[IS&T Security-FYI] SFYI Newsletter, May 3, 2010
Monique Yeaton
myeaton at MIT.EDU
Mon May 3 14:22:03 EDT 2010
In this issue:
1. Microsoft Security Update Re-Released
2. MIT's Response to Data Protection Law
3. Tip of the Week: Risky Cyber Cafe Computers
-----------------------------------------------------
1. Microsoft Security Update Re-Released
-----------------------------------------------------
Microsoft has released a new version of MS10-025, the security update
that was ineffective in protecting computers from a remote code
execution flaw in Windows 2000 computers running Windows Media Services.
The original version of the fix, released on Tuesday, April 13, was
pulled last week; the updated version was released on Tuesday, April
27. The flaw is rated critical, but affects only Windows 2000 users
running
Windows Media Services.
The full news story is here: <http://www.pcworld.com/businesscenter/article/195072/microsoft_rereleases_botched_windows_2000_update.html
>
The Microsoft security bulletin: <http://www.microsoft.com/technet/security/bulletin/ms10-025.mspx
>
[Source: SANS.org]
-----------------------------------------------------
2. MIT's Response to Data Protection Law
-----------------------------------------------------
With the new regulations for protecting the personal information of
residents of Massachusetts (201 CMR 17) going into effect on March 1,
2010, MIT has taken steps to ensure administrative, technical and
physical safeguards are being implemented on campus. As a first step,
MIT published a Written Information Security Program (WISP).
Starting this month and going forward, the IS&T Department, the Audit
Division and the Office of General Council are working together to
develop campus-wide communications, will continue meeting with areas
where handling personal information is a business requirement, and is
offering tools and technologies to comply with the security standards
as outlined in 201 CMR 17.
One of the technologies mentioned in the standards is full disk
encryption for laptops and portable devices containing personal
information (currently mobile devices such as smart phones are not
included). IS&T has now made PGP Desktop 10 available for Macintosh
and Windows computers with limited support -- see the Available
Software page <http://ist.mit.edu/services/software/available-software>.
Stay tuned for further information as the program moves forward. A
brief review of current developments has been posted to the IS&T news
page this morning <http://ist.mit.edu/news/wisp> and resources have
been added to the Protecting Sensitive Information website <http://web.mit.edu/infoprotect/index.html
>.
If you have any questions, please address them to infoprotect at mit.edu.
--------------------------------------------------------------
3. Tip of the Week: Risky Cyber Cafe Computers
--------------------------------------------------------------
Cyber cafes offer a convenient way to use a networked computer when
you are away from home or office. But be careful. It's impossible for
an ordinary user to tell what the state of their security might be.
Since anyone can use the computers for anything, they have probably
been exposed to viruses, worms, Trojans, keyloggers, and other nasty
malware. Should you use them at all? They're okay for casual web
browsing, but they pose a risk for connecting to your email, which may
contain personal information; to any secure system, like the network
or server at your office, bank or credit union; or for shopping online.
If you do need to check or write email from a public computer, or
check your bank account balance, know you are taking a risk and change
your password immediately afterwards (from your private computer!) to
protect yourself from shoulder surfers (people looking over your
shoulder at your screen), keystroke loggers and other ways cyber
criminals can steal your log-in information.
=
=
=
========================================================================
Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB
>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100503/d5877e61/attachment.htm
More information about the ist-security-fyi
mailing list