[IS&T Security-FYI] SFYI Newsletter, September 15, 2009

Tue Sep 15 12:18:45 EDT 2009

In this issue:

1. Security Updates from Apple
2. And the Winners Are...
3. Wireless Hotspot Risks
4. Most Dangerous Web Sites

---------------------------------------
1. Security Updates from Apple
---------------------------------------

Between September 9 and 14, Apple released the following security  
updates:

  * Mac OS X 10.6.1 (for Snow Leopard)
  * iPhone 3.0.1
  * iPod Touch 1.1 through 3.0
  * QuickTime 7.6.4
  * Xsan 2.2

Apple has also released Security Update 2009-005 to address  
vulnerabilities in Mac OS X 10.4.11 and 10.5.8. It is recommended for  
all servers and improves the security of Mac OS X. Previous security  
updates have been incorporated into this security update. Side note:  
For those curious about what Xsan is, you can find out more here: <http://www.apple.com/xsan/whatisxsan.html 
 >.

NOTE: Snow Leopard (Mac OS X 10.6) has been released commercially,  
however IS&T at MIT urges the community to *wait* to upgrade until all  
issues with supported IS&T software have been reviewed and addressed.

You can obtain the patches via Software Update or from the Apple  
Downloads page <http://support.apple.com/downloads/>.

--------------------------------
2. And the Winners Are...
--------------------------------

Every year Educause <http://www.educause.edu/>, in coordination with  
Research Channel and Internet2, sponsors a security awareness poster  
and video competition for college students. Contestants submit a  
poster or video featuring a security awareness topic to Educause,  
which is  judged and posted online. Winners can receive cash prizes or  
an honorable mention. Topics that were featured this year include  
backing up files, strong passwords, internet relations, phishing and  
online scams.

See the winners and honorable mentions for this year's contest:
<http://www.researchchannel.org/securityvideo2009/>

--------------------------------
3. Wireless Hotspot Risks
--------------------------------

Wireless hotspots are making it easier for us to be connected at all  
times, even when on the road. Before you take your laptop on a trip,  
learn how you can avoid unsecured and bogus hotspots. Microsoft has  
pulled together seven tips on how to make working in unfamiliar public  
locations safer:

1. Do not assume public hotspots are secure.
2. Do not connect to unsecured wireless networks -- those that have no  
password requirement.
3. Scrutinize that hotspot before you connect to ensure it's legitimate.
4. Do not allow automatic connections to wireless networks.
5. Use a software firewall.
6. Disable file and printer sharing.
7. Consider removing sensitive information from your laptop.

More information on these tips can be found here:
<http://www.microsoft.com/atwork/remotely/hotspots.aspx>

--------------------------------------
4. Most Dangerous Web Sites
--------------------------------------

Symantec has put out a list of the most offensive web sites, i.e.  
those hosting the most malware. As can be expected, 48 of the top 100  
worst are adult-themed sites, but others featured diverse topics,  
ranging from deer hunting and catering to figure skating, electronics  
and legal services.

Forty of the sites had more than 20,000 threats, according to  
Symantec. The most offensive site was propagating 56,371 viruses. And  
three quarters of the sites on the list have been propagating malware  
for more than six months.

The worst part about this list is that many of the sites do not appear  
unsafe just by looking at them. You can also not depend on your  
browser's security tools to protect your computer 100%. Even if you  
follow the best security practices consistently, your computer might  
still become infected and you'll need an expert computer technician to  
clean it. If you find yourself in that situation, contact the IS&T  
Service Desk immediately <http://ist.mit.edu/support>.

Symantec's report is listed here:
<http://safeweb.norton.com/dirtysites>

If you want to know if a site is safe before visiting it, the page  
listed above has a search bar for entering a site address. If Symantec  
has a report on the site, it will come up showing what types of  
threats the site contains, if any.

= 
= 
= 
========================================================================

Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB 
 >

=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you  
for your password.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090915/d53f1642/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1846 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090915/d53f1642/attachment.bin