[IS&T Security-FYI] SFYI Newsletter, February 11, 2013
Monique Yeaton
myeaton at MIT.EDU
Mon Feb 11 15:52:03 EST 2013
In this issue:
1. Microsoft Security Updates for February 2013
2. The Value of a Hacked PC
3. Ouch! Newsletter on Phishing
----------------------------------------------------------------
1. Microsoft Security Updates for February 2013
----------------------------------------------------------------
This week for Patch Tuesday, Microsoft is planning to release twelve new security bulletins<http://technet.microsoft.com/en-us/security/bulletin/ms13-feb>. Five are rated critical, seven are important. The fixes affect the following products:
* Internet Explorer, all supported versions
* All currently supported versions of Windows
* Windows Server 2003, 2008 and 2012
* Microsoft Exchange Server 2007 and 2010
* Microsoft FAST Search Server 2010 for Sharepoint and Advanced Filter Pack
On Tuesday, February 12, the updates<http://www.update.microsoft.com/windowsupdate> will be available from the Windows Update tool, the Windows Server Update Services or the Download Center. MIT WAUS subscribers will receive the updates when they have been tested and released.
---------------------------------------
2. The Value of a Hacked PC
---------------------------------------
An article from Krebs on Security provides an image of some interestingly prevalent malicious uses for a hacked PC.
As Krebs writes: "The project [a chart he put together for The Washington Post in 2009] was designed to explain simply and visually to the sort of computer user who can't begin to fathom why miscreants would want to hack into his PC. 'I don't bank online, I don't store sensitive information on my machine! I only use it to check email. What could hackers possibly want with this hunk of junk?', are all common refrains from this type of user."
Take a look<http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/>. One of the ideas he tried to get across is that nearly every aspect of a hacked computer and a user's online life can be and has been commoditized. If it has value and can be sold, a cyber criminal will monetize it.
-------------------------------------------
3. Ouch! Newsletter on Phishing
-------------------------------------------
In this month's issue of OUCH!, the SANS.org security newsletter, the topic is: Email Phishing Attacks. You can download the free newsletter here<http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201302_en.pdf> (pdf).
If, after reading, you are interested in learning more about phishing, see these articles<http://kb.mit.edu/confluence/label/istcontrib/phishing> on the topic in the Knowledge Base.
===================================================================================
Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
===================================================================================
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20130211/18a39c65/attachment.htm
More information about the ist-security-fyi
mailing list