[IS&T Security-FYI] SFYI Newsletter, January 9, 2012
Monique Yeaton
myeaton at MIT.EDU
Mon Jan 9 15:36:43 EST 2012
In this issue:
1. IAP: Data Protection @ MIT
2. Microsoft Security Updates for January 2012
3. SQL Injection Attack Spreads
---------------------------------------
1. IAP: Data Protection @ MIT
---------------------------------------
What are you doing to protect data at MIT? To learn what you could be doing, come to one of the two IAP sessions "Data Protection @ MIT."
* Thursday, Jan. 12 @ 1-2:30 pm in E17-121
* Thursday, Jan. 26 @ 1-2:30 pm in E17-121 (repeat)
This session addresses two main questions: “What is MIT doing to protect sensitive data?” and “What can each of us do to protect sensitive data at MIT?” Learn about measures for handling, sharing, storing, and destroying information that requires protection by law. Bring your questions and feel free to participate in the discussion. No registration required, just show up.
Also, this month EDUCAUSE is sponsoring Data Privacy Month<http://www.educause.edu/policy/dataprivacy>, in support of Data Privacy Day<http://www.staysafeonline.org/dpd> which is on January 28. The event is celebrated with events, activities, internal corporate and educational initiatives designed to raise awareness among employees.
------------------------------------------------------------
2. Microsoft Security Updates for January 2012
------------------------------------------------------------
On Tuesday, January 10, Microsoft plans to issue seven security bulletins that address a total of eight flaws. Systems affected:
* Microsoft Windows (all currently supported versions)
* Microsoft Developer Tools and Software
* Media Player
One of the vulnerability impacts is listed as "secure feature bypass," a term that has not been used before in this context. Some patches address the Browser Exploit Against SSL/TLS, a long-standing issue that was publicized last September, also known as BEAST. Security experts are hopeful about Microsoft's current more proactive approach to security.
Read the story in the news<http://www.networkworld.com/community/node/79519>.
Read the Microsoft Security Bulletin Advanced Notification<http://technet.microsoft.com/en-us/security/bulletin/ms12-jan>.
-----------------------------------------
3. SQL Injection Attack Spreads
-----------------------------------------
[Source: SANS NewsBites] An SQL injection attack (SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application) appears to have infected more than 1 million URLs. Some say the reported number of infections may be inflated, as the counts may include pages discussing the attack, although the number of infected URLs was significantly smaller in early December 2011. The malware is called lilupophilupop. The attack appears to be partly automated and partly manual. The .NL domain (the Netherlands) has the greatest number of infections.
Read the full story here<http://www.darkreading.com/database-security/167901020/security/attacks-breaches/232301285/latest-sql-injection-campaign-infects-1-million-web-pages.html>.
===================================================================================
Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
===================================================================================
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20120109/d2294748/attachment.htm
More information about the ist-security-fyi
mailing list