[IS&T Security-FYI] SFYI Newsletter, July 22, 2014

Tue Jul 22 07:23:34 EDT 2014

In this issue:

1. Personal Certificates Renewal Time
2. A Year After Sophos Was Released to MIT
3. Oracle Critical Patch Updates for July
4. The Toughest Job in the Business World?

---------------------------------------------------
1. Personal Certificates Renewal Time
---------------------------------------------------

Every year at MIT personal web certificates<http://ist.mit.edu/certificates> expire on July 31. Renewal is not automatic, so for continued access to MIT’s secure web applications, such as Atlas, WebSIS, COEUS Lite, and ePaystubs, be sure to renew your certificate<https://ca.mit.edu/ca/>.

When you obtain your personal certificate, if you haven’t changed your password for over a year, you will be prompted to do so as an additional security measure. You may want to review password strength requirements<http://kb.mit.edu/confluence/x/3wNt> before choosing a new one.

Certificates obtained after June 30, 2014 are valid until July 31, 2015.

------------------------------------------------------------
2. A Year After Sophos Was Released to MIT
------------------------------------------------------------

There are over 14,000 MIT computers currently running Sophos Anti-Virus<http://ist.mit.edu/news/sophos_antivirus>. Users include those in the WIN domain and self-administered MIT hosts. If you aren’t familiar with Sophos, when installed, the software runs in the background, with little to no interruption to your work. When Sophos finds an infected file, the software alerts you and locks the file. You can delete the file, using the Sophos Quarantine Manager. Because the client communicates to the Sophos Management Console (administered by IS&T), various useful pieces of information, such as the status and health of the Sophos client on a machine is provided to the console<http://kb.mit.edu/confluence/x/XAQYCQ>.

------------------------------------------------------
3. Oracle Critical Patch Updates for July
------------------------------------------------------

This month’s Oracle Patch Update<http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html> provides 113 new security fixes across a wide range of product families including: Oracle Database, Oracle Fusion Middleware, Oracle Hyperion, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite, Oracle PeopleSoft Enterprise, Oracle Siebel CRM, Oracle Industry Applications, Oracle Java SE, Oracle Linux and Virtualization, Oracle MySQL, and Oracle and Sun Systems Products Suite.

As a reminder, Critical Patch Update fixes are intended to address significant security vulnerabilities in Oracle products and also include code fixes that are prerequisites for the security fixes. As a result, Oracle recommends that this Critical Patch Update be applied as soon as possible by customers using the affected products.

-----------------------------------------------------------
4. The Toughest Job in the Business World?
-----------------------------------------------------------

A recent NY Times article reports on the profession of the chief information security officer (CISO). This profession, which didn’t exist only a few generations ago, is not considered to be for the fainthearted. As the article describes, they must stay one step ahead of the criminal masterminds and keep close tabs on leaky vendors and reckless employees. In addition to putting out virtual fires and protecting data, they must also be skilled at communications and be experts in sophisticated technology.

Read the story in full at the NY Times<http://www.nytimes.com/2014/07/21/business/a-tough-corporate-job-asks-one-question-can-you-hack-it.html>.

=======================================================================================
Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
=======================================================================================

Monique Buchanan
IT Security Communications Coordinator
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20140722/c5ef5c07/attachment.htm