[IS&T Security-FYI] SFYI Newsletter, July 13, 2009

Monique Yeaton myeaton at MIT.EDU
Mon Jul 13 15:32:27 EDT 2009 

In this issue:

1. July 2009 Security Patches
2. iPhone SMS Vulnerability
3. IT Security Website Relaunched
4. Event: Ethical Hacking and Systems Defense Workshop


-------------------------------------
1. July 2009 Security Patches
-------------------------------------

---- Microsoft ----

In an advance notification, Microsoft announced this month's security  
bulletin will be releasing 3 critical and 3 important security  
bulletins on July 14. Applications affected:

  * Microsoft Windows (multiple versions)
  * Microsoft Virtual PC (multiple versions)
  * Microsoft Internet Security and Acceleration Server 2006
  * Microsoft Office Publisher 2007

Read the advance notification in full here: <http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx 
 >

Microsoft is also aware of vulnerabilities in Microsoft Video Active X  
Control <http://www.microsoft.com/technet/security/advisory/ 
972890.mspx> and Microsoft Office Web Components Control <http://www.microsoft.com/technet/security/advisory/973472.mspx 
 >, both of which will not be addressed in the monthly bulletin.  
Suggested actions have been posted on both advisories.

---- Apple ----

Apple Safari Update: Apple has released an updated version of its  
Safari web browser to address two security flaws.  One is a cross-site  
scripting flaw; the other is a memory corruption issue that could be  
exploited to crash the browser or execute arbitrary code.  The new  
version of Safari also addresses a number of stability issues. Users  
are urged to upgrade to Safari 4.0.2.

Read details here: <http://support.apple.com/kb/HT3666>
The Safari update can be downloaded here: <http://support.apple.com/downloads/ 
 > or from Software Update.


-----------------------------------
2. iPhone SMS Vulnerability
-----------------------------------

At the SyScan conference in Singapore earlier this month, OS X  
security expert Charlie Miller disclosed a hole that would let  
attackers "run software code on the phone that is sent by SMS over a  
mobile operator's network in order to monitor the location of the  
phone using GPS, turn on the phone's microphone to eavesdrop on  
conversations, or make the phone join a distributed denial of service  
attack or a botnet." Mr. Miller is planning to detail the  
vulnerability in full at the upcoming Black Hat conference, but Apple  
is hoping to have it patched by the end of this month.

Read the full story here: <http://tech.yahoo.com/news/pcworld/20090702/tc_pcworld/applepatchingserioussmsvulnerabilityoniphone 
 >


--------------------------------------------
3. IT Security Website Relaunched
--------------------------------------------

Last week the IT Security @ MIT website moved from <http://web.mit.edu/ist/topics/security/ 
 >  to <http://ist.mit.edu/security>, with a new design and content  
organization. The new site is still a work in progress and we are  
working on new content all the time.

Please help us make this site as useful for the MIT community as  
possible.

Tell us what you would like to see! Post a comment here on our wiki  
page: <https://wikis.mit.edu/confluence/x/X1CXAg> (MIT certificate  
required). If you can't access the page, please email me your comments  
at myeaton at mit.edu.

Some things we'd like to add in the near future are:

* a news feature, possibly including an online version of Security-FYI  
(this email newsletter)
* helpful step-by-step tips relating to security practices
* short "captivate" videos with security-related demos


--------------------------------------------------------------------------
4. Event: Ethical Hacking and Systems Defense Workshop
--------------------------------------------------------------------------

Harvard University is hosting a hands-on, 3-day intensive workshop on  
the methodologies and application of hacking concepts and techniques.  
This workshop introduces students to footprinting, scanning, gaining  
and maintaining access, covering tracks, and securing their own  
systems. For more information about the course see the PDF file at:

<http://www.ittrainingsolutions.net/ethicalhacking&systemdefense.pdf>

The when and where: August 10-12, 2009, 8:00 AM to 9:30 PM. Harvard  
University, Radcliffe Institute for Advanced Study, 10 Garden St,  
Cambridge, MA  02138.



= 
= 
= 
========================================================================

Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB 
 >





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090713/c6260378/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1846 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090713/c6260378/attachment.bin

More information about the ist-security-fyi mailing list