[IS&T Security-FYI] SFYI Newsletter, September 15, 2009
Monique Yeaton
myeaton at MIT.EDU
Tue Sep 15 12:18:45 EDT 2009
In this issue:
1. Security Updates from Apple
2. And the Winners Are...
3. Wireless Hotspot Risks
4. Most Dangerous Web Sites
---------------------------------------
1. Security Updates from Apple
---------------------------------------
Between September 9 and 14, Apple released the following security
updates:
* Mac OS X 10.6.1 (for Snow Leopard)
* iPhone 3.0.1
* iPod Touch 1.1 through 3.0
* QuickTime 7.6.4
* Xsan 2.2
Apple has also released Security Update 2009-005 to address
vulnerabilities in Mac OS X 10.4.11 and 10.5.8. It is recommended for
all servers and improves the security of Mac OS X. Previous security
updates have been incorporated into this security update. Side note:
For those curious about what Xsan is, you can find out more here: <http://www.apple.com/xsan/whatisxsan.html
>.
NOTE: Snow Leopard (Mac OS X 10.6) has been released commercially,
however IS&T at MIT urges the community to *wait* to upgrade until all
issues with supported IS&T software have been reviewed and addressed.
You can obtain the patches via Software Update or from the Apple
Downloads page <http://support.apple.com/downloads/>.
--------------------------------
2. And the Winners Are...
--------------------------------
Every year Educause <http://www.educause.edu/>, in coordination with
Research Channel and Internet2, sponsors a security awareness poster
and video competition for college students. Contestants submit a
poster or video featuring a security awareness topic to Educause,
which is judged and posted online. Winners can receive cash prizes or
an honorable mention. Topics that were featured this year include
backing up files, strong passwords, internet relations, phishing and
online scams.
See the winners and honorable mentions for this year's contest:
<http://www.researchchannel.org/securityvideo2009/>
--------------------------------
3. Wireless Hotspot Risks
--------------------------------
Wireless hotspots are making it easier for us to be connected at all
times, even when on the road. Before you take your laptop on a trip,
learn how you can avoid unsecured and bogus hotspots. Microsoft has
pulled together seven tips on how to make working in unfamiliar public
locations safer:
1. Do not assume public hotspots are secure.
2. Do not connect to unsecured wireless networks -- those that have no
password requirement.
3. Scrutinize that hotspot before you connect to ensure it's legitimate.
4. Do not allow automatic connections to wireless networks.
5. Use a software firewall.
6. Disable file and printer sharing.
7. Consider removing sensitive information from your laptop.
More information on these tips can be found here:
<http://www.microsoft.com/atwork/remotely/hotspots.aspx>
--------------------------------------
4. Most Dangerous Web Sites
--------------------------------------
Symantec has put out a list of the most offensive web sites, i.e.
those hosting the most malware. As can be expected, 48 of the top 100
worst are adult-themed sites, but others featured diverse topics,
ranging from deer hunting and catering to figure skating, electronics
and legal services.
Forty of the sites had more than 20,000 threats, according to
Symantec. The most offensive site was propagating 56,371 viruses. And
three quarters of the sites on the list have been propagating malware
for more than six months.
The worst part about this list is that many of the sites do not appear
unsafe just by looking at them. You can also not depend on your
browser's security tools to protect your computer 100%. Even if you
follow the best security practices consistently, your computer might
still become infected and you'll need an expert computer technician to
clean it. If you find yourself in that situation, contact the IS&T
Service Desk immediately <http://ist.mit.edu/support>.
Symantec's report is listed here:
<http://safeweb.norton.com/dirtysites>
If you want to know if a site is safe before visiting it, the page
listed above has a search bar for entering a site address. If Symantec
has a report on the site, it will come up showing what types of
threats the site contains, if any.
=
=
=
========================================================================
Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB
>
=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you
for your password.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090915/d53f1642/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1846 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090915/d53f1642/attachment.bin
More information about the ist-security-fyi
mailing list