[5732] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, May 14, 2013
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Tue May 14 15:03:30 2013
Resent-From: ist-security-fyi@MIT.EDU
From: Monique Yeaton <myeaton@MIT.EDU>
To: ist-security-fyi <ist-security-fyi@MIT.EDU>
Date: Tue, 14 May 2013 19:01:06 +0000
Message-ID: <3ACED3B2A8CEFB4598A845F07FD4A05F2F28A6FD@OC11EXPO24.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0729770462=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============0729770462==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F28A6FDOC11EXPO24excha_"
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F28A6FDOC11EXPO24excha_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Microsoft Security Updates for May 2013
2. Ouch! Newsletter on Passwords
3. Security Awareness Videos
4. The Disasters of a Backup Failure
----------------------------------------------------------
1. Microsoft Security Updates for May 2013
----------------------------------------------------------
Today, Tuesday May 14, Microsoft is releasing ten security bulletins<http:/=
/technet.microsoft.com/en-us/security/bulletin/ms13-may> for newly discover=
ed vulnerabilities in the following systems:
* Internet Explorer
* .NET Framework
* Lync
* Microsoft Publisher, Word and Visio
* Windows Essentials
It is recommended to accept the updates if you are running Microsoft Window=
s XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, W=
indows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT.
MIT WAUS subscribers will receive the updates after they have been tested i=
n the MIT environment.
As usual, Microsoft is also releasing an updated version of the Microsoft W=
indows Malicious Software Removal Tool.
Two new advisories of vulnerabilities have also been posted: Update Rollup =
for ActiveX Kill Bits<http://technet.microsoft.com/en-us/security/advisory/=
2820197> and Vulnerability in Microsoft Malware Protection Engine<http://te=
chnet.microsoft.com/en-us/security/advisory/2846338>.
----------------------------------------------
2. Ouch! Newsletter on Passwords
----------------------------------------------
Passwords are one of the primary ways we prove who we are. This month's iss=
ue of Ouch! covers how to create strong passwords using pass phrases and th=
e best ways to protect them. You can download the English version (.pdf) he=
re<http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201305_en.p=
df>.
More tips on password strength can be found in the Knowledge Base<http://kb=
.mit.edu/confluence/pages/viewpage.action?pageId=3D7144415>.
----------------------------------------
3. Security Awareness Videos
----------------------------------------
SANS has regularly been posting a new security awareness video as part of a=
n effort to make every month security awareness month. These Securing the H=
uman videos will also be featured as part of the security courses soon to b=
e offered through the MIT Learning Center. Look for these courses in the on=
line catalog as they become available in the summer of 2013.
The newest Securing the Human video of the month from SANS is "Cloud Securi=
ty."<http://www.securingthehuman.org/resources/ncsam> This video explains w=
hat the Cloud is and how you can use it more securely.
-------------------------------------------------
4. The Disasters of a Backup Failure
-------------------------------------------------
Have you ever lost the latest work you had done on a file due to some kind =
of computer or software failure and realized you didn't back it up? Or mayb=
e somehow you deleted the one version of the file you had backed up?
Think of all the files you keep on your computer: work documents, personal =
documents, emails, music, photos, and home videos. Do you have second copie=
s of these stored somewhere so that, should disaster strike, you can restor=
e them?
If you haven't made second copies, then let's look at all the ways you coul=
d lose data easily: a residential fire, a stolen or lost laptop, a hard dri=
ve that crashes (which apparently occurs somewhere in the world every 15 se=
conds) or a computer virus!
Not scared yet? View this infographic from Online Backup Geeks<http://www.m=
actricksandtips.com/wp-content/uploads/2013/05/Backup-Battalion-Saves-World=
-From-Intergalactic-Data-Disasters-copy1.jpg> (click on the image to zoom i=
n) to see how major companies or organizations lost important data, includi=
ng the backup recordings of the Apollo 11 landing, Toy Story 2, and the per=
sonal phone data of T-Mobile customers nationwide.
