[IS&T Security-FYI] SFYI Newsletter, June 24, 2013
Monique Yeaton
myeaton at MIT.EDU
Mon Jun 24 11:32:07 EDT 2013
In this issue:
1. Oracle Security Patches Released
2. Internet Wiretapping Explained
3. Teaching Teens about Identity Theft
-------------------------------------------------
1. Oracle Security Patches Released
-------------------------------------------------
Last week Oracle released its security update for June 2013<http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html>, which comprises 40 security updates, with 37 of them addressing vulnerabilities that lead to malware execution. Among the updates is one that fixes a vulnerability found in Javadoc<http://www.oracle.com/technetwork/java/javase/documentation/index-jsp-135444.html>.
Javadoc is a tool that generates frames for online documentation web apps. However, there is a vulnerability in how Javadoc interprets user supplied frames, leaving it vulnerable to frame injection when hosted on a web server. By using the vulnerable variation, and put into a webpage, a user clicking into the frame will be going to a malicious redirection.
The other updates address vulnerabilities in:
• JDK and JRE 7, 6 and 5.0
• JavaFX 2.2.21 and earlier
NOTE TO MIT USERS: Before installing Java updates to a computer in the MIT environment, please review this article: Which Java version should I install?<http://kb.mit.edu/confluence/pages/viewpage.action?pageId=151102086>
--------------------------------------------
2. Internet Wiretapping Explained
--------------------------------------------
With the revelation of the Prism program, and with warrantless wiretapping being the topic of the day, there has been much confusion and speculation in the debates. This article from the Associated Press<http://bigstory.ap.org/article/secret-prism-success-even-bigger-data-seizure> explains in clear terms what we know, and what it means for our data.
This article from ZD Net<http://www.zdnet.com/how-did-mainstream-media-get-the-nsa-prism-story-so-hopelessly-wrong-7000016822/> corrects some of the misleading stories in the mainstream media.
---------------------------------------------------
3. Teaching Teens about Identity Theft
---------------------------------------------------
According to the Juvenile Justice Information Exchange, "kids under the age of 18 are 51 times more likely to become victims of identity theft than their parents."
This summer teens are likely to spend a lot of time online and many of them don't think that anything can happen to them. They are much more likely to fall for a scam.
Learn what you can do to teach your teen about preventing identity theft<http://moneyning.com/credit/teaching-teens-to-prevent-identity-theft/>.
===================================================================================
Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
===================================================================================
Monique Yeaton
IT Security Communications Consultant
Information Services & Technology, MIT
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20130624/e06a337e/attachment.htm
More information about the ist-security-fyi
mailing list