[2421] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, February 6, 2012
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Feb 6 17:18:47 2012
From: Monique Yeaton <myeaton@mit.edu>
To: "ist-security-fyi@mit.edu" <ist-security-fyi@mit.edu>
Date: Mon, 6 Feb 2012 22:17:56 +0000
Message-ID: <CB55BBC3.237DC%myeaton@exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Cc: "itss@mit.edu" <itss@mit.edu>
Content-Type: multipart/mixed; boundary="===============0353605808=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============0353605808==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_CB55BBC3237DCmyeatonexchangemitedu_"
--_000_CB55BBC3237DCmyeatonexchangemitedu_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Kerberos Passwords: Maybe Time to Update
2. Apple Issues Security Update
------------------------------------------------------------
1. Kerberos Passwords: Maybe Time to Update
------------------------------------------------------------
You may already be aware of the changes to be made to MIT's wireless networ=
k this year. The open wireless networks, MIT and MIT N are going away some =
time in 2012. To use the wireless network after the change, you have three =
options for connecting: MIT SECURE, MIT SECURE N and MIT GUEST.
Both MIT SECURE and MIT SECURE N require you to use your Kerberos user name=
and password to authenticate when logging on for the first time. If you're=
like many of us, you might not have changed your Kerberos password<http://=
ist.mit.edu/password> in a while. This is a good time to think about updati=
ng your password and making it secure. Here's why:
* Old passwords may not meet the more stringent requirements of the MIT=
Kerberos password policy<http://ist.mit.edu/security/passwords#heading2> o=
f length and character complexity.
* Because of recent improvements to the network, old passwords may not =
be accessible from MIT's network server, the Windows Exchange Active Direct=
ory, which you will be authenticated against. This could cause a failure to=
connect to the wireless network.
* Updating your password on a regular basis, such as once a year, is a =
good idea.
Take the following steps to update your password:
1. Pick a new strong password that you can remember and no one else can =
guess. You can learn how by watching this video<http://video.about.com/nets=
ecurity/Create-a-Secure-Password.htm> or by reading this Hermes article<htt=
p://kb.mit.edu/confluence/x/3wNt>. Note: longer is better.
2. If you know your current password you can update it online<http://web=
.mit.edu/password>.
3. If you have forgotten your password, you can use your MIT Personal Ce=
rtificate to still change your password online. If you don't have the certi=
ficate, see this Hermes article<http://kb.mit.edu/confluence/x/gglB> for ot=
her options.
-----------------------------------------
2. Apple Issues Security Update
-----------------------------------------
Last Wednesday Apple released its first security update<http://support.appl=
e.com/kb/HT5130> of 2012 for Mac OS X, patching more than 50 vulnerabilitie=
s. Updates are available for Mac OS X 10.7, known as Lion, and for 10.6, Sn=
ow Leopard.
Early adopters of the update running Snow Leopard and using Rosetta applica=
tions may have experienced some problems, but two days after the release, A=
pple provided a fixed update 2012-001 v.1.1. Users on Lion did not experien=
ce any issues with the original 1.0 update.
The Security Update is available through the Software Update tool built int=
o the operating system or from Apple's Downloads<http://support.apple.com/d=
ownloads/> webpage.
IS&T at MIT recommends to always make sure to have a backup of your system =
before applying updates and patches. This situation also reminds us that, a=
lthough it may be contrary to the intent of the security patches, it might =
be better to wait a few days before applying software updates. Just to ensu=
re any bugs have been worked through.
See the full story in the news<http://tidbits.com/article/12768>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_CB55BBC3237DCmyeatonexchangemitedu_
Content-Type: text/html; charset="us-ascii"
Content-ID: <1FE2C570F0A0174FA8AF5C1927C8F09A@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif; ">
<div>
<div>
<div>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">In thi=
s issue:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">1. Ker=
beros Passwords: Maybe Time to Update</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">2. Apple I=
ssues Security Update</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
------------------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">1. Ker=
beros Passwords: Maybe Time to Update</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
------------------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">You ma=
y already be aware of the changes to be made to MIT's wireless network this=
year. The open wireless networks, MIT and MIT N are going away some time i=
n 2012. To use the wireless network
after the change, you have three options for connecting: MIT SECURE, MIT S=
ECURE N and MIT GUEST. </p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Both M=
IT SECURE and MIT SECURE N require you to use your Kerberos user name and p=
assword to authenticate when logging on for the first time. If you're like =
many of us, you might not have changed
<a href=3D"http://ist.mit.edu/password">your Kerberos password</a> in a whi=
le. This is a good time to think about updating your password and making it=
secure. Here's why:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<ul style=3D"list-style-type: disc">
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Old p=
asswords may not meet the more stringent requirements of the
<a href=3D"http://ist.mit.edu/security/passwords#heading2">MIT Kerberos pas=
sword policy</a> of length and character complexity.
</li><li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">=
Because of recent improvements to the network, old passwords may not be acc=
essible from MIT's network server, the Windows Exchange Active Directory, w=
hich you will be authenticated against.
This could cause a failure to connect to the wireless network. </li><li st=
yle=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Updating yo=
ur password on a regular basis, such as once a year, is a good idea.
