[IS&T Security-FYI] SFYI Newsletter, November 14, 2012
Monique Yeaton
myeaton at MIT.EDU
Wed Nov 14 15:35:53 EST 2012
In this issue:
1. Microsoft Security Updates for November 2012
2. What is Two-Factor Authentication?
3. We Can Learn from Australia's Defense Strategy
------------------------------------------------------------------
1. Microsoft Security Updates for November 2012
------------------------------------------------------------------
Yesterday, November 13, Microsoft released security bulletins<http://technet.microsoft.com/en-us/security/bulletin/ms12-nov> to address multiple vulnerabilities. Four of the six bulletins are rated critical. The fixes affect the following products:
* Microsoft Windows
* Microsoft Office
* Microsoft .NET Framework
* Internet Explorer
This update includes the first fixes for Windows 8 and Windows RT.
Security updates are available from the Windows Update tool, the Windows Server Update Services or the Download Center. MIT WAUS subscribers will receive the updates as they are tested and released.
---------------------------------------------------
2. What is Two-Factor Authentication?
---------------------------------------------------
The most recent security awareness newsletter OUCH! explains what two-factor authentication is, why people should use it, and how it works.
Read the English version of the newsletter (pdf) here<http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201211_en.pdf>.
--------------------------------------------------------------------
3. We Can Learn from Australia's Defense Strategy
--------------------------------------------------------------------
Earlier this year we saw what was possibly the most damaging cyber attack ever. US oil company Saudi Aramco had 30,000 computers infected and wiped. With their master boot record destroyed, every machine needed on-site attention and a complete rebuild.
According to the US Department of Homeland Security, "hactivists" are getting interested in industrial control systems (ICS), the gadgets that run everything from hotel air conditioners to chocolate factories to nuclear power stations. We've known about the vulnerability of ICS for a long time now. So what can we do about it?
The Australian Defense Signals Directorate (DSD) knows what to do to stop the types of attacks that are coming from nation states. The DSD has developed a list titled Top 35 Mitigation Strategies<http://dsd.gov.au/infosec/top35mitigationstrategies.htm>. According to SANS<http://www.technologyspectator.com.au/keeping-cybergeddon-bay>, implementing just the top four strategies listed can block 85 percent of targeted cyber attacks.
At the top of the list are:
1. whitelisting
2. patching applications
3. patching operating systems, and
4. limiting administrator rights to people who actually need that level of access.
"First do the top four," Alan Paller of SANS says. "When you are done with the top four, evaluate the others."
Read the story in the news<http://www.csoonline.com/article/720272/cyber-attacks-have-changed-but-australia-is-doing-something-about-it-sans>.
===================================================================================
Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
===================================================================================
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20121114/c17cbbdd/attachment.htm
More information about the ist-security-fyi
mailing list