[IS&T Security-FYI] SFYI Newsletter, November 21, 2011

Mon Nov 21 14:48:06 EST 2011

In this issue:

1. Adobe Closed 12 Critical Holes in Flash

2. Touchstone Authentication: Developing Secure Sites

3. Workshop: Securing Information in Higher Ed

-----------------------------------------------------

1. Adobe Closed 12 Critical Holes in Flash

-----------------------------------------------------

Earlier this month Adobe issued a critical update for Flash player<http://www.adobe.com/support/security/bulletins/apsb11-28.html> to address a dozen flaws, some of which allow remote code execution. Flash version 11.1.102.55 is available for Windows, Mac, Linux and Solaris. Adobe has also released Flash version 11.1.102.59 for Android, which is expected to be the last time it updates Flash for mobile. In addition, Adobe has released AIR version 3.1.0.4880 for Windows, Mac, and Android. The company says it is not aware of any active attacks against these flaws at this time.

Get the newest version of Adobe Flash<http://get.adobe.com/flashplayer/>.

Read the full news story online<http://krebsonsecurity.com/2011/11/critical-flash-update-plugs-12-security-holes/>.

----------------------------------------------------------------------

2. Touchstone Authentication: Developing Secure Sites

----------------------------------------------------------------------

A few weeks ago I posted an article in this newsletter regarding malware and websites. Most malware lives on the Internet, hidden within a site's code. When building websites, developers need to be aware of how malware can be planted on sites that were built without security in mind.

To prevent these risks, DCAD/Web Services in IS&T has plug-ins/modules for both WordPress and Drupal that allow the site users to authenticate using MIT Touchstone or MIT Certificates. All systems developed and supported by DCAD/Web Services use one of those authentication methods. It is DCAD policy to use Touchstone for authentication on all its sites and the team recommends it as a development best practice.

DCAD/Web Services is a resource provided by IS&T for anyone requiring web services; the team also educates and supports other MIT web developers. More about Touchstone and how it is used at MIT, as well as instructions for developers, can be found in the DCAD Web Reference Guide<http://ist.mit.edu/services/web/reference/code/access-via-touchstone>.

-------------------------------------------------------------

3. Workshop: Securing Information in Higher Ed

-------------------------------------------------------------

NERCOMP, (www.nercomp.org) a New England affiliate of EDUCAUSE (www.educause.edu), provides workshops to members of educational institutions who are involved in information technology. This coming January, the organization is offering the following workshop that I think would be of interest to those who are concerned about the sensitive data we handle here at MIT on a daily basis:

"Open for Business, Closed for Hackers: The Challenges (and Solutions) of Securing Information in Higher Education"

Date: Jan. 13, 2012

Time: 9:00 am - 3:30 pm

Price: NERCOMP members $130; non-members $260

Location: Southbridge Hotel & Conference Center

Description:

Over the past ten years, advances in technology have allowed institutional leaders access to a wealth of new information to help guide decision making. While technology has provided valuable information to help the institution, its ability to cripple an institution is just as great, if not greater. At the end of the day, buildings can be repaired, classes rescheduled, systems restored from tape, but a security breach of your student/alumni data will damage your institution’s relationship with its students and alumni possibly causing them financial harm through identity theft. The loss of trust between the university and its student body will take years to repair.

This workshop will present multiple case studies on how institutions are dealing with the challenge of securing an “open campus” and protecting their data.

See the full schedule and registration information<http://www.nercomp.org/events/event_single.aspx?id=6952>.

===================================================================================

Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.

===================================================================================

Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20111121/65e3a50f/attachment.htm