[IS&T Security-FYI] SFYI Newsletter, July 13, 2009
Monique Yeaton
myeaton at MIT.EDU
Mon Jul 13 15:32:27 EDT 2009
In this issue:
1. July 2009 Security Patches
2. iPhone SMS Vulnerability
3. IT Security Website Relaunched
4. Event: Ethical Hacking and Systems Defense Workshop
-------------------------------------
1. July 2009 Security Patches
-------------------------------------
---- Microsoft ----
In an advance notification, Microsoft announced this month's security
bulletin will be releasing 3 critical and 3 important security
bulletins on July 14. Applications affected:
* Microsoft Windows (multiple versions)
* Microsoft Virtual PC (multiple versions)
* Microsoft Internet Security and Acceleration Server 2006
* Microsoft Office Publisher 2007
Read the advance notification in full here: <http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx
>
Microsoft is also aware of vulnerabilities in Microsoft Video Active X
Control <http://www.microsoft.com/technet/security/advisory/
972890.mspx> and Microsoft Office Web Components Control <http://www.microsoft.com/technet/security/advisory/973472.mspx
>, both of which will not be addressed in the monthly bulletin.
Suggested actions have been posted on both advisories.
---- Apple ----
Apple Safari Update: Apple has released an updated version of its
Safari web browser to address two security flaws. One is a cross-site
scripting flaw; the other is a memory corruption issue that could be
exploited to crash the browser or execute arbitrary code. The new
version of Safari also addresses a number of stability issues. Users
are urged to upgrade to Safari 4.0.2.
Read details here: <http://support.apple.com/kb/HT3666>
The Safari update can be downloaded here: <http://support.apple.com/downloads/
> or from Software Update.
-----------------------------------
2. iPhone SMS Vulnerability
-----------------------------------
At the SyScan conference in Singapore earlier this month, OS X
security expert Charlie Miller disclosed a hole that would let
attackers "run software code on the phone that is sent by SMS over a
mobile operator's network in order to monitor the location of the
phone using GPS, turn on the phone's microphone to eavesdrop on
conversations, or make the phone join a distributed denial of service
attack or a botnet." Mr. Miller is planning to detail the
vulnerability in full at the upcoming Black Hat conference, but Apple
is hoping to have it patched by the end of this month.
Read the full story here: <http://tech.yahoo.com/news/pcworld/20090702/tc_pcworld/applepatchingserioussmsvulnerabilityoniphone
>
--------------------------------------------
3. IT Security Website Relaunched
--------------------------------------------
Last week the IT Security @ MIT website moved from <http://web.mit.edu/ist/topics/security/
> to <http://ist.mit.edu/security>, with a new design and content
organization. The new site is still a work in progress and we are
working on new content all the time.
Please help us make this site as useful for the MIT community as
possible.
Tell us what you would like to see! Post a comment here on our wiki
page: <https://wikis.mit.edu/confluence/x/X1CXAg> (MIT certificate
required). If you can't access the page, please email me your comments
at myeaton at mit.edu.
Some things we'd like to add in the near future are:
* a news feature, possibly including an online version of Security-FYI
(this email newsletter)
* helpful step-by-step tips relating to security practices
* short "captivate" videos with security-related demos
--------------------------------------------------------------------------
4. Event: Ethical Hacking and Systems Defense Workshop
--------------------------------------------------------------------------
Harvard University is hosting a hands-on, 3-day intensive workshop on
the methodologies and application of hacking concepts and techniques.
This workshop introduces students to footprinting, scanning, gaining
and maintaining access, covering tracks, and securing their own
systems. For more information about the course see the PDF file at:
<http://www.ittrainingsolutions.net/ethicalhacking&systemdefense.pdf>
The when and where: August 10-12, 2009, 8:00 AM to 9:30 PM. Harvard
University, Radcliffe Institute for Advanced Study, 10 Garden St,
Cambridge, MA 02138.
=
=
=
========================================================================
Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090713/c6260378/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1846 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090713/c6260378/attachment.bin
More information about the ist-security-fyi
mailing list