[2811] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, September 10, 2012
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Sep 10 16:24:12 2012
From: Monique Yeaton <myeaton@mit.edu>
To: "ist-security-fyi@mit.edu" <ist-security-fyi@mit.edu>
Date: Mon, 10 Sep 2012 20:21:04 +0000
Message-ID: <CC73C3EE.2DD5E%myeaton@exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0809891258=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============0809891258==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_CC73C3EE2DD5Emyeatonexchangemitedu_"
--_000_CC73C3EE2DD5Emyeatonexchangemitedu_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Microsoft Security Updates for September 2012
2. Apple Update 2012-005 Fixes Java for OS X
3. Removing Electronic Paper Trails
---------------------------------------------------------------
1. Microsoft Security Updates for September 2012
---------------------------------------------------------------
On Tuesday, September 11, Microsoft will release two security bulletins<htt=
p://technet.microsoft.com/en-us/security/bulletin/ms12-sep> to address four=
vulnerabilities. Both bulletins have maximum severity ratings of important=
. The updates will affect:
* Microsoft Visual Studio Team Foundation Server 2010 SP 1
* Microsoft Systems Management Server 2003 SP 3
* Microsoft System Center Configuration Manager 2007 SP 2
The light load for September is to allow time to prepare for the October up=
date which will invalidate all digital certificates that have RSA keys smal=
ler than 1,024 bits. Microsoft is implementing the requirement to help prot=
ect users from the likes of Flame malware, which used spoofed Microsoft cer=
tificates.
Read more about the new encryption rule in the news<http://www.scmagazine.c=
om/light-patch-tuesday-will-include-new-encryptiorule/article/257870/>.
------------------------------------------------------------
2. Apple Update 2012-005 Fixes Java for OS X
------------------------------------------------------------
Java for OS X 2012-005<http://support.apple.com/kb/DL1572> and Java for Mac=
OS X 10.6 Update 10<http://support.apple.com/kb/DL1573> are now available =
for 10.6.8, 10.7 or later and 10.8 or later. An opportunity for security-in=
-depth hardening is addressed by updating to Java SE 6 to 1.6.0_35. Quit an=
y web browsers and Java applications before installing the update, which is=
available through Software Updates on the Mac OS X system or from the Appl=
e website<http://support.apple.com/downloads/>.
----------------------------------------------
3. Removing Electronic Paper Trails
----------------------------------------------
Just as you wouldn't leave a sensitive document in a copier, it's important=
not to create an electronic paper trail when using browsers to view or dow=
nload private information. This is especially important on shared and publi=
c computers or mobile devices because of their accessibility to others.
This IS&T News article<http://ist.mit.edu/news/securedata> provides further=
information and resources for how to configure your browser to remove the =
bits of information that could compromise your personal information if left=
behind in the browser's cache or history.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_CC73C3EE2DD5Emyeatonexchangemitedu_
Content-Type: text/html; charset="us-ascii"
Content-ID: <2795E0CED72C1A40AFE5BD291D9D90DC@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif; ">
<div>
<div>
<div>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
In this issue:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">1. Mic=
rosoft Security Updates for September 2012</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">2. App=
le Update 2012-005 Fixes Java for OS X</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">3. Rem=
oving Electronic Paper Trails</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
---------------------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">1. Mic=
rosoft Security Updates for September 2012</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
---------------------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">On Tue=
sday, September 11, Microsoft will release two
<a href=3D"http://technet.microsoft.com/en-us/security/bulletin/ms12-sep">s=
ecurity bulletins</a> to address four vulnerabilities. Both bulletins have =
maximum severity ratings of important. The updates will affect:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<ul style=3D"list-style-type: disc">
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Micro=
soft Visual Studio Team Foundation Server 2010 SP 1
</li><li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">=
Microsoft Systems Management Server 2003 SP 3
</li><li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">=
Microsoft System Center Configuration Manager 2007 SP 2
</li></ul>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">The li=
ght load for September is to allow time to prepare for the October update w=
hich will invalidate all digital certificates that have RSA keys smaller th=
an 1,024 bits. Microsoft is implementing
the requirement to help protect users from the likes of Flame malware, whi=
ch used spoofed Microsoft certificates.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Consolas; min-hei=
ght: 14.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Read m=
ore about the new encryption rule
<a href=3D"http://www.scmagazine.com/light-patch-tuesday-will-include-new-e=
ncryptiorule/article/257870/">
in the news</a>.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
------------------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">2. App=
le Update 2012-005 Fixes Java for OS X</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
------------------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica"><a hre=
f=3D"http://support.apple.com/kb/DL1572">Java for OS X 2012-005</a> and
<a href=3D"http://support.apple.com/kb/DL1573">Java for Mac OS X 10.6 Updat=
e 10</a> are now available for 10.6.8, 10.7 or later and 10.8 or later. An =
opportunity for security-in-depth hardening is addressed by updating to Jav=
a SE 6 to 1.6.0_35. Quit any web browsers
and Java applications before installing the update, which is available thr=
ough Software Updates on the Mac OS X system or from the
<a href=3D"http://support.apple.com/downloads/">Apple website</a>.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
----------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">3. Rem=
oving Electronic Paper Trails</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
----------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Just a=
