[IS&T Security-FYI] SFYI Newsletter, January 7, 2013
Monique Yeaton
myeaton at MIT.EDU
Mon Jan 7 16:38:36 EST 2013
In this issue:
1. Cloud Computing: The Security Debate
2. First Patch Tuesday of 2013: Microsoft Security Updates
3. Hactivism to Continue in 2013
--------------------------------------------------------
1. Cloud Computing: The Security Debate
--------------------------------------------------------
A lively debate took place last Fall at Indiana University featuring passionate arguments on the nature, status and future of cloud security in and beyond the higher education environs. The article posted by Educause<http://www.educause.edu/ero/article/cloud-security-debate-cloud-now-or-cloud-how> captures the salient points, key quotes and a bit of the color that permeated the two sides of the discussion: Cloud now or cloud how?
After reading the article, what do you think?
-------------------------------------------------------------------------------
2. First Patch Tuesday of 2013: Microsoft Security Updates
-------------------------------------------------------------------------------
On Tuesday, January 8, 2013, Microsoft plans to issue seven security bulletins<http://technet.microsoft.com/en-us/security/bulletin/ms13-jan> to address a total of 12 vulnerabilities. Two of the bulletins are rated critical; the flaws they address could be exploited to allow remote code execution. The other five are rated important; the vulnerabilities they fix could be exploited to elevate privileges, bypass a security feature, or create denial-of-service conditions.
Affected software:
* Windows
* Microsoft Office
* Microsoft Developer Tools
* Microsoft Server Software
* Microsoft .NET Framework
Security updates are available from the Windows Update tool, the Windows Server Update Services or the Download Center. MIT WAUS subscribers will receive the updates as they are tested and released.
Last week Microsoft released a temporary fix for an Internet Explorer (IE) flaw that is being actively exploited in targeted attacks. The vulnerability affects IE 6,7, and 8, but not newer versions of the browser. Microsoft has issued an advisory<http://technet.microsoft.com/en-us/security/advisory/2794220> about the issue and says it is "working around the clock" on a patch for the flaw (but it does not appear to be included in this month's scheduled patch release).
-------------------------------------------
3. Hactivism to Continue in 2013
-------------------------------------------
The hacktivist collective Anonymous has issued a video and statement saying there is more to come in 2013. Read more and watch the video<http://www.zdnet.com/anonymous-expect-us-in-2013-7000009268>.
===================================================================================
Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
===================================================================================
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20130107/61775c66/attachment.htm
More information about the ist-security-fyi
mailing list