[IS&T Security-FYI] Newsletter, December 21, 2007

Monique Yeaton myeaton at MIT.EDU
Fri Dec 21 11:10:45 EST 2007 

In this issue:

1. Apple Security Update
2. Reminder: Firewall Settings in WIN domain changing
3. Tip of the Week: Phone Scams Gaining Momentum
4. New Newsletter Format


--------------------------------
1. Apple Security Update
--------------------------------

Systems Affected:

  * Apple Mac OS X versions prior to and including 10.4.11 and 10.5.1*
  * Apple Mac OS X Server versions prior to and including 10.4.11 and  
10.5.1*

Apple Fixes Leopard, Delivers Safari 3, and Updates Tiger. The  
10.4.11 update for Tiger fixes various bugs in OS X, and includes  
Apple's new Safari 3 browser which was released for Macs only; a  
Windows update is still in testing by Apple.

Updated just 20 days after Leopard's release, the 10.5.1 update  
addresses two security issues: a serious bug that could eat your  
files if you tried copying them to an external drive and the transfer  
was interrupted, and a confusing setting in Leopard's software firewall.

For full details on the 2007-009 Apple Security Update see: <http:// 
docs.info.apple.com/article.html?artnum=307179>

* IMPORTANT NOTE ABOUT SUPPORTED SOFTWARE:
Information Services & Technology (IS&T) at MIT does not recommend  
our users to upgrade to Leopard at this time. TSM, SAPgui, and  
VirusScan applications are currently being tested or do not yet have  
a version that supports 10.5. Users who rely on these applications  
will experience some safe computing and production issues if they  
upgrade too early. For a full list of supported and unsupported  
software, issues and workarounds see: <http://mit.edu/swrt/releases/ 
macosx/#issues>

Safari 3 is not currently supported by IS&T, however, the software  
team has not encountered any issues in daily use or testing of  
certificate authentication or viewing secure websites critical to  
users at MIT.


----------------------------------------------------------------------
2. Reminder: Firewall Settings in WIN domain changing
----------------------------------------------------------------------

In October this year, IS&T announced the planned change to the domain  
default for the workstation Windows Firewall policy at MIT. This  
change will take place this weekend on the evening of December 22nd.  
The change will not affect Windows Server 2003 machines and will only  
affect users whose workstation is hosted by the WIN.MIT.EDU domain.  
The decision to having Firewalls turned on by default was made when  
testing showed that the Firewall would not cause problems with  
certain applications. Firewalls help to block computer viruses and  
worms from reaching your computer.


--------------------------------------------------------------------
3. Tip of the Week: Phone Scams Gaining Momentum
--------------------------------------------------------------------

We've heard the warnings of not giving your personal information  
through email or an online web form unless you're absolutely sure who  
is receiving it. But we don't always think that the risk applies to  
other electronic formats. Have you ever given personal information to  
someone on the phone? How are you sure that the person you're giving  
your credit card information to is a legitimate person? Most often,  
all we can do is trust that they are.

Due to this trust, scammers are using a combination of email messages  
and phone tricks to illegitimately obtain your sensitive data. This  
new form of scam has been gaining momentum in the past few years and  
is called "vishing" (voice phishing). According to Cpt. Jack Prindle  
of the Boone County Sheriff's Department in Northern Kentucky: "The  
bad guys needed a different wrinkle, so now [they] get you to call a  
machine."

Read the full story here:

<http://news.cincypost.com/apps/pbcs.dll/article?AID=/20071119/ 
NEWS01/711190375>


---------------------------------
4. New Newsletter Format
---------------------------------

This Security FYI newsletter has been around for a few years, within  
the last year becoming more of a regular occurrence and with a solid  
format. I'd like to take it to the next level, which is to make it  
even easier and fun to read using a few graphics and fonts. To get my  
readers' opinion I have posted a poll for them online.

Please take a minute to answer the one question on the poll: "Would  
you like to receive (and/or view online) the IS&T Security FYI email  
newsletter in a prettier, HTML format?" Note: Those who opt out of  
viewing HTML emails will receive a plain text version instead.

The poll can be found here: <http://web.mit.edu/ist/topics/security/>

If you'd like to write in your opinion, please do so to  
<myeaton at mit.edu>.


Monique

=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security

More information about the ist-security-fyi mailing list