[3552] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, March 5, 2013
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Tue Mar 5 11:21:56 2013
Resent-From: ist-security-fyi@MIT.EDU
From: Monique Yeaton <myeaton@MIT.EDU>
To: ist-security-fyi <ist-security-fyi@MIT.EDU>
Date: Tue, 5 Mar 2013 16:19:54 +0000
Message-ID: <3ACED3B2A8CEFB4598A845F07FD4A05F252BBE35@OC11EXPO24.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1324819906=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============1324819906==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_3ACED3B2A8CEFB4598A845F07FD4A05F252BBE35OC11EXPO24excha_"
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F252BBE35OC11EXPO24excha_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Next laptop tagging event is Wednesday, March 6
2. New Copyright Alert System Plan in Place
3. Java 7 Still Vulnerable
4. Future of Security Doomed for Failure?
---------------------------------------------------------------------
1. Next laptop tagging event is Wednesday, March 6
---------------------------------------------------------------------
On March 6, 11:00am - 1:30pm, laptop registration will be in E17-121
This Wednesday, MIT Police is providing an opportunity to tag and register =
laptop computers and electronic devices.
When registering your device, it receives a STOP tag. This loss prevention =
measure is a visible deterrent to theft. Take a look at this video<http://w=
eb.mit.edu/cp/www/_docs/theft_deterrent.wmv> to see the results. Each tag c=
osts $10. Cash or a G/L account is accepted (no TechCash).
Details of this service and all upcoming dates and locations are listed her=
e<http://kb.mit.edu/confluence/x/e4CSAw>.
-----------------------------------------------------------
2. New Copyright Alert System Plan in Place
-----------------------------------------------------------
The Copyright Alert System is a plan, more than four years in the making, t=
hat was pushed by the recording and movie industries, and backed by the pre=
sident. It includes participation by AT&T, Cablevision, Comcast, Time Warne=
r Cable and Verizon. Comcast and other internet service providers can now b=
egin hijacking browsers of their internet subscribers who are detected of r=
epeatedly infringing on public file-sharing networks.
Read the full article online<http://www.wired.com/threatlevel/2013/02/comca=
st-browser-hijack/>.
---------------------------------
3. Java 7 Still Vulnerable
---------------------------------
Researchers have found two new Java zero-day vulnerabilities. Browsers runn=
ing Java 1.6 update 41 and Java 1.7 update 15 are now vulnerable to malware=
attack that installs a remote access tool called McRAT.
Apple released an update to Java following an earlier attack. The vulnerabi=
lity exists only in the browser plug-in for Java, not in applications that =
use Java Runtime.
The recommendation is for users to disable Java in the browser until Oracle=
addresses the issue. If you have a Java plug-in in your browser, you can l=
earn how to disable it here<http://www.zdnet.com/how-to-disable-java-in-you=
r-browser-on-windows-mac-7000009732/>.
Read the full story online<http://www.zdnet.com/oracle-investigating-after-=
two-more-java-7-zero-day-flaws-found-7000011965>.
-------------------------------------------------------
4. Future of Security Doomed for Failure?
-------------------------------------------------------
Speaking at the 2013 RSA Conference last week, Mike Fey, CTO of McAfee said=
that many companies just aren't ready for the sophisticated attacks headed=
their way these days.
Basically, Fey suggested that based on the way the enterprise landscape loo=
ks now, we're on our way to complete breakdown if companies don't change th=
eir security strategies immediately.
