect to websites through secure connections with the=
 HTTP Strict-Transport Security (HSTS) feature and allows users to opt out =
of behavioral tracking.


Read the story in the news:

<http://www.scmagazineus.com/firefox-4-includes-new-feature-for-thwarting-w=
eb-attacks/article/198992/>



------------------------------------------

2. Apple Issues Security Updates

------------------------------------------


On Tuesday, March 22, Apple released its first big update of 2011 for Mac O=
S X 10.5 and an update for Mac X 10.6 to version 10.6.7. The releases fix m=
any of the same vulnerabilities, including one that was used to break into =
an iPhone at a hacking contest at a recent conference. Forty-five of the 56=
 flaws addressed in the update are critical, and nearly a quarter of the fl=
aws could be exploited in "drive-by" attacks -- attacks that execute as soo=
n as a user browses to a malicious website with an unpatched edition of Mac=
 OS X.


Read the story in the news:

<http://www.computerworld.com/s/article/9214903/Update_Apple_patches_Pwn2Ow=
n_bug_55_others_in_Mac_OS>



------------------------------------------------------

3. Event: Secure Coding Course in Boston

------------------------------------------------------


SANS is providing a developer course aimed at software developers and archi=
tects, senior software QA specialists, systems and security administrators =
and penetration testers, as well as anyone with an interest in understandin=
g the developers perspective to security.


What: Secure Coding in .NET: Developing Defensible Applications

When: May 2 - 5, 2011

Where: Courtyard Boston Downtown, 275 Tremont St, Boston MA 02116

Tuition: $2,535

CPEs: 24


Learn more: <http://www.sans.org/boston-2011-cs-2>



=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D


To read all current and archived articles online, visit the Security-FYI Bl=
og at <http://securityfyi.wordpress.com/>



Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security



--_000_C9B6357B13C7Cmyeatonexchangemitedu_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html><head></head><body style=3D"word-wrap: break-word; -webkit-nbsp-mode:=
 space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-si=
ze: 14px; font-family: Calibri, sans-serif; "><div><div><div><font class=3D=
"Apple-style-span" face=3D"Arial"><font class=3D"Apple-style-span" face=3D"=
Calibri,sans-serif"><br></font></font></div><div>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">In this is=
sue:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">1. Mozilla=
 Releases Firefox 4</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">2. Apple I=
ssues Security Updates</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">3. Event: =
Secure Coding Course in Boston</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
---------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">1. Mozilla=
 Releases Firefox 4</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
---------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">IS&amp;T a=
t MIT strongly recommends that users WAIT to install Firefox 4 while testin=
g is completed for compatibility with IS&amp;T-supported software. The rele=
ase review will be completed by the end of April 2011.&nbsp;</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Staff in d=
epartments, labs and centers (DLCs) who maintain web applications will want=
 to test their web sites, extensions, and applications to make sure they ar=
e compatible with Firefox 4. IS&amp;T will work with DLCs to find appropria=
te solutions if you run into problems. Please contact the Firefox Release T=
eam at firefox-release@mit.edu for assistance and to share your findings.</=
p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">The update=
d browser includes a number of new security features. Content Security Poli=
cy (CSP), which is enabled by default, helps stop cross-site scripting (XSS=
), data injection and other web-based attacks. CSP allows sites to let the =
browser know what information is legitimate. Firefox 4 also lets users auto=
matically connect to websites through secure connections with the HTTP Stri=
ct-Transport Security (HSTS) feature and allows users to opt out of behavio=
ral tracking.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Read the s=
tory in the news:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">&lt;http:/=
/www.scmagazineus.com/firefox-4-includes-new-feature-for-thwarting-web-atta=
cks/article/198992/&gt;</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
--------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">2. Apple I=
ssues Security Updates</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
--------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">On Tuesday=
, March 22, Apple released its first big update of 2011 for Mac OS X 10.5 a=
nd an update for Mac X 10.6 to version 10.6.7. The releases fix many of the=
 same vulnerabilities, including one that was used to break into an iPhone =
at a hacking contest at a recent conference. Forty-five of the 56 flaws add=
ressed in the update are critical, and nearly a quarter of the flaws could =
be exploited in "drive-by" attacks -- attacks that execute as soon as a use=
r browses to a malicious website with an unpatched edition of Mac OS X.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Read the s=
tory in the news:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">&lt;http:/=
/www.computerworld.com/s/article/9214903/Update_Apple_patches_Pwn2Own_bug_5=
5_others_in_Mac_OS&gt;</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
--------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">3. Event: =
Secure Coding Course in Boston</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
--------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">SANS is pr=
oviding a developer course aimed at software developers and architects, sen=
ior software QA specialists, systems and security administrators and penetr=
ation testers, as well as anyone with an interest in understanding the deve=
lopers perspective to security.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">What: Secu=
re Coding in .NET: Developing Defensible Applications</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">When: May =
2 - 5, 2011</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Where: Cou=
rtyard Boston Downtown, 275 Tremont St, Boston MA 02116</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Tuition: $=
2,535</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">CPEs: 24</=
p><p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-heig=
ht: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Learn more=
: &lt;<a href=3D"http://www.sans.org/boston-2011-cs-2&gt;">http://www.sans.=
org/boston-2011-cs-2&gt;</a></p><p style=3D"margin: 0.0px 0.0px 0.0px 0.0px=
; font: 14.0px Arial"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">To read al=
l current and archived articles online, visit the Security-FYI Blog at &lt;=
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"text-decoratio=
n: underline ; color: #3369b5">http://securityfyi.wordpress.com/</span></a>=
&gt;</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p></div><div><div style=3D"word-wrap: break-word; -webkit-n=
bsp-mode: space; -webkit-line-break: after-white-space; font-family: Helvet=
ica; "><span class=3D"Apple-style-span" style=3D"border-collapse: separate;=
 -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0=
px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-styl=
e: normal; font-variant: normal; font-weight: normal; letter-spacing: norma=
l; line-height: normal; -webkit-text-decorations-in-effect: none; text-inde=
nt: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><span class=3D"Apple-s=
tyle-span" style=3D"border-collapse: separate; -webkit-border-horizontal-sp=
acing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font=
-family: Helvetica; font-size: 14px; font-style: normal; font-variant: norm=
al; font-weight: normal; letter-spacing: normal; line-height: normal; -webk=
it-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-ad=
just: auto; text-transform: none; orphans: 2; white-space: normal; widows: =
2; word-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-co=
llapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-ve=
rtical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size=
: 14px; font-style: normal; font-variant: normal; font-weight: normal; lett=
er-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect=
: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: n=
one; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span=
 class=3D"Apple-style-span" style=3D"border-collapse: separate; -webkit-bor=
der-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: r=
gb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; f=
ont-variant: normal; font-weight: normal; letter-spacing: normal; line-heig=
ht: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -we=
bkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space:=
 normal; widows: 2; word-spacing: 0px; "><span class=3D"Apple-style-span" s=
tyle=3D"border-collapse: separate; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Hel=
vetica; font-size: 14px; font-style: normal; font-variant: normal; font-wei=
ght: normal; letter-spacing: normal; line-height: normal; -webkit-text-deco=
rations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; =
text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spac=
ing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: sepa=
rate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spaci=
ng: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font=
-style: normal; font-variant: normal; font-weight: normal; letter-spacing: =
normal; line-height: normal; -webkit-text-decorations-in-effect: none; text=
-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans=
: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class=3D"Ap=
ple-style-span" style=3D"border-collapse: separate; -webkit-border-horizont=
al-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0);=
 font-family: Helvetica; font-size: 12px; font-style: normal; font-variant:=
 normal; font-weight: normal; letter-spacing: normal; line-height: normal; =
-webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-si=
ze-adjust: auto; text-transform: none; orphans: 2; white-space: normal; wid=
ows: 2; word-spacing: 0px; "><div style=3D"font-size: 12px; "><br></div><di=
v style=3D"font-size: 12px; "><br></div><div style=3D"font-size: 12px; "><s=
pan class=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"A=
pple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-spa=
n" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"fo=
nt-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px;=
 "><span class=3D"Apple-style-span" style=3D"font-size: 12px; ">Monique Yea=
ton</span></span></span></span></span></span></div><div style=3D"font-size:=
 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span=
 class=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Appl=
e-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-=
size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; ">=
IT Security Awareness Consultant</span></span></span></span></span></span><=
/div><div style=3D"font-size: 12px; "><span class=3D"Apple-style-span" styl=
e=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size=
: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><spa=
n class=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"App=
le-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span"=
 style=3D"font-size: 12px; ">MIT Information Services &amp; Technology (IS&=
amp;T)</span></span></span></span></span></span></div><div style=3D"font-si=
ze: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><s=
pan class=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"A=
pple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-spa=
n" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"fo=
nt-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px;=
 ">(617) 253-2715</span></span></span></span></span></span></div><div style=
=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size:=
 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span=
 class=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Appl=
e-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-=
size: 12px; ">http://ist.mit.edu/security</span></span></span></span></span=
></span></div><div style=3D"font-size: 12px; "><br class=3D"khtml-block-pla=
ceholder"></div><br class=3D"Apple-interchange-newline"></span></span></spa=
n></span></span></span></span></div></div></div></div></body></html>

--_000_C9B6357B13C7Cmyeatonexchangemitedu_--

--===============1155280484==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1155280484==--

home	help	back	first	fref	pref	prev	next	nref	lref	last	post
[2374] in Security FYI

[IS&T Security-FYI] SFYI Newsletter, March 28, 2011

daemon@ATHENA.MIT.EDU (Monique Yeaton)Mon Mar 28 12:55:25 2011

daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Mar 28 12:55:25 2011
