[IS&T Security-FYI] SFYI Newsletter, July 12, 2010

Mon Jul 12 11:07:15 EDT 2010

In this issue:

1. Microsoft Security Updates for July 2010
2. US Falls Behind on CyberSecurity
3. Event: SANS Boston 2010
4. Tip of the Week: Protection from Identity Theft

------------------------------------------------------
1. Microsoft Security Updates for July 2010
------------------------------------------------------

On Tuesday, July 13, 2010, Microsoft will issue four security bulletins to address a total of five vulnerabilities.  Three of the bulletins have been rated critical; one has been rated important.

Systems affected:
Windows XP, Windows 7
Windows Server 2003, and 2008 R2
Microsoft Office XP, 2003 and 2007 (Mac OS X versions not affected)

All bulletins address remote code execution vulnerabilities. Among the flaws that will be addressed in this security update is a recently disclosed vulnerability in the Windows XP Help and Support Center.

Read the full bulletin:
<http://www.microsoft.com/technet/security/bulletin/ms10-jul.mspx>

----------------------------------------------
2. US Falls Behind on CyberSecurity
----------------------------------------------

According to a report released last week by the Government Accountability Office (GAO), the White House Office of Science and Technology Policy (OSTP) has so far failed to live up to its responsibility to coordinate a national cybersecurity research and development (R&D) agenda and risks falling behind other countries in cybersecurity matters.

Although the OSTP has taken steps toward developing such an agenda, the GAO notes the existing documents are either outdated or lack sufficient detail. There have been numerous calls for more centralized oversight and coordination of the R&D efforts over the years.

In response to the GAO report, the OSTP insisted it already has a five-year plan for cybersecurity research which is available online and will soon be updated (it is dated 2006). More plans will also be released in the days ahead, according to the OSTP.

Read the full story: <http://www.computerworld.com/s/article/9178959/GAO_slams_White_House_for_failing_to_lead_on_cybersecurity>

The GAO report: <http://www.gao.gov/new.items/d10466.pdf>

------------------------------------
3. Event: SANS Boston 2010
------------------------------------

SANS will be in Boston with audit, management and security training. Among the 11 courses are Hacker Techniques, Exploits and Incident Handling; Auditing Networks, Perimeters and Systems; Securing Windows; Computer Forensic Essentials; and Metasploit Kung Fu for Enterprise Pen Testing.

Where: Hyatt Regency Boston
When: August 2 - 9, 2010

See the details: <http://www.sans.org/boston-2010/>

--------------------------------------------------------------
4. Tip of the Week: Protection from Identity Theft
--------------------------------------------------------------

Have you ever had your wallet stolen or heard stories from friends or family members who went through this ordeal? Did you know that within days the thieves can order expensive monthly cell phone packages, apply for a VISA credit card using your ID, have a credit line approved to buy a computer, get a PIN number from DMV to change the victim's driving record information online, and more? 

So what to do if this happens to you:

Cancel your credit cards immediately. Keep the toll free numbers and your card numbers handy in a secure place so you know whom to call.
File a police report immediately. This proves to credit providers you were diligent, a first step toward an investigation.
Call the three national credit reporting organizations immediately to place a fraud alert on your name and Social Security number. The alert means any company that checks your credit has to contact you to authorize new credit.
Other tips and resources for protecting personal information can be found here:
<http://web.mit.edu/infoprotect/personalinfo.html>

===========================================================================

Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100712/e15600c8/attachment.htm