[IS&T Security-FYI] SFYI Newsletter, August 13, 2012
Monique Yeaton
myeaton at MIT.EDU
Mon Aug 13 16:16:20 EDT 2012
In this issue:
1. Microsoft Security Updates for August 2012
2. Virus Protection at MIT
3. FTC's Settlement With Google
-----------------------------------------------------------
1. Microsoft Security Updates for August 2012
-----------------------------------------------------------
On Tuesday, August 14, Microsoft will release nine security bulletins to address a total of 14 vulnerabilities. Five of the bulletins have maximum severity ratings of critical. The updates will affect:
* Exchange and SQL Server
* Windows
* Office
* Visual Basic
* Internet Explorer (IE)
Read the full Microsoft Security Bulletin summary here<http://technet.microsoft.com/en-us/security/bulletin/ms12-aug>.
This will be the third month in a row that IE will receive an update, patching a critical flaw in all versions from IE6 to IE9. The updates for Exchange 2010 at MIT will be occurring later this month, after the release by Microsoft.
More details on the updates can also be found in this ComputerWorld article<http://www.computerworld.com/s/article/9230147/Microsoft_plans_patches_for_hacker_s_playground_>.
--------------------------------
2. Virus Protection at MIT
--------------------------------
Virus protection, when used correctly, prevents viruses, adware, spyware and other malicious code from accessing your computer, where cyber criminals could collect sensitive information, turn your computer into a bot that sends out malware or spam, or modify the computer in other ways without your authorization.
At MIT, computers on the network may be more exposed to such risks than they would be on a home or company network, because of the nature of the work being done here at the Institute. Education, collaboration and research require the MIT network and other IT resources to be highly available at all times, thus restrictions are less likely to be applied.
IS&T provides tools and resources for the MIT community to ensure computer users have a layered defense against many of these threats. For example, free virus protection software. The virus protection application provided by MIT is the McAfee suite of products:
* Mac: McAfee Security 1.2
* Windows: VirusScan Enterprise 8.8
* Linux: VirusScan 5.20
Key features of the application are, among other things, centralized and simplified security management, proactive threat protection, continuous and on-demand scanning and seamless security updating.
Learn more<http://ist.mit.edu/security/malware> or download virus protection from the IS&T software grid<http://ist.mit.edu/software-hardware?type=16>.
------------------------------------------
3. FTC's Settlement With Google
------------------------------------------
The single largest penalty against a single defendant, $22.5 million, was settled against Google last week. According to the FTC, Google violated a 2011 order by representing to certain users that Google wouldn't place tracking cookies or serve targeted ads based on those cookies. But despite what Google said, the FTC has charged that some users, specifically those using the Safari browser, did get tracking cookies and targeted ads.
The Safari browser generally allows users to choose control over targeted ads, but when Safari users tried to change this setting in the browser, Google sidestepped Safari's default cookie-blocking setting by taking advantage of Safari's narrow exception for forms. In other words, when a Safari user visited a Google site or a site within Google's ad network, Google used code to tell the browser that the person was submitting information through a form. That "tricked" the system into allowing Google to place a temporary cookie for targeted ads.
More details on this case can be found at ftc.gov.<http://business.ftc.gov/blog/2012/08/milking-cookies-ftcs-225-million-settlement-google>
===================================================================================
Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
===================================================================================
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20120813/e19ac724/attachment.htm
More information about the ist-security-fyi
mailing list