s you wouldn't leave a sensitive document in a copier, it's important not t=
o create an electronic paper trail when using browsers to view or download =
private information. This is especially
important on shared and public computers or mobile devices because of thei=
r accessibility to others.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">This <=
a href=3D"http://ist.mit.edu/news/securedata">
IS&T News article</a> provides further information and resources for ho=
w to configure your browser to remove the bits of information that could co=
mpromise your personal information if left behind in the browser's cache or=
history.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<span class=3D"Apple-style-span" style=3D"font-family: Arial; ">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</span></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Read all S=
ecurity FYI Newsletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"text-decoratio=
n: underline ; color: #1e37ee">http://securityfyi.wordpress.com/</span></a>=
.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</p>
</div>
<div>
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; font-family: Helvetica; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; -webki=
t-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; col=
or: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: norm=
al; font-variant: normal; font-weight: normal; letter-spacing: normal; line=
-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px=
; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-s=
pace: normal; widows: 2; word-spacing: 0px; "><span class=3D"Apple-style-sp=
an" style=3D"border-collapse: separate; -webkit-border-horizontal-spacing: =
0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family=
: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; fon=
t-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text=
-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: a=
uto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word=
-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse:=
separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-=
spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px;=
font-style: normal; font-variant: normal; font-weight: normal; letter-spac=
ing: normal; line-height: normal; -webkit-text-decorations-in-effect: none;=
text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; or=
phans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; -webkit-border-ho=
rizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, =
0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-va=
riant: normal; font-weight: normal; letter-spacing: normal; line-height: no=
rmal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-t=
ext-size-adjust: auto; text-transform: none; orphans: 2; white-space: norma=
l; widows: 2; word-spacing: 0px; "><span class=3D"Apple-style-span" style=
=3D"border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -web=
kit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helveti=
ca; font-size: 14px; font-style: normal; font-variant: normal; font-weight:=
normal; letter-spacing: normal; line-height: normal; -webkit-text-decorati=
ons-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text=
-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing:=
0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separate=
; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: =
0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-sty=
le: normal; font-variant: normal; font-weight: normal; letter-spacing: norm=
al; line-height: normal; -webkit-text-decorations-in-effect: none; text-ind=
ent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2;=
white-space: normal; widows: 2; word-spacing: 0px; "><span class=3D"Apple-=
style-span" style=3D"border-collapse: separate; -webkit-border-horizontal-s=
pacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); fon=
t-family: Helvetica; font-size: 12px; font-style: normal; font-variant: nor=
mal; font-weight: normal; letter-spacing: normal; line-height: normal; -web=
kit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-a=
djust: auto; text-transform: none; orphans: 2; white-space: normal; widows:=
2; word-spacing: 0px; ">
<div style=3D"font-size: 12px; "><br>
</div>
<div style=3D"font-size: 12px; "><br>
</div>
<div style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"=
font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12p=
x; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cla=
ss=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-st=
yle-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" styl=
e=3D"font-size: 12px; ">Monique
Yeaton</span></span></span></span></span></span></div>
<div style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"=
font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12p=
x; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cla=
ss=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-st=
yle-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" styl=
e=3D"font-size: 12px; ">IT
Security Communications Consultant</span></span></span></span></span></spa=
n></div>
<div style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"=
font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12p=
x; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cla=
ss=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-st=
yle-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" styl=
e=3D"font-size: 12px; ">MIT
Information Services & Technology (IS&T)</span></span></span></spa=
n></span></span></div>
<div style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"=
font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12p=
x; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cla=
ss=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-st=
yle-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" styl=
e=3D"font-size: 12px; ">(617)
253-2715</span></span></span></span></span></span></div>
<div style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"=
font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12p=
x; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cla=
ss=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-st=
yle-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" styl=
e=3D"font-size: 12px; ">http://ist.mit.edu/security</span></span></span></s=
pan></span></span></div>
<div style=3D"font-size: 12px; "><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></span></div>
</div>
</div>
</div>
</body>
</html>
--_000_CC73C3EE2DD5Emyeatonexchangemitedu_--
--===============0809891258==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0809891258==--
