[IS&T Security-FYI] SFYI Newsletter, January 10, 2011

Mon Jan 10 13:02:26 EST 2011

In this issue:

1. January 2011 Microsoft Security Updates

2. Apple Security Updates

3. Want a Job in Information Security?

4. Browser History and Cache

-------------------------------------------------------

1. January 2011 Microsoft Security Updates

-------------------------------------------------------

This month's security update to be released on Tuesday, January 11, contains just two patches, addressing three vulnerabilities in all supported versions of Windows.

The update will NOT address a publicly known vulnerability in Internet Explorer (announced in late December) or the Windows Graphics Rendering Engine flaw, disclosed earlier this month. Both flaws are reportedly used in targeted attacks and users should look at the mitigation steps outlined in the advisories.

Read the full January security bulletin:

<http://www.microsoft.com/technet/security/bulletin/ms11-jan.mspx>

The IE vulnerability:

<http://www.scmagazineus.com/microsoft-confirms-ie-flaw-not-yet-being-exploited/article/193310/>

The Graphics Engine vulnerability:

<http://www.scmagazineus.com/microsoft-advises-of-zero-day-flaw-in-its-graphics-engine/article/193682/>

---------------------------------

2. Apple Security Updates

---------------------------------

Apple has released a major update for its Mac operating system. Mac OS X 10.6.6 offers improvements in stability, compatibility and security, including a fix for the man-in-the-middle attack that could force an application to quit or possibly allow the execution of arbitrary code. The update also coincides with the launch of the Mac App Store, which the updated operating system supports. The update can be downloaded through Software Update preferences or from the Apple Downloads webpage <http://www.apple.com/support/downloads/>.

------------------------------------------------

3. Want a Job in Information Security?

------------------------------------------------

Now's your opportunity. According to a recent article in the Washington Post, the federal government will be hiring IT security professionals by the busload in 2011 and beyond. The article states that the Department of Homeland Security worked with the Office of Personnel Management to "attain new authority to recruit and hire up to 1,000 cyber-security professionals across the department over the next three years to help fulfill DHS's broad mission to protect the nation's cyberinfrastructure, systems and networks."

If you are interested in these jobs, keep an eye on the USA Jobs website <http://usajobs.opm.gov> for openings.

Read the full article: <http://www.washingtonpost.com/wp-dyn/content/article/2010/12/29/AR2010122904362.html>

SANS for Security Training:

<http://www.sans.org/security-training.php>

--------------------------------------

4. Browser History and Cache

--------------------------------------

As more and more information moves from paper- to electronic-format, it is important to make sure that when you access sensitive information you do not leave behind an electronic paper-trail. This is especially important on shared and public computers or mobile devices because of their accessibility to others. IS&T offers some recommendations for your browser settings, including removing browser history and clearing the cache.

Read the full article: <http://ist.mit.edu/news/securedata>

===========================================================================================

To read all current and archived articles online, visit the Security-FYI Blog at <http://securityfyi.wordpress.com/>

Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20110110/72a52d05/attachment.htm