[IS&T Security-FYI] Newsletter, February 8, 2008

Fri Feb 8 11:46:09 EST 2008

In this issue:

1. IS&T Community Forum
2. Apple Quicktime Update 7.4.1
3. This Year's Resolutions

-----------------------------------
1. IS&T Community Forum
-----------------------------------

Come meet the IT Security Support team and other service groups who  
work out of the Information Services & Technology department at MIT!

This year's event, being held on Wednesday, February 13 from 3:00 to  
5:00 pm in W20-306 and W20-307, will feature a half hour presentation  
session and a Services Trade Show of 10 tables showcasing many of  
IS&T's community facing services. Community members will be able to  
engage with IS&T staff to learn more about the services, ask  
questions and give feedback. Light refreshments will be available.

Looking forward to seeing you there!

-------------------------------------------
2. Apple Quicktime Update 7.4.1
-------------------------------------------

It seems like just yesterday that Quicktime released security patch  
7.4. This week Apple released another update to address a newly  
discovered security vulnerability. By enticing a user to visit a  
maliciously crafted webpage, an attacker may cause an unexpected  
application termination or arbitrary code execution.

This update affects:

  * Mac OS X v10.3.9
  * Mac OS X v10.4.9 or later
  * Mac OS X v10.5 or later
  * Windows Vista, XP SP2

The update can be downloaded and installed via Software Update  
preferences or from Apple Downloads.
<http://www.apple.com/support/downloads/>

-----------------------------------
3. This Year's Resolutions
-----------------------------------

At the start of a new year, the resolutions we make often involve  
living healthier, working more efficiently, and doing those things  
that we've put off for so long.

How about applying those same ideas to computer security? If you want  
a healthy computer to prevent loss of work or time, and want to avoid  
identity theft or fraud, try these on for size:

THIS YEAR I WILL:

1. Install quality anti-virus software and enable the desktop firewall.
<http://web.mit.edu/ist/topics/virus/>
<http://web.mit.edu/ist/topics/security/firewall.html>

2. Patch and update my security software, operating system, and  
software applications regularly and appropriately.
<http://web.mit.edu/ist/topics/security/patch.html>

3. Learn how to recognize suspicious web addresses.
<http://cups.cs.cmu.edu/antiphishing_phil/quiz/index.html>

4. Be aware of security issues by keeping up with the news or through  
education.
<http://www.first.org/newsroom/globalsecurity/>
<http://www.sans.org/>

5. Be careful when using a wireless network.
<http://netsecurity.about.com/od/hackertools/a/aa072004b.htm>

THIS YEAR I WILL NOT:

1. Open email attachments unless I know who the sender is and what is  
in the attachment.

2. Click on links embedded in emails unless I know who sent the  
message, what the link is for and where it will take me.

3. Fall for official-looking emails that ask for personal or  
financial information.

4. Fall for free offers of copyrighted materials which may be tainted  
with malware, and may be illegal to use.
<http://web.mit.edu/ist/topics/security/copyright/>

5. Participate in online social networking, or allow my children to,  
without knowing the risks.
<http://www.netsmartz.org/>

Monique

=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security