[2378] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, April 12, 2011
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Tue Apr 12 11:40:26 2011
From: Monique Yeaton <myeaton@MIT.EDU>
To: "ist-security-fyi@mit.edu" <ist-security-fyi@MIT.EDU>
Date: Tue, 12 Apr 2011 11:39:21 -0400
Message-ID: <C9C9EA69.1468C%myeaton@exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Cc: "itss@mit.edu" <itss@MIT.EDU>
Content-Type: multipart/mixed; boundary="===============1044347406=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============1044347406==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_C9C9EA691468Cmyeatonexchangemitedu_"
--_000_C9C9EA691468Cmyeatonexchangemitedu_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. April 2011 Microsoft Security Updates
2. Calling on College Students with Cyber Security Skills!
3. Epsilon Security Breach Already Affecting Consumers
---------------------------------------------------
1. April 2011 Microsoft Security Updates
---------------------------------------------------
Microsoft plans to issue 17 security bulletins for Patch Tuesday, today, Ap=
ril 12th to address 64 vulnerabilities. Nine of these bulletins are rated c=
ritical, the remaining are rated important.
The bulletins will address flaws in Windows, Office, Internet Explorer, Off=
ice Web Apps and Microsoft Visual Studio and Visual C+ +.
Read the full April security bulletin:
<http://www.microsoft.com/technet/security/bulletin/ms11-apr.mspx>
-----------------------------------------------------------------------
2. Calling on College Students with Cyber Security Skills!
-----------------------------------------------------------------------
Do you know any college kids who have hands-on cyber security skills or com=
puter skills and a strong interest in security? If so, tell them to registe=
r this week for the online CyberQuests competition.
The 260 who do best will get enormous career boosts by being invited to sum=
mer Cyber Camps where the top teachers will challenge them and help them. C=
ongressmen, Governors, and other political leaders will recognize those who=
do well and job opportunities are highly likely to follow. Deadline April=
18.
Tell them to get more information and register at <http://uscc.cyberquests.=
org/>.
-----------------------------------------------------------------------
3. Epsilon Security Breach Already Affecting Consumers
-----------------------------------------------------------------------
In case you have not been following this story in the news (see http://secu=
rityfyi.wordpress.com/2011/04/05/consumers-warned-of-fake-business-emails/)=
, as a consumer you should be aware that you may be receiving some spear-ph=
ishing emails attempting to access your financial accounts.
A data breach at Epsilon exposed thousands of email addresses to the attack=
ers who accessed Epsilon's servers via a spear-phishing attack that likely =
happened last November <http://www.computerworld.com/s/article/9215605/Epsi=
lon_a_victim_of_spear_phishing_attack_says_report>.
The Better Business Bureau is reporting that some of the stolen information=
from Epsilon is already being used in spear-phishing attacks on consumers,=
targeting customers of Chase Online Banking. If you receive such emails, e=
ven ones that claim that they are helping you to secure your Chase account,=
do not respond to the emails. A legitimate business will never reach out t=
o their customers in this way through email.
If you have a question or concern about your Chase account or any of your o=
nline banking accounts, contact your bank by phone or visit one of their br=
anches.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
To read all current and archived articles online, visit the Security-FYI Bl=
og at <http://securityfyi.wordpress.com/>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_C9C9EA691468Cmyeatonexchangemitedu_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html><head></head><body style=3D"word-wrap: break-word; -webkit-nbsp-mode:=
space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-si=
ze: 14px; font-family: Calibri, sans-serif; "><div><div><div><p style=3D"ma=
rgin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br>=
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">In this is=
sue:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">1. April 2=
011 Microsoft Security Updates</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">2. Calling=
on College Students with Cyber Security Skills!</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">3. Epsilon=
Security Breach Already Affecting Consumers</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
-----------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">1. April 2=
011 Microsoft Security Updates</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
-----------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Microsoft =
plans to issue 17 security bulletins for Patch Tuesday, today, April 12th t=
o address 64 vulnerabilities. Nine of these bulletins are rated critical, t=
he remaining are rated important.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">The bullet=
ins will address flaws in Windows, Office, Internet Explorer, Office Web Ap=
ps and Microsoft Visual Studio and Visual C+ +.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Read the f=
ull April security bulletin:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial"><http:/=
/www.microsoft.com/technet/security/bulletin/ms11-apr.mspx></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
-------------------------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">2. Calling=
on College Students with Cyber Security Skills!</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
-------------------------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Do you kno=
w any college kids who have hands-on cyber security skills or computer skil=
ls and a strong interest in security? If so, tell them to register this wee=
k for the online CyberQuests competition. </p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">The 260 wh=
o do best will get enormous career boosts by being invited to summer Cyber =
Camps where the top teachers will challenge them and help them. Congressmen=
, Governors, and other political leaders will recognize those who do well a=
nd job opportunities are highly likely to follow. Deadline April=
18. </p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Tell them =
to get more information and register at <<a href=3D"http://uscc.cyberque=
sts.org/"><span style=3D"text-decoration: underline ; color: #1e37ee">http:=
//uscc.cyberquests.org/</span></a>>.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
-------------------------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">3. Epsilon=
Security Breach Already Affecting Consumers</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
-------------------------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">In case yo=
u have not been following this story in the news (see http://securityfyi.wo=
rdpress.com/2011/04/05/consumers-warned-of-fake-business-emails/), as a con=