Let us avoid these kinds of disasters. See how you, as an MIT community mem=
ber, can preserve your data and restore files using Tivoli Storage Manager<=
http://ist.mit.edu/backup>, a service provided by Information Services & Te=
chnology.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F28A6FDOC11EXPO24excha_
Content-Type: text/html; charset="us-ascii"
Content-ID: <D0FBA2FDAEE3E743954D46A4B25F58F1@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif; ">
<div>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; ">In thi=
s issue:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. Microsoft Security Up=
dates for May 2013</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. Ouch! Newsletter on P=
asswords</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. Security Awareness Vi=
deos</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">4. The Disasters of a Ba=
ckup Failure</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. Microsoft Security Up=
dates for May 2013</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Today, Tuesday May 14, M=
icrosoft is releasing ten
<a href=3D"http://technet.microsoft.com/en-us/security/bulletin/ms13-may">s=
ecurity bulletins</a> for newly discovered vulnerabilities in the following=
systems:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<ul>
<li style=3D"margin: 0px; font-family: Helvetica; ">Internet Explorer </li>=
<li style=3D"margin: 0px; font-family: Helvetica; ">.NET Framework </li><li=
style=3D"margin: 0px; font-family: Helvetica; ">Lync </li><li style=3D"mar=
gin: 0px; font-family: Helvetica; ">Microsoft Publisher, Word and Visio
</li><li style=3D"margin: 0px; font-family: Helvetica; ">Windows Essentials=
</li></ul>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Arial; ">It is recommended to accept =
the updates if you are running Microsoft Windows XP, Windows Server 2003, W=
indows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windo=
ws 8, Windows Server 2012, and Windows
RT.</p>
<p style=3D"margin: 0px; font-family: Arial; min-height: 16px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Arial; ">MIT WAUS subscribers will re=
ceive the updates after they have been tested in the MIT environment.</p>
<p style=3D"margin: 0px; font-family: Arial; min-height: 16px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Arial; ">As usual, Microsoft is also =
releasing an updated version of the Microsoft Windows Malicious Software Re=
moval Tool. </p>
<p style=3D"margin: 0px; font-family: Arial; min-height: 16px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Arial; ">Two new advisories of vulner=
abilities have also been posted:
<a href=3D"http://technet.microsoft.com/en-us/security/advisory/2820197">Up=
date Rollup for ActiveX Kill Bits</a> and
<a href=3D"http://technet.microsoft.com/en-us/security/advisory/2846338">Vu=
lnerability in Microsoft Malware Protection Engine</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. Ouch! Newsletter on P=
asswords</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Passwords are one of the=
primary ways we prove who we are. This month's issue of Ouch! covers how t=
o create strong passwords using pass phrases and the best ways to protect t=
hem. You can download the English
version (.pdf) <a href=3D"http://www.securingthehuman.org/newsletters/ouch=
/issues/OUCH-201305_en.pdf">
here</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">More tips on password st=
rength can be found in the
<a href=3D"http://kb.mit.edu/confluence/pages/viewpage.action?pageId=3D7144=
415">Knowledge Base</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. Security Awareness Vi=
deos</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">SANS has regularly been =
posting a new security awareness video as part of an effort to make every m=
onth security awareness month. These Securing the Human videos will also be=
featured as part of the security
courses soon to be offered through the MIT Learning Center. Look for these=
courses in the online catalog as they become available in the summer of 20=
13.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">The newest Securing the =
Human video of the month from SANS is
<a href=3D"http://www.securingthehuman.org/resources/ncsam">"Cloud Sec=
urity."</a> This video explains what the Cloud is and how you can use =
it more securely. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">4. The Disasters of a Ba=
ckup Failure</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Have you ever lost the l=
atest work you had done on a file due to some kind of computer or software =
failure and realized you didn't back it up? Or maybe somehow you deleted th=
e one version of the file you had
backed up? </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Think of all the files y=
ou keep on your computer: work documents, personal documents, emails, music=
, photos, and home videos. Do you have second copies of these stored somewh=
ere so that, should disaster strike,
you can restore them?</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">If you haven't made seco=
nd copies, then let's look at all the ways you could lose data easily: a re=
sidential fire, a stolen or lost laptop, a hard drive that crashes (which a=
pparently occurs somewhere in the
world every 15 seconds) or a computer virus!</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Not scared yet? View thi=
s <a href=3D"http://www.mactricksandtips.com/wp-content/uploads/2013/05/Bac=
kup-Battalion-Saves-World-From-Intergalactic-Data-Disasters-copy1.jpg">
infographic from Online Backup Geeks</a> (click on the image to zoom in) to=
see how major companies or organizations lost important data, including th=
e backup recordings of the Apollo 11 landing, Toy Story 2, and the personal=
phone data of T-Mobile customers
nationwide.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Let us avoid these kinds=
of disasters. See how you, as an MIT community member, can preserve your d=
ata and restore files using
<a href=3D"http://ist.mit.edu/backup">Tivoli Storage Manager</a>, a service=
provided by Information Services & Technology.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Arial; ">=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p=
>
<p style=3D"margin: 0px; font-family: Arial; ">Read all Security FYI Newsle=
tter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/">http://securityfyi.wordpress.=
com/</a>.</p>
<p style=3D"margin: 0px; font-family: Arial; ">=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p=
>
</div>
<div><span class=3D"Apple-style-span" style=3D"border-collapse: separate; f=
ont-family: Calibri; font-size: medium; border-spacing: 0px; "><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px; font-family: Helvetica; font-size: 14px; ">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; border=
-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse:=
separate; border-spacing: 0px; "><span class=3D"Apple-style-span" style=3D=
"border-collapse: separate; border-spacing: 0px; "><span class=3D"Apple-sty=
le-span" style=3D"border-collapse: separate; border-spacing: 0px; "><span c=
lass=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacin=
g: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separa=
te; border-spacing: 0px; font-size: 12px; ">
<div><br>
</div>
<div><br>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F28A6FDOC11EXPO24excha_--
--===============0729770462==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0729770462==--
