[7821] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, July 16, 2013
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Tue Jul 16 16:20:14 2013
Resent-From: ist-security-fyi@MIT.EDU
From: Monique Yeaton <myeaton@MIT.EDU>
To: ist-security-fyi <ist-security-fyi@MIT.EDU>
Date: Tue, 16 Jul 2013 20:17:40 +0000
Message-ID: <3ACED3B2A8CEFB4598A845F07FD4A05F2F35045E@OC11EXPO24.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1336959546=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============1336959546==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F35045EOC11EXPO24excha_"
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F35045EOC11EXPO24excha_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Sophos Replaces McAfee at MIT
2. MIT Web Certificates Renewal Period
3. Kerberos Password Strengthening
4. July 2013 Security Updates from Apple and Microsoft
-----------------------------------------------
1. Sophos Replaces McAfee at MIT
-----------------------------------------------
There has been quite a bit of activity recently to improve information secu=
rity at the Institute. One such effort, initiated by Information Services &=
Technology, is aimed at providing the MIT community with a new malware pro=
tection product. After several months of testing, Sophos Anti-Virus was sel=
ected<http://ist.mit.edu/news/sophos_antivirus> by IS&T as the best solutio=
n.
As of July 1, you can download Sophos<http://ist.mit.edu/software-hardware?=
type=3D16> to a Mac, PC or Linux machine; documentation on installing and u=
sing Sophos has been added to The Knowledge Base<https://kb.mit.edu/conflue=
nce/display/category/Sophos+Anti-Virus>.
Sophos is replacing the malware protection products by McAfee. One of the m=
ost important differences between the two is that Sophos comes with console=
management, which provides IT administrators with some useful intelligence=
, including notifications when malware has been detected on machines. The s=
oftware has also shown to run more quietly (and almost invisibly) in the ba=
ckground.
Please contact the IS&T Help Desk<http://ist.mit.edu/help> for any question=
s or concerns.
-----------------------------------------------------
2. MIT Web Certificates Renewal Period
------------------------------------------------------
As happens each year around this time, your MIT personal web certificate re=
quires renewal. Certificates will expire on July 31, 2013. To ensure contin=
ued access to MIT's secure web applications, such as Benefits, SAPweb, WebS=
IS, COEUS Lite, and ePaystubs, plan to renew in the coming weeks.
Certificates are a safe way for our web applications to identify you withou=
t you needing to type in a username and password. They must be installed on=
each browser for each computer that you use for accessing certificate-prot=
ected sites.
This KB article<https://kb.mit.edu/confluence/display/istcontrib/Certificat=
es+at+MIT> can help you install/renew your certificates or troubleshoot any=
problems you encounter. If you still need help, please contact the IS&T He=
lp Desk<http://ist.mit.edu/help>.
Because certificates may give you access to sensitive information, it's imp=
ortant to protect them with a strong Kerberos password. Please note that th=
is year you may need to update your Kerberos password if you have not chang=
ed it in over a year. Additional information on new password requirements a=
re mentioned in the article below.
--------------------------------------------------
3. Kerberos Password Strengthening
--------------------------------------------------
As part of the broader effort to strengthen campus security<http://web.mit.=
edu/newsoffice/2013/ruiz-letter-on-strengthened-campus-security-0402.html>,=
MIT has implemented some changes to certificate renewals and Kerberos pass=
words<http://ist.mit.edu/news/strong_passwords>. This includes:
* Stronger password requirements
* Password expiration policies tied to certificate renewal
This year when you renew your web certificate, you may notice that you will=
be required to change your password if it is more than a year old.
This article by IS&T<http://ist.mit.edu/news/strong_passwords> explains the=
changes and what this means for you and the MIT community.
We understand that it can be a challenge to choose a password you can remem=
ber and that is strong enough to meet the strength requirements. For more d=
etails on creating strong passwords and pass phrases, see this Strong Passw=
ords article<http://kb.mit.edu/confluence/display/istcontrib/Strong+Passwor=
ds> in the Knowledge Base.
--------------------------------------------------------------------------
4. July 2013 Security Updates from Apple and Microsoft
---------------------------------------------------------------------------
Microsoft
On July 9th, Microsoft released seven security bulletins<http://technet.mic=
rosoft.com/en-us/security/bulletin/ms13-jul> that address multiple critical=
vulnerabilities. The systems affected include: Microsoft Windows, .NET Fra=
mework, Silverlight, Office, Visual Studio, Lync, Internet Explorer and Win=
dows Defender.
It is recommended to accept the updates. MIT WAUS subscribers will receive =
the updates after they have been tested in the MIT environment.
