[IS&T Security-FYI] SFYI Newsletter, May 3, 2010

Monique Yeaton myeaton at MIT.EDU
Mon May 3 14:22:03 EDT 2010 

In this issue:

1. Microsoft Security Update Re-Released
2. MIT's Response to Data Protection Law
3. Tip of the Week: Risky Cyber Cafe Computers


-----------------------------------------------------
1. Microsoft Security Update Re-Released
-----------------------------------------------------

Microsoft has released a new version of MS10-025, the security update  
that was ineffective in protecting computers from a remote code  
execution flaw in Windows 2000 computers running Windows Media Services.

The original version of the fix, released on Tuesday, April 13, was  
pulled last week; the updated version was released on Tuesday, April  
27. The flaw is rated critical, but affects only Windows 2000 users  
running
Windows Media Services.

The full news story is here: <http://www.pcworld.com/businesscenter/article/195072/microsoft_rereleases_botched_windows_2000_update.html 
 >

The Microsoft security bulletin: <http://www.microsoft.com/technet/security/bulletin/ms10-025.mspx 
 >

[Source: SANS.org]


-----------------------------------------------------
2. MIT's Response to Data Protection Law
-----------------------------------------------------

With the new regulations for protecting the personal information of  
residents of Massachusetts (201 CMR 17) going into effect on March 1,  
2010, MIT has taken steps to ensure administrative, technical and  
physical safeguards are being implemented on campus. As a first step,  
MIT published a Written Information Security Program (WISP).

Starting this month and going forward, the IS&T Department, the Audit  
Division and the Office of General Council are working together to  
develop campus-wide communications, will continue meeting with areas  
where handling personal information is a business requirement, and is  
offering tools and technologies to comply with the security standards  
as outlined in 201 CMR 17.

One of the technologies mentioned in the standards is full disk  
encryption for laptops and portable devices containing personal  
information (currently mobile devices such as smart phones are not  
included). IS&T has now made PGP Desktop 10 available for Macintosh  
and Windows computers with limited support -- see the Available  
Software page <http://ist.mit.edu/services/software/available-software>.

Stay tuned for further information as the program moves forward. A  
brief review of current developments has been posted to the IS&T news  
page this morning <http://ist.mit.edu/news/wisp> and resources have  
been added to the Protecting Sensitive Information website <http://web.mit.edu/infoprotect/index.html 
 >.

If you have any questions, please address them to infoprotect at mit.edu.


--------------------------------------------------------------
3. Tip of the Week: Risky Cyber Cafe Computers
--------------------------------------------------------------

Cyber cafes offer a convenient way to use a networked computer when  
you are away from home or office. But be careful. It's impossible for  
an ordinary user to tell what the state of their security might be.  
Since anyone can use the computers for anything, they have probably  
been exposed to viruses, worms, Trojans, keyloggers, and other nasty  
malware. Should you use them at all? They're okay for casual web  
browsing, but they pose a risk for connecting to your email, which may  
contain personal information; to any secure system, like the network  
or server at your office, bank or credit union; or for shopping online.

If you do need to check or write email from a public computer, or  
check your bank account balance, know you are taking a risk and change  
your password immediately afterwards (from your private computer!) to  
protect yourself from shoulder surfers (people looking over your  
shoulder at your screen), keystroke loggers and other ways cyber  
criminals can steal your log-in information.

= 
= 
= 
========================================================================

Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB 
 >


Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100503/d5877e61/attachment.htm

More information about the ist-security-fyi mailing list