sumer you should be aware that you may be receiving some spear-phishing ema=
ils attempting to access your financial accounts. </p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">A data bre=
ach at Epsilon exposed thousands of email addresses to the attackers who ac=
cessed Epsilon's servers via a spear-phishing attack that likely happened l=
ast November <http://www.computerworld.com/s/article/9215605/Epsilon_a_v=
ictim_of_spear_phishing_attack_says_report>.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">The Better=
Business Bureau is reporting that some of the stolen information from Epsi=
lon is already being used in spear-phishing attacks on consumers, targeting=
customers of Chase Online Banking. If you receive such emails, even ones t=
hat claim that they are helping you to secure your Chase account, do not re=
spond to the emails. A legitimate business will never reach out to their cu=
stomers in this way through email. </p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">If you hav=
e a question or concern about your Chase account or any of your online bank=
ing accounts, contact your bank by phone or visit one of their branches.</p=
>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">To read al=
l current and archived articles online, visit the Security-FYI Blog at <=
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"text-decoratio=
n: underline ; color: #3369b5">http://securityfyi.wordpress.com/</span></a>=
></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p></div><div><div style=3D"word-wrap: break-word; -webkit-n=
bsp-mode: space; -webkit-line-break: after-white-space; font-family: Helvet=
ica; "><span class=3D"Apple-style-span" style=3D"border-collapse: separate;=
-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0=
px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-styl=
e: normal; font-variant: normal; font-weight: normal; letter-spacing: norma=
l; line-height: normal; -webkit-text-decorations-in-effect: none; text-inde=
nt: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><span class=3D"Apple-s=
tyle-span" style=3D"border-collapse: separate; -webkit-border-horizontal-sp=
acing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font=
-family: Helvetica; font-size: 14px; font-style: normal; font-variant: norm=
al; font-weight: normal; letter-spacing: normal; line-height: normal; -webk=
it-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-ad=
just: auto; text-transform: none; orphans: 2; white-space: normal; widows: =
2; word-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-co=
llapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-ve=
rtical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size=
: 14px; font-style: normal; font-variant: normal; font-weight: normal; lett=
er-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect=
: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: n=
one; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span=
class=3D"Apple-style-span" style=3D"border-collapse: separate; -webkit-bor=
der-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: r=
gb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; f=
ont-variant: normal; font-weight: normal; letter-spacing: normal; line-heig=
ht: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -we=
bkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space:=
normal; widows: 2; word-spacing: 0px; "><span class=3D"Apple-style-span" s=
tyle=3D"border-collapse: separate; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Hel=
vetica; font-size: 14px; font-style: normal; font-variant: normal; font-wei=
ght: normal; letter-spacing: normal; line-height: normal; -webkit-text-deco=
rations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; =
text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spac=
ing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: sepa=
rate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spaci=
ng: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font=
-style: normal; font-variant: normal; font-weight: normal; letter-spacing: =
normal; line-height: normal; -webkit-text-decorations-in-effect: none; text=
-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans=
: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class=3D"Ap=
ple-style-span" style=3D"border-collapse: separate; -webkit-border-horizont=
al-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0);=
font-family: Helvetica; font-size: 12px; font-style: normal; font-variant:=
normal; font-weight: normal; letter-spacing: normal; line-height: normal; =
-webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-si=
ze-adjust: auto; text-transform: none; orphans: 2; white-space: normal; wid=
ows: 2; word-spacing: 0px; "><div style=3D"font-size: 12px; "><br></div><di=
v style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"fon=
t-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; =
"><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=
=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-styl=
e-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=
=3D"font-size: 12px; ">Monique Yeaton</span></span></span></span></span></s=
pan></div><div style=3D"font-size: 12px; "><span class=3D"Apple-style-span"=
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font=
-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "=
><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=
=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-styl=
e-span" style=3D"font-size: 12px; ">IT Security Awareness Consultant</span>=
</span></span></span></span></span></div><div style=3D"font-size: 12px; "><=
span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"=
Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-sp=
an" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"f=
ont-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px=
; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; ">MIT Inform=
ation Services & Technology (IS&T)</span></span></span></span></spa=
n></span></div><div style=3D"font-size: 12px; "><span class=3D"Apple-style-=
span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D=
"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12=
px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cl=
ass=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-s=
tyle-span" style=3D"font-size: 12px; ">(617) 253-2715</span></span></span><=
/span></span></span></div><div style=3D"font-size: 12px; "><span class=3D"A=
pple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-spa=
n" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"fo=
nt-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px;=
"><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=
=3D"Apple-style-span" style=3D"font-size: 12px; ">http://ist.mit.edu/securi=
ty</span></span></span></span></span></span></div><div style=3D"font-size: =
12px; "><br class=3D"khtml-block-placeholder"></div><br class=3D"Apple-inte=
rchange-newline"></span></span></span></span></span></span></span></div></d=
iv></div></div></body></html>
--_000_C9C9EA691468Cmyeatonexchangemitedu_--
--===============1044347406==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1044347406==--