Read the full article online<http://www.zdnet.com/mcafee-cto-current-securi=
ty-landscape-is-on-its-way-to-failure-7000011914>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F252BBE35OC11EXPO24excha_
Content-Type: text/html; charset="us-ascii"
Content-ID: <263A91C2219E5C4F9803C4C0DFCF7D2C@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif; ">
<div><span style=3D"font-family: Helvetica; ">In this issue:</span></div>
<div><span class=3D"Apple-style-span" style=3D"border-collapse: separate; f=
ont-family: Calibri; font-size: medium; border-spacing: 0px; "><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px; font-family: Helvetica; font-size: 14px; ">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; border=
-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse:=
separate; border-spacing: 0px; "><span class=3D"Apple-style-span" style=3D=
"border-collapse: separate; border-spacing: 0px; "><span class=3D"Apple-sty=
le-span" style=3D"border-collapse: separate; border-spacing: 0px; "><span c=
lass=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacin=
g: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separa=
te; border-spacing: 0px; font-size: 12px; ">
<div>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">1. Next laptop tagging event is=
Wednesday, March 6</p>
<p style=3D"margin: 0px; font-size: 14px; ">2. New Copyright Alert System P=
lan in Place</p>
<p style=3D"margin: 0px; font-size: 14px; ">3. Java 7 Still Vulnerable</p>
<p style=3D"margin: 0px; font-size: 14px; ">4. Future of Security Doomed fo=
r Failure?</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">-------------------------------=
--------------------------------------</p>
<p style=3D"margin: 0px; font-size: 14px; ">1. Next laptop tagging event is=
Wednesday, March 6</p>
<p style=3D"margin: 0px; font-size: 14px; ">-------------------------------=
--------------------------------------</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; "><b>On March 6, 11:00am - 1:30pm=
, laptop registration will be in E17-121</b></p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">This Wednesday, MIT Police=
is providing an opportunity to tag and register laptop computers and elect=
ronic devices. </p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">When registering your device, i=
t receives a STOP tag. This loss prevention measure is a visible deterrent =
to theft. Take a look at <a href=3D"http://web.mit.edu/cp/www/_docs/th=
eft_deterrent.wmv"><span style=3D"color: rgb(4, 46, 238); ">this
video</span></a> to see the results. Each tag costs $10. Cash or a G/=
L account is accepted (no TechCash). </p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; color: rgb(4, 46, 238); "><span s=
tyle=3D"text-decoration: underline"><a href=3D"http://kb.mit.edu/confluence=
/x/e4CSAw">Details of this service and all upcoming dates and locations are=
listed here</a></span><span style=3D"color: #000000">.</span></p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">-------------------------------=
----------------------------</p>
<p style=3D"margin: 0px; font-size: 14px; ">2. New Copyright Alert System P=
lan in Place</p>
<p style=3D"margin: 0px; font-size: 14px; ">-------------------------------=
----------------------------</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">The Copyright Alert System is a=
plan, more than four years in the making, that was pushed by the recording=
and movie industries, and backed by the president. It includes participati=
on by AT&T, Cablevision, Comcast,
Time Warner Cable and Verizon. Comcast and other internet service provider=
s can now begin hijacking browsers of their internet subscribers who are de=
tected of repeatedly infringing on public file-sharing networks. </p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; "><a href=3D"http://www.wired.com=
/threatlevel/2013/02/comcast-browser-hijack/">Read the full article online<=
/a>.</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">-------------------------------=
--</p>
<p style=3D"margin: 0px; font-size: 14px; ">3. Java 7 Still Vulnerable</p>
<p style=3D"margin: 0px; font-size: 14px; ">-------------------------------=
--</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">Researchers have found two new =
Java zero-day vulnerabilities. Browsers running Java 1.6 update 41 and Java=
1.7 update 15 are now vulnerable to malware attack that installs a remote =
access tool called McRAT. </p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">Apple released an update to Jav=
a following an earlier attack. The vulnerability exists only in the browser=
plug-in for Java, not in applications that use Java Runtime.</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">The recommendation is for users=
to disable Java in the browser until Oracle addresses the issue. If you ha=
ve a Java plug-in in your browser, you can learn how to disable it
<a href=3D"http://www.zdnet.com/how-to-disable-java-in-your-browser-on-wind=
ows-mac-7000009732/">
here</a>.</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; "><a href=3D"http://www.zdnet.com=
/oracle-investigating-after-two-more-java-7-zero-day-flaws-found-7000011965=
">Read the full story online</a>.</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">-------------------------------=
------------------------</p>
<p style=3D"margin: 0px; font-size: 14px; ">4. Future of Security Doomed fo=
r Failure?</p>
<p style=3D"margin: 0px; font-size: 14px; ">-------------------------------=
------------------------</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">Speaking at the 2013 RSA Confer=
ence last week, Mike Fey, CTO of McAfee said that many companies just aren'=
t ready for the sophisticated attacks headed their way these days.</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">Basically, Fey suggested that b=
ased on the way the enterprise landscape looks now, we're on our way to com=
plete breakdown if companies don't change their security strategies immedia=
tely.</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; "><a href=3D"http://www.zdnet.com=
/mcafee-cto-current-security-landscape-is-on-its-way-to-failure-7000011914"=
>Read the full article online</a>.</p>
<p style=3D"margin: 0px; font-size: 14px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; "></p>
<p style=3D"margin: 0px; font-family: Arial; ">=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p=
>
<p style=3D"margin: 0px; font-family: Arial; ">Read all Security FYI Newsle=
tter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/">http://securityfyi.wordpress.=
com/</a>.</p>
<p style=3D"margin: 0px; font-family: Arial; ">=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p=
>
<p style=3D"margin: 0px; font-family: Arial; "><br>
</p>
<p></p>
<p style=3D"margin: 0px; font-size: 14px; "><br>
</p>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F252BBE35OC11EXPO24excha_--
--===============1324819906==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1324819906==--