</li></ul>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Take t=
he following steps to update your password:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<ol style=3D"list-style-type: decimal">
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Pick =
a new strong password that you can remember and no one else can guess. You =
can learn how by watching this
<a href=3D"http://video.about.com/netsecurity/Create-a-Secure-Password.htm"=
>video</a> or by reading this
<a href=3D"http://kb.mit.edu/confluence/x/3wNt">Hermes article</a>. Note: l=
onger is better.
</li><li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">=
If you know your current password you can
<a href=3D"http://web.mit.edu/password">update it online</a>. </li><li styl=
e=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">If you have f=
orgotten your password, you can use your MIT Personal Certificate to still =
change your password online. If you don't have the certificate, see this
<a href=3D"http://kb.mit.edu/confluence/x/gglB">Hermes article</a> for othe=
r options.
</li></ol>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
-----------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">2. Apple I=
ssues Security Update</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
-----------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Last Wedne=
sday Apple released its first
<a href=3D"http://support.apple.com/kb/HT5130">security update</a> of 2012 =
for Mac OS X, patching more than 50 vulnerabilities. Updates are available =
for Mac OS X 10.7, known as Lion, and for 10.6, Snow Leopard. </p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Early adop=
ters of the update running Snow Leopard and using Rosetta applications may =
have experienced some problems, but two days after the release, Apple provi=
ded a fixed update 2012-001 v.1.1.
Users on Lion did not experience any issues with the original 1.0 update.<=
/p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">The Securi=
ty Update is available through the Software Update tool built into the oper=
ating system or from Apple's
<a href=3D"http://support.apple.com/downloads/">Downloads</a> webpage. =
;</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">IS&T a=
t MIT recommends to always make sure to have a backup of your system before=
applying updates and patches. This situation also reminds us that, althoug=
h it may be contrary to the intent of
the security patches, it might be better to wait a few days before applyin=
g software updates. Just to ensure any bugs have been worked through.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial"><a href=3D=
"http://tidbits.com/article/12768">See the full story in the news</a>.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Read all S=
ecurity FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</p>
</div>
<div><br>
</div>
<div>
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; font-family: Helvetica; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; -webki=
t-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; col=
or: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: norm=
al; font-variant: normal; font-weight: normal; letter-spacing: normal; line=
-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px=
; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-s=
pace: normal; widows: 2; word-spacing: 0px; "><span class=3D"Apple-style-sp=
an" style=3D"border-collapse: separate; -webkit-border-horizontal-spacing: =
0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family=
: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; fon=
t-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text=
-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: a=
uto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word=
-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse:=
separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-=
spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px;=
font-style: normal; font-variant: normal; font-weight: normal; letter-spac=
ing: normal; line-height: normal; -webkit-text-decorations-in-effect: none;=
text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; or=
phans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; -webkit-border-ho=
rizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, =
0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-va=
riant: normal; font-weight: normal; letter-spacing: normal; line-height: no=
rmal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-t=
ext-size-adjust: auto; text-transform: none; orphans: 2; white-space: norma=
l; widows: 2; word-spacing: 0px; "><span class=3D"Apple-style-span" style=
=3D"border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -web=
kit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helveti=
ca; font-size: 14px; font-style: normal; font-variant: normal; font-weight:=
normal; letter-spacing: normal; line-height: normal; -webkit-text-decorati=
ons-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text=
-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing:=
0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separate=
; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: =
0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-sty=
le: normal; font-variant: normal; font-weight: normal; letter-spacing: norm=
al; line-height: normal; -webkit-text-decorations-in-effect: none; text-ind=
ent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2;=
white-space: normal; widows: 2; word-spacing: 0px; "><span class=3D"Apple-=
style-span" style=3D"border-collapse: separate; -webkit-border-horizontal-s=
pacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); fon=
t-family: Helvetica; font-size: 12px; font-style: normal; font-variant: nor=
mal; font-weight: normal; letter-spacing: normal; line-height: normal; -web=
kit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-a=
djust: auto; text-transform: none; orphans: 2; white-space: normal; widows:=
2; word-spacing: 0px; ">
<div style=3D"font-size: 12px; "><br>
</div>
<div style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"=
font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12p=
x; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cla=
ss=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-st=
yle-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" styl=
e=3D"font-size: 12px; ">Monique
Yeaton</span></span></span></span></span></span></div>
<div style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"=
font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12p=
x; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cla=
ss=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-st=
yle-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" styl=
e=3D"font-size: 12px; ">IT
Security Communications Consultant</span></span></span></span></span></spa=
n></div>
<div style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"=
font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12p=
x; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cla=
ss=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-st=
yle-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" styl=
e=3D"font-size: 12px; ">MIT
Information Services & Technology (IS&T)</span></span></span></spa=
n></span></span></div>
<div style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"=
font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12p=
x; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cla=
ss=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-st=
yle-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" styl=
e=3D"font-size: 12px; ">(617)
253-2715</span></span></span></span></span></span></div>
<div style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"=
font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12p=
x; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cla=
ss=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-st=
yle-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" styl=
e=3D"font-size: 12px; ">http://ist.mit.edu/security</span></span></span></s=
pan></span></span></div>
<div style=3D"font-size: 12px; "><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></span></div>
</div>
</div>
</div>
</body>
</html>
--_000_CB55BBC3237DCmyeatonexchangemitedu_--
--===============0353605808==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0353605808==--
