[IS&T Security-FYI] SFYI Newsletter, February 10, 2014

Mon Feb 10 11:40:28 EST 2014

In this issue:

1. February 2014 Security Updates from Microsoft
2. OUCH! Newsletter: What is Malware?
3. Risks of International Travel
4. For Fun: Information Security Problem

-------------------------------------------------------------------
1. February 2014 Security Updates from Microsoft
-------------------------------------------------------------------

On Tuesday, February 11, Microsoft is releasing five new security bulletins<http://technet.microsoft.com/en-us/security/bulletin/ms14-feb>. Two of the bulletins are critical. Microsoft systems that will be affected:

  *   Windows (all current operating systems and servers)
  *   Forefront Protection 2010 for Exchange
  *   Microsoft .NET Framework

It is recommended to accept the updates. MIT WAUS subscribers will receive the updates after they have been tested for compatibility within the MIT computing environment. Installing the bulletins manually may require a restart.

On February 11, Microsoft is also planning to release the update for deprecation of MD5 hashing algorithm for the Microsoft root certificate program. The announcement was made last August <http://technet.microsoft.com/en-us/security/advisory/2862973> to give customers six months to take the necessary actions in their environments.

The action on February 11 will officially restrict the use of digital certificates with MD5 hashes<http://threatpost.com/microsoft-starts-countdown-on-eliminating-md5/101994>. The change applies only to certificates used for server authentication, code signing and time stamping. Microsoft said it would not block other uses of MD5 and would allow signed binaries from before March 2009. The general recommendation is that customers move to a stronger encryption algorithm such as SHA2 or better.

------------------------------------------------------
2. OUCH! Newsletter: What is Malware?
------------------------------------------------------

This month’s issue of OUCH!, the monthly security awareness newsletter for computer users from SANS, explains what malware is, who is developing it and why and how to protect yourself against it.

You can download or view a copy online here:

http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201402_en.pdf

-----------------------------------------
3. Risks of International Travel
-----------------------------------------

Two weeks ago the International Coordinating Committee (ICC) at MIT hosted a presentation on international travel resources. Members of IS&T were there as co-presenters and addressed concerns regarding safe computing, mobile devices and data protection while traveling.

The event was well-attended but if you weren’t able to be there, the slides can be viewed online<http://osp.mit.edu/grant-and-contract-administration/international-activities/international-coordinating-committee> via the Office of Sponsored Programs website. A lot of the information presented by IS&T can also be found within this Knowledge Base article<http://kb.mit.edu/confluence/x/ODIYCQ>.

In addition, SANS shares a security awareness video each month, and this month it is on International Travel. The video explains the risks with international travel and how you can protect yourself and your data. It will be available at the link below until the end of February.

SANS: Monthly Awareness Video.<http://www.securingthehuman.org/resources/ncsam>

-------------------------------------------------------
4. For Fun: Information Security Problem<http://www.glasbergen.com/wp-content/gallery/technology-cartoons/toon567.gif>
-------------------------------------------------------

=======================================================================================
Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
=======================================================================================

Monique Buchanan
IT Security Communications Consultant
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715

"Distrust and caution are the parents of security" - Benjamin Franklin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20140210/6a89592d/attachment.htm