[3482] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, February 11, 2013
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Feb 11 15:53:24 2013
Resent-From: ist-security-fyi@MIT.EDU
From: Monique Yeaton <myeaton@MIT.EDU>
To: ist-security-fyi <ist-security-fyi@MIT.EDU>
Date: Mon, 11 Feb 2013 20:52:03 +0000
Message-ID: <3ACED3B2A8CEFB4598A845F07FD4A05F10F9A0D6@OC11EXPO24.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0165812955=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============0165812955==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_3ACED3B2A8CEFB4598A845F07FD4A05F10F9A0D6OC11EXPO24excha_"
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F10F9A0D6OC11EXPO24excha_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Microsoft Security Updates for February 2013
2. The Value of a Hacked PC
3. Ouch! Newsletter on Phishing
----------------------------------------------------------------
1. Microsoft Security Updates for February 2013
----------------------------------------------------------------
This week for Patch Tuesday, Microsoft is planning to release twelve new se=
curity bulletins<http://technet.microsoft.com/en-us/security/bulletin/ms13-=
feb>. Five are rated critical, seven are important. The fixes affect the fo=
llowing products:
* Internet Explorer, all supported versions
* All currently supported versions of Windows
* Windows Server 2003, 2008 and 2012
* Microsoft Exchange Server 2007 and 2010
* Microsoft FAST Search Server 2010 for Sharepoint and Advanced Filter =
Pack
On Tuesday, February 12, the updates<http://www.update.microsoft.com/window=
supdate> will be available from the Windows Update tool, the Windows Server=
Update Services or the Download Center. MIT WAUS subscribers will receive =
the updates when they have been tested and released.
---------------------------------------
2. The Value of a Hacked PC
---------------------------------------
An article from Krebs on Security provides an image of some interestingly p=
revalent malicious uses for a hacked PC.
As Krebs writes: "The project [a chart he put together for The Washington P=
ost in 2009] was designed to explain simply and visually to the sort of com=
puter user who can't begin to fathom why miscreants would want to hack into=
his PC. 'I don't bank online, I don't store sensitive information on my ma=
chine! I only use it to check email. What could hackers possibly want with =
this hunk of junk?', are all common refrains from this type of user."
Take a look<http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-=
pc-revisited/>. One of the ideas he tried to get across is that nearly ever=
y aspect of a hacked computer and a user's online life can be and has been =
commoditized. If it has value and can be sold, a cyber criminal will moneti=
ze it.
-------------------------------------------
3. Ouch! Newsletter on Phishing
-------------------------------------------
In this month's issue of OUCH!, the SANS.org security newsletter, the topic=
is: Email Phishing Attacks. You can download the free newsletter here<http=
://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201302_en.pdf> (pd=
f).
If, after reading, you are interested in learning more about phishing, see =
these articles<http://kb.mit.edu/confluence/label/istcontrib/phishing> on t=
he topic in the Knowledge Base.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F10F9A0D6OC11EXPO24excha_
Content-Type: text/html; charset="us-ascii"
Content-ID: <1E901D36D350DE47BD1D594642F250E6@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif; ">
<div>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; ">In thi=
s issue:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. Microsoft Security Up=
dates for February 2013</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. The Value of a Hacked=
PC</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. Ouch! Newsletter on P=
hishing</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. Microsoft Security Up=
dates for February 2013</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">This week for Patch Tues=
day, Microsoft is planning to release twelve new
<a href=3D"http://technet.microsoft.com/en-us/security/bulletin/ms13-feb">s=
ecurity bulletins</a>. Five are rated critical, seven are important. The fi=
xes affect the following products:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<ul>
<li style=3D"margin: 0px; font-family: Helvetica; ">Internet Explorer, all =
supported versions
</li><li style=3D"margin: 0px; font-family: Helvetica; ">All currently supp=
orted versions of Windows
</li><li style=3D"margin: 0px; font-family: Helvetica; ">Windows Server 200=
3, 2008 and 2012
</li><li style=3D"margin: 0px; font-family: Helvetica; ">Microsoft Exchange=
Server 2007 and 2010
</li><li style=3D"margin: 0px; font-family: Helvetica; ">Microsoft FAST Sea=
rch Server 2010 for Sharepoint and Advanced Filter Pack
</li></ul>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">On Tuesday, February 12,=
the <a href=3D"http://www.update.microsoft.com/windowsupdate">
updates</a> will be available from the Windows Update tool, the Windows Ser=
ver Update Services or the Download Center. MIT WAUS subscribers will recei=
ve the updates when they have been tested and released.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
---------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. The Value of a Hacked=
PC</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
---------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">An article from Krebs on=
Security provides an image of some interestingly prevalent malicious uses =
for a hacked PC. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">As Krebs writes: "T=
he project [a chart he put together for
<i>The Washington Post</i> in 2009] was designed to explain simply and visu=
ally to the sort of computer user who can't begin to fathom why miscreants =
would want to hack into his PC. 'I don't bank online, I don't store sensiti=
ve information on my machine! I
only use it to check email. What could hackers possibly want with this hun=
k of junk?', are all common refrains from this type of user."</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://krebso=
nsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/">Take a loo=
k</a>. One of the ideas he tried to get across is that nearly every aspect =
of a hacked computer and a user's online
life can be and has been commoditized. If it has value and can be sold, a =
cyber criminal will monetize it.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. Ouch! Newsletter on P=
hishing</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">In this month's issue of=
OUCH!, the SANS.org security newsletter, the topic is: Email Phishing Atta=
cks. You can download the free newsletter
<a href=3D"http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201=
302_en.pdf">
here</a> (pdf). </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">If, after reading, you a=
re interested in learning more about phishing, see
<a href=3D"http://kb.mit.edu/confluence/label/istcontrib/phishing">these ar=
ticles</a> on the topic in the Knowledge Base.</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><br>
</p>
</div>
<div><span class=3D"Apple-style-span" style=3D"border-collapse: separate; f=
ont-family: Calibri; font-size: medium; border-spacing: 0px; "><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px; font-family: Helvetica; font-size: 14px; ">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; border=
-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse:=
separate; border-spacing: 0px; "><span class=3D"Apple-style-span" style=3D=
"border-collapse: separate; border-spacing: 0px; "><span class=3D"Apple-sty=
le-span" style=3D"border-collapse: separate; border-spacing: 0px; "><span c=
lass=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacin=
g: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separa=
te; border-spacing: 0px; font-size: 12px; ">
<div>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">Read all Se=
curity FYI Newsletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/">http://securityfyi.wordpress.=
com/</a>.</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; "><br>
</p>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F10F9A0D6OC11EXPO24excha_--
--===============0165812955==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0165812955==--
