[IS&T Security-FYI] SFYI Newsletter, May 17, 2010

Monique Yeaton myeaton at MIT.EDU
Mon May 17 12:30:21 EDT 2010 

In this issue:

1. Security FYI is Becoming a Blog
2. Event: National Information Security Group, May 20
3. Tip of the Week: Protecting USB Drives from Malware


--------------------------------------------
1. Security FYI is Becoming a Blog
--------------------------------------------

For several years the issues of the Security FYI Newsletter have  
arrived in our email in-boxes through a Mailman list. To move with the  
times of Web 2.0, the writers of the newsletter have now duplicated  
the articles online into a blog. For the present time, WordPress is  
hosting the content, but the plan by IS&T is to host the blog within  
the IS&T website and have it be incorporated with other IS&T news,  
hopefully by some time this summer.

I invite you to take a look and offer us feedback so that we can  
determine which features the blog should include to enhance its  
readership. Naturally, a blog will change the nature of the newsletter  
a bit. The online version of Security FYI would allow us to post  
videos and images, add articles more frequently, and build an archive  
where articles are searchable by category. We envision readers posting  
comments, sharing the articles with others, and possibly subscribing  
via RSS so they can be notified when a new article is posted.

There is no plan to get rid of the Mailman list in the near future as  
we understand some people still prefer to receive news via email.  
However, a blog will not necessarily cause the email version of the  
newsletter to become obsolete; the idea is just to offer more features  
and versatility.

Please visit the blog in its current format and let us know what you  
think: <http://securityfyi.wordpress.com/>


--------------------------------------------------------------------
2. Event: National Information Security Group, May 20
--------------------------------------------------------------------

"Over 80% of the vulnerabilities that exist today come from flaws that  
reside in the application layer. The only effective way to stop these  
threats is to build security into applications." The SANS Institute.

This presentation on the extremely important topic of application  
security will focus on common mistakes that are systemic to  
organizations as gleaned from over a decade of application and  
development process assessments. It will address solutions that lead  
to direct cost savings and improvements to quality and compliance  
mandates.

Title: Charting the Course for Application Security: Five Costly  
Mistakes to Avoid
Date/time: Thursday, May 20, 2010 at 6:30 PM
Location:  Microsoft, 201 Jones Road, 6th Floor, Waltham, MA 02451
Cost: Free to the public

Reservations requested: Please send an e-mail to Meetings-Boston at naisg.org 
  indicating that you plan to attend so that the correct quantity of  
pizza can be ordered.

Presentation will include: A) Why is software still insecure and what  
are the underlying causes of application security problems?  B) What  
are the most common critical security mistakes, oversights, and tips  
for avoidance?  C) And what are the best practices to avoid pitfalls?

More information about the event can be found at National Information  
Security Group (NAISG) - Boston, MA Chapter <http://boston.naisg.org/meetings.asp 
 >


-----------------------------------------------------------------------
3. Tip of the Week: Protecting USB Drives from Malware
-----------------------------------------------------------------------

USB flash drives, those little devices we put our files on when we  
need to transport them easily, are prone to infection, especially if  
we plug them into computers that are not in our control. We might do  
this frequently without thinking about the risk: at our local print  
shop, a hotel kiosk, a computer lab, or some other poorly managed  
computer system. Many of us don't think about the possibility that a  
virus on a computer could spread to one of those memory sticks and in  
turn, infect the next computer it comes into contact with.

There is an easy and practical solution to this risk. Buy a USB flash  
drive with a write-protect switch and flip in on to write-protect mode  
before sticking it into a strange computer. Similar to write  
protection on the old floppy disks and zip disks, this protects the  
drive from being overwritten and will also protect it from accidental  
erasure and deletion. Find these drives by doing a quick search on  
Froogle with the term "usb drive with write protect mode" or by going  
to your local office supply or computer supply store.


= 
= 
= 
========================================================================

Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB 
 >


Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100517/04d6dffc/attachment.htm

More information about the ist-security-fyi mailing list