[IS&T Security-FYI] SFYI Newsletter, February 28, 2011

Mon Feb 28 16:31:58 EST 2011

In this issue:

1. Microsoft Releases Windows 7 Service Pack 1

2. Tip of the Week: Computers in Public Spaces

-------------------------------------------------------------

1. Microsoft Releases Windows 7 Service Pack 1

-------------------------------------------------------------

Microsoft has released Windows 7 Service Pack 1 (SP1) and, as of February 22, is available for download from Microsoft. It will be released via the Windows Update service at an as yet non-specified date.

IS&T strongly recommends Windows users at MIT to WAIT to install the service pack until it becomes available via the MIT Windows Automatic Update Service (WAUS) at <http://ist.mit.edu/services/os/windows/updates>.

If you are not using WAUS, IS&T recommends subscribing to it to prevent your machine from getting SP1 before support becomes available. IT staff in departments, labs and centers (DLCs) should test SP1 in their own environments to ensure it is compatible with their supported applications and services. IS&T will work with the DLCs to help find solutions if there are any problems.

If you do intend to download the service pack prior to support becoming available, it is a good idea to back up your data before installing. Service packs have been known to crash systems for one reason or another.

For help or to share your findings with the Software Release Team, send mail to windows7-release at mit.edu.

-------------------------------------------------------------

2. Tip of the Week: Computers in Public Spaces

-------------------------------------------------------------

Computers in Internet cafes, public libraries and other public places constitute a great risk to security. As a news article about a library in the UK illustrates (see link below), it is fairly easy to add devices containing keystroke loggers to public computers. These devices can capture any kind of sensitive information you type into the keyboard, such as the log on information for your online accounts, applications for items such as a passport or driver's license that contain personal information, and bank or credit card information when making online purchases. Because the keystroke logging devices can capture information despite a website's encryption feature, they can do quite a bit of damage, leading to identity theft and fraud.

What can you do about staying safe when using unsure public computers?

 *   Be aware of what is plugged into the computer's ports and connected to the computer's wires. Are the ports visible? If a USB device is plugged in, don't use the computer. Also look for anything added between the keyboard's chord and the port.
 *   If the ports or wires are not visible and you need to use a public computer, don't use it for going into any personal accounts, such as Facebook, your bank, or your email.
 *   If you temporarily don't have access to your own computer and need to use an unsure public computer for accessing a personal account, change your password using a private computer within a day of last logging into the account.
 *   Do not use an unsure public computer to enter your debit or credit card information into online forms.

Read the story in the news:

<http://www.h-online.com/security/news/item/Hardware-keyloggers-found-in-public-libraries-1190097.html>

========================================================================================

To read all current and archived articles online, visit the Security-FYI Blog at <http://securityfyi.wordpress.com/>

Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

The IT Security Team moved on 2/11/11: Come see us in our new location at W92-236.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20110228/59f5a6df/attachment.htm