[IS&T Security-FYI] SFYI Newsletter, May 1, 2009
Monique Yeaton
myeaton at MIT.EDU
Fri May 1 15:06:35 EDT 2009
NOTE:
Newsletter Archive: This newsletter is now being archived in the
Hermes knowledge base. To find older issues of this newsletter, you
can now go here: <http://kb.mit.edu/confluence/x/ehBB>
In this issue:
1. Recent Security Updates
2. Fighting Spam at MIT Just Got Better
3. Minimizing Risk When Downloading
--------------------------------------
1. Recent Security Updates
--------------------------------------
---- Microsoft ----
Microsoft released the 2007 Microsoft Office Suite Service Pack 2
(SP2) which provides the latest updates to the 2007 Office suite.
Updates include previously unreleased fixes that were made
specifically for this service pack and all of the public updates,
security updates, cumulative updates, and hot fixes released through
February 2009.
Supported Systems:
Windows Server 2003 Service Pack 2
Windows Server 2008
Windows Vista Service Pack 1
Windows XP Service Pack 3
It can be downloaded from this page <http://www.microsoft.com/downloads/details.aspx?FamilyID=b444bf18-79ea-46c6-8a81-9db49b4ab6e5&displaylang=en
> or through the Windows software update service on your computer.
---- Mozilla ----
Firefox 3.0.10 was released by Mozilla. This update fixes two security
bugs in the 3.0.9 version of the browser. It can be downloaded from
the Firefox page here:
<http://www.mozilla.com/en-US/firefox/firefox.html> or through the
update service within the browser.
-------------------------------------------------------
2. Fighting Spam at MIT Just Got Better
-------------------------------------------------------
Although by late last year the amount of spam being sent worldwide
decreased significantly after the McColo shut down episode [Wikipedia
article: http://en.wikipedia.org/wiki/McColo], it appears that now
spam numbers have risen back to almost pre-McColo levels.
IS&T at MIT has addressed the problem by providing a new tool to catch
spam called Symantec Spam Quarantine. The spam screening service that
was already in place will be phased out over the summer of 2009 and
users are now recommended to begin using the new Spam Quarantine
service.
Curious to see how well this service works, I signed up and have not
been disappointed. After about a week of using the service, literally
NO spam has bypassed the filter and made it into my in box. In the
beginning some spam still made it through, but after a few days that
fixed itself. Each morning I receive an email from the service showing
me a list of every email that was pushed into quarantine. If a
legitimate email gets caught in quarantine, you can release it and the
sender will be added to your permitted list.
At the moment there is no easy way to move your previously created
"allowed" list to the new service. I simply copied and pasted mine,
which you can do in bulk, but you must make sure to add commas between
the addresses.
You can enable Symantec Spam Quarantine here: <https://nic-too.mit.edu/cgi-bin/spamscreen
>.
Once signed up, your old spamscreen folder will no longer be catching
spam and all spam will go into the quarantine. For additional
information on the service please see:
<http://web.mit.edu/ist/topics/email/nospam/spamquarantine.html>
If you have any comments or questions about the service, you can send
them to <bowser at mit.edu>.
-----------------------------------------------------
3. Minimizing Risk When Downloading
-----------------------------------------------------
Getting malware installed on a computer is easy enough without doing
it intentionally. Often when you've gotten infected from visiting the
Internet, the solutions you find online are ones that might infect
your computer even further (see my article two weeks ago on
"Scareware" which talks about how users get duped into downloading
what they think is a cure for their infected computer but then creates
more problems).
The article posted below talks about one approach that will reduce the
risk when downloading unknown software from the Internet.
Read the article here:
<http://blogs.techrepublic.com.com/networking/?p=801>
NOTE: Generally, we recommend to NOT download any unknown software
from the Internet, especially onto a business machine or a machine
containing sensitive data. But if you need to do this for instance on
a home computer, the author's point about taking the extra time to do
substantial research online about products BEFORE you download them,
is a good one.
=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security
---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you
for your password.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090501/cc1a4e3a/attachment.htm
More information about the ist-security-fyi
mailing list