[IS&T Security-FYI] Newsletter, December 21, 2007
Monique Yeaton
myeaton at MIT.EDU
Fri Dec 21 11:10:45 EST 2007
In this issue:
1. Apple Security Update
2. Reminder: Firewall Settings in WIN domain changing
3. Tip of the Week: Phone Scams Gaining Momentum
4. New Newsletter Format
--------------------------------
1. Apple Security Update
--------------------------------
Systems Affected:
* Apple Mac OS X versions prior to and including 10.4.11 and 10.5.1*
* Apple Mac OS X Server versions prior to and including 10.4.11 and
10.5.1*
Apple Fixes Leopard, Delivers Safari 3, and Updates Tiger. The
10.4.11 update for Tiger fixes various bugs in OS X, and includes
Apple's new Safari 3 browser which was released for Macs only; a
Windows update is still in testing by Apple.
Updated just 20 days after Leopard's release, the 10.5.1 update
addresses two security issues: a serious bug that could eat your
files if you tried copying them to an external drive and the transfer
was interrupted, and a confusing setting in Leopard's software firewall.
For full details on the 2007-009 Apple Security Update see: <http://
docs.info.apple.com/article.html?artnum=307179>
* IMPORTANT NOTE ABOUT SUPPORTED SOFTWARE:
Information Services & Technology (IS&T) at MIT does not recommend
our users to upgrade to Leopard at this time. TSM, SAPgui, and
VirusScan applications are currently being tested or do not yet have
a version that supports 10.5. Users who rely on these applications
will experience some safe computing and production issues if they
upgrade too early. For a full list of supported and unsupported
software, issues and workarounds see: <http://mit.edu/swrt/releases/
macosx/#issues>
Safari 3 is not currently supported by IS&T, however, the software
team has not encountered any issues in daily use or testing of
certificate authentication or viewing secure websites critical to
users at MIT.
----------------------------------------------------------------------
2. Reminder: Firewall Settings in WIN domain changing
----------------------------------------------------------------------
In October this year, IS&T announced the planned change to the domain
default for the workstation Windows Firewall policy at MIT. This
change will take place this weekend on the evening of December 22nd.
The change will not affect Windows Server 2003 machines and will only
affect users whose workstation is hosted by the WIN.MIT.EDU domain.
The decision to having Firewalls turned on by default was made when
testing showed that the Firewall would not cause problems with
certain applications. Firewalls help to block computer viruses and
worms from reaching your computer.
--------------------------------------------------------------------
3. Tip of the Week: Phone Scams Gaining Momentum
--------------------------------------------------------------------
We've heard the warnings of not giving your personal information
through email or an online web form unless you're absolutely sure who
is receiving it. But we don't always think that the risk applies to
other electronic formats. Have you ever given personal information to
someone on the phone? How are you sure that the person you're giving
your credit card information to is a legitimate person? Most often,
all we can do is trust that they are.
Due to this trust, scammers are using a combination of email messages
and phone tricks to illegitimately obtain your sensitive data. This
new form of scam has been gaining momentum in the past few years and
is called "vishing" (voice phishing). According to Cpt. Jack Prindle
of the Boone County Sheriff's Department in Northern Kentucky: "The
bad guys needed a different wrinkle, so now [they] get you to call a
machine."
Read the full story here:
<http://news.cincypost.com/apps/pbcs.dll/article?AID=/20071119/
NEWS01/711190375>
---------------------------------
4. New Newsletter Format
---------------------------------
This Security FYI newsletter has been around for a few years, within
the last year becoming more of a regular occurrence and with a solid
format. I'd like to take it to the next level, which is to make it
even easier and fun to read using a few graphics and fonts. To get my
readers' opinion I have posted a poll for them online.
Please take a minute to answer the one question on the poll: "Would
you like to receive (and/or view online) the IS&T Security FYI email
newsletter in a prettier, HTML format?" Note: Those who opt out of
viewing HTML emails will receive a plain text version instead.
The poll can be found here: <http://web.mit.edu/ist/topics/security/>
If you'd like to write in your opinion, please do so to
<myeaton at mit.edu>.
Monique
=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security
More information about the ist-security-fyi
mailing list