[3446] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, January 7, 2013
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Jan 7 16:39:41 2013
From: Monique Yeaton <myeaton@mit.edu>
To: "ist-security-fyi@mit.edu" <ist-security-fyi@mit.edu>
Date: Mon, 7 Jan 2013 21:38:36 +0000
Message-ID: <3ACED3B2A8CEFB4598A845F07FD4A05F10DF4616@OC11EXPO24.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0053498818=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============0053498818==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_3ACED3B2A8CEFB4598A845F07FD4A05F10DF4616OC11EXPO24excha_"
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F10DF4616OC11EXPO24excha_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Cloud Computing: The Security Debate
2. First Patch Tuesday of 2013: Microsoft Security Updates
3. Hactivism to Continue in 2013
--------------------------------------------------------
1. Cloud Computing: The Security Debate
--------------------------------------------------------
A lively debate took place last Fall at Indiana University featuring passio=
nate arguments on the nature, status and future of cloud security in and be=
yond the higher education environs. The article posted by Educause<http://w=
ww.educause.edu/ero/article/cloud-security-debate-cloud-now-or-cloud-how> c=
aptures the salient points, key quotes and a bit of the color that permeate=
d the two sides of the discussion: Cloud now or cloud how?
After reading the article, what do you think?
---------------------------------------------------------------------------=
----
2. First Patch Tuesday of 2013: Microsoft Security Updates
---------------------------------------------------------------------------=
----
On Tuesday, January 8, 2013, Microsoft plans to issue seven security bullet=
ins<http://technet.microsoft.com/en-us/security/bulletin/ms13-jan> to addre=
ss a total of 12 vulnerabilities. Two of the bulletins are rated critical; =
the flaws they address could be exploited to allow remote code execution. T=
he other five are rated important; the vulnerabilities they fix could be ex=
ploited to elevate privileges, bypass a security feature, or create denial-=
of-service conditions.
Affected software:
* Windows
* Microsoft Office
* Microsoft Developer Tools
* Microsoft Server Software
* Microsoft .NET Framework
Security updates are available from the Windows Update tool, the Windows Se=
rver Update Services or the Download Center. MIT WAUS subscribers will rece=
ive the updates as they are tested and released.
Last week Microsoft released a temporary fix for an Internet Explorer (IE) =
flaw that is being actively exploited in targeted attacks. The vulnerabilit=
y affects IE 6,7, and 8, but not newer versions of the browser. Microsoft h=
as issued an advisory<http://technet.microsoft.com/en-us/security/advisory/=
2794220> about the issue and says it is "working around the clock" on a pat=
ch for the flaw (but it does not appear to be included in this month's sche=
duled patch release).
-------------------------------------------
3. Hactivism to Continue in 2013
-------------------------------------------
The hacktivist collective Anonymous has issued a video and statement saying=
there is more to come in 2013. Read more and watch the video<http://www.zd=
net.com/anonymous-expect-us-in-2013-7000009268>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F10DF4616OC11EXPO24excha_
Content-Type: text/html; charset="us-ascii"
Content-ID: <E14F283F93D23641BD1457112801E853@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif; ">
<div>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; ">In thi=
s issue:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. Cloud Computing: The =
Security Debate</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. First Patch Tuesday o=
f 2013: Microsoft Security Updates</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. Hactivism to Continue=
in 2013</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
--------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. Cloud Computing: The =
Security Debate</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
--------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">A lively debate took pla=
ce last Fall at Indiana University featuring passionate arguments on the na=
ture, status and future of cloud security in and beyond the higher educatio=
n environs. The
<a href=3D"http://www.educause.edu/ero/article/cloud-security-debate-cloud-=
now-or-cloud-how">
article posted by Educause</a> captures the salient points, key quotes and =
a bit of the color that permeated the two sides of the discussion: Cloud no=
w or cloud how?</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">After reading the articl=
e, what do you think? </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-------------------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. First Patch Tuesday o=
f 2013: Microsoft Security Updates </p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-------------------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">On Tuesday, January 8, 2=
013, Microsoft plans to issue seven
<a href=3D"http://technet.microsoft.com/en-us/security/bulletin/ms13-jan">s=
ecurity bulletins</a> to address a total of 12 vulnerabilities. Two of the =
bulletins are rated critical; the flaws they address could be exploited to =
allow remote code execution. The other
five are rated important; the vulnerabilities they fix could be exploited =
to elevate privileges, bypass a security feature, or create denial-of-servi=
ce conditions.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Affected software:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<ul>
<li style=3D"margin: 0px; font-family: Helvetica; ">Windows </li><li style=
=3D"margin: 0px; font-family: Helvetica; ">Microsoft Office </li><li style=
=3D"margin: 0px; font-family: Helvetica; ">Microsoft Developer Tools </li><=
li style=3D"margin: 0px; font-family: Helvetica; ">Microsoft Server Softwar=
e </li><li style=3D"margin: 0px; font-family: Helvetica; ">Microsoft .NET F=
ramework </li></ul>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Security updates are ava=
ilable from the Windows Update tool, the Windows Server Update Services or =
the Download Center. MIT WAUS subscribers will receive the updates as they =
are tested and released.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Last week Microsoft rele=
ased a temporary fix for an Internet Explorer (IE) flaw that is being activ=
ely exploited in targeted attacks. The vulnerability affects IE 6,7, and 8,=
but not newer versions of the browser.
Microsoft has <a href=3D"http://technet.microsoft.com/en-us/security/advis=
ory/2794220">
issued an advisory</a> about the issue and says it is "working around =
the clock" on a patch for the flaw (but it does not appear to be inclu=
ded in this month's scheduled patch release).</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. Hactivism to Continue=
in 2013</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">The hacktivist collectiv=
e Anonymous has issued a video and statement saying there is more to come i=
n 2013.
<a href=3D"http://www.zdnet.com/anonymous-expect-us-in-2013-7000009268">Rea=
d more and watch the video</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Arial; ">=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p=
>
<p style=3D"margin: 0px; font-family: Arial; ">Read all Security FYI Newsle=
tter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/">http://securityfyi.wordpress.=
com/</a>.</p>
<p style=3D"margin: 0px; font-family: Arial; ">=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p=
>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
</div>
<div><span class=3D"Apple-style-span" style=3D"border-collapse: separate; f=
ont-family: Calibri; font-size: medium; border-spacing: 0px; "><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px; font-family: Helvetica; font-size: 14px; ">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; border=
-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse:=
separate; border-spacing: 0px; "><span class=3D"Apple-style-span" style=3D=
"border-collapse: separate; border-spacing: 0px; "><span class=3D"Apple-sty=
le-span" style=3D"border-collapse: separate; border-spacing: 0px; "><span c=
lass=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacin=
g: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separa=
te; border-spacing: 0px; font-size: 12px; ">
<div><br>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F10DF4616OC11EXPO24excha_--
--===============0053498818==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0053498818==--