Apple
On July 2nd, Apple released Security Update 2013-003<http://support.apple.c=
om/kb/HT1222> to address flaws in Snow Leopard (Mac OS X 10.6.8), Snow Leop=
ard Server, Lion (10.7.5), Lion Server and Mountain Lion (10.8.4). The flaw=
s are primarily in the QuickTime player. Details of the security content of=
the update can be read here<http://support.apple.com/kb/HT5806>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F35045EOC11EXPO24excha_
Content-Type: text/html; charset="us-ascii"
Content-ID: <87D5C916812987408FE0AB5CAB1608A9@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif; ">
<div>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; ">In thi=
s issue:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. Sophos Replaces McAfe=
e at MIT</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. MIT Web Certificates =
Renewal Period</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. Kerberos Password Str=
engthening</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">4. July 2013 Security Up=
dates from Apple and Microsoft</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-----------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. Sophos Replaces McAfe=
e at MIT</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-----------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">There has been quite a b=
it of activity recently to improve information security at the Institute. O=
ne such effort, initiated by Information Services & Technology, is aime=
d at providing the MIT community with
a new malware protection product. After several months of testing, <a href=
=3D"http://ist.mit.edu/news/sophos_antivirus">
Sophos Anti-Virus was selected</a> by IS&T as the best solution. <=
/p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">As of July 1, you can <a=
href=3D"http://ist.mit.edu/software-hardware?type=3D16">
download Sophos</a> to a Mac, PC or Linux machine; documentation on install=
ing and using Sophos has been added to
<a href=3D"https://kb.mit.edu/confluence/display/category/Sophos+Anti-V=
irus">The Knowledge Base</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Sophos is replacing the =
malware protection products by McAfee. One of the most important difference=
s between the two is that Sophos comes with console management, which provi=
des IT administrators with some useful
intelligence, including notifications when malware has been detected on ma=
chines. The software has also shown to run more quietly (and almost invisib=
ly) in the background.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Please contact the <a hr=
ef=3D"http://ist.mit.edu/help">
IS&T Help Desk</a> for any questions or concerns.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-----------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. MIT Web Certificates =
Renewal Period</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">As happens each year aro=
und this time, your MIT personal web certificate requires renewal. Certific=
ates will expire on July 31, 2013. To ensure continued access to MIT's secu=
re web applications, such as Benefits,
SAPweb, WebSIS, COEUS Lite, and ePaystubs, plan to renew in the coming wee=
ks. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Certificates are a safe =
way for our web applications to identify you without you needing to type in=
a username and password. They must be installed on each browser for each c=
omputer that you use for accessing
certificate-protected sites.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"https://kb.mi=
t.edu/confluence/display/istcontrib/Certificates+at+MIT">This KB ar=
ticle</a> can help you install/renew your certificates or troubleshoot any =
problems you encounter. If you still need help,
please contact the <a href=3D"http://ist.mit.edu/help">IS&T Help Desk<=
/a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Because certificates may=
give you access to sensitive information, it's important to protect them w=
ith a strong Kerberos password. Please note that this year you may need to =
update your Kerberos password if you
have not changed it in over a year. Additional information on new password=
requirements are mentioned in the article below.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
--------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. Kerberos Password Str=
engthening</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
--------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">As part of the broader e=
ffort to
<a href=3D"http://web.mit.edu/newsoffice/2013/ruiz-letter-on-strengthened-c=
ampus-security-0402.html">
strengthen campus security</a>, MIT has implemented some <a href=3D"http://=
ist.mit.edu/news/strong_passwords">
changes to certificate renewals and Kerberos passwords</a>. This includes:<=
/p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<ul>
<li style=3D"margin: 0px; font-family: Helvetica; ">Stronger password requi=
rements </li><li style=3D"margin: 0px; font-family: Helvetica; ">Password e=
xpiration policies tied to certificate renewal
</li></ul>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">This year when you renew=
your web certificate, you may notice that you will be required to change y=
our password if it is more than a year old.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://ist.mi=
t.edu/news/strong_passwords">This article by IS&T</a> explains the chan=
ges and what this means for you and the MIT community. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">We understand that it ca=
n be a challenge to choose a password you can remember and that is strong e=
nough to meet the strength requirements. For more details on creating stron=
g passwords and pass phrases, see
this <a href=3D"http://kb.mit.edu/confluence/display/istcontrib/Strong+=
;Passwords">
Strong Passwords article</a> in the Knowledge Base.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
--------------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">4. July 2013 Security Up=
dates from Apple and Microsoft</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
---------------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><b>Microsoft</b></p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">On July 9th, Microsoft r=
eleased seven
<a href=3D"http://technet.microsoft.com/en-us/security/bulletin/ms13-jul">s=
ecurity bulletins</a> that address multiple critical vulnerabilities. The s=
ystems affected include: Microsoft Windows, .NET Framework, Silverlight, Of=
fice, Visual Studio, Lync, Internet
Explorer and Windows Defender.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">It is recommended to acc=
ept the updates. MIT WAUS subscribers will receive the updates after they h=
ave been tested in the MIT environment. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><b>Apple</b></p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">On July 2nd, Apple relea=
sed <a href=3D"http://support.apple.com/kb/HT1222">
Security Update 2013-003</a> to address flaws in Snow Leopard (Mac OS X 10.=
6.8), Snow Leopard Server, Lion (10.7.5), Lion Server and Mountain Lion (10=
.8.4). The flaws are primarily in the QuickTime player. Details of the secu=
rity content of the update can be
read <a href=3D"http://support.apple.com/kb/HT5806">here</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Arial; ">=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p=
>
<p style=3D"margin: 0px; font-family: Arial; ">Read all Security FYI Newsle=
tter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/">http://securityfyi.wordpress.=
com/</a>.</p>
<p style=3D"margin: 0px; font-family: Arial; ">=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p=
>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
</div>
<div><span class=3D"Apple-style-span" style=3D"border-collapse: separate; f=
ont-family: Calibri; font-size: medium; border-spacing: 0px; "><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px; font-family: Helvetica; font-size: 14px; ">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; border=
-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse:=
separate; border-spacing: 0px; "><span class=3D"Apple-style-span" style=3D=
"border-collapse: separate; border-spacing: 0px; "><span class=3D"Apple-sty=
le-span" style=3D"border-collapse: separate; border-spacing: 0px; "><span c=
lass=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacin=
g: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separa=
te; border-spacing: 0px; font-size: 12px; ">
<div><br>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F35045EOC11EXPO24excha_--
--===============1336959546==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1336959546==--
