<HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; -khtml-line-break: after-white-space; "><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">In this issue:</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Arial; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">1. Kerberos Consortium Launched</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">2. TSM Vulnerabilities</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">3. National Cyber Security Awareness Month</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Arial; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">-----------------------------------------------</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">1. Kerberos Consortium Launched</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">-----------------------------------------------</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Arial; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">The Kerberos Consortium was launched on September 27, 2007 on an ambitious mission to create a universal authentication platform to protect the world's computer networks, according to the Kerberos web site <<A href="http://www.kerberos.org/launch.html">www.kerberos.org/launch.html</A>>. In the Consortium, vendors are coming together to formalize the use of Kerberos for e-commerce and mobile devices, among other things.</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Arial; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">Kerberos was originally developed at MIT for Project Athena in the 1980's. Currently, its network authentication protocol is mostly available in large corporate networks. The protocol's ability to require strong mutual authentication can protect consumers doing business on the Internet from phishing and other types of attacks.</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Arial; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">What is Kerberos?</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Arial; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">In short, Kerberos is a solution to network security problems. The Kerberos protocol uses strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. After a client and server has used Kerberos to prove their identity, they can also encrypt all of their communications to assure privacy and data integrity as they go about their business. </SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Arial; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">Learn more about Kerberos here: <<A href="http://web.mit.edu/kerberos/">http://web.mit.edu/kerberos/</A>></SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Arial; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">-----------------------------</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">2. TSM Vulnerabilities</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">-----------------------------</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Arial; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">This notice was sent out by MIT's TSM Systems Team earlier today.</SPAN></FONT><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;"> </SPAN></FONT><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">Two vulnerabilities exist in TSM (Tivoli Storage Manager) 5.4.0 and earlier. They affect the Web Client GUI, Client Acceptor Daemon (CAD) managed scheduling, and server-initiated prompted scheduling.</SPAN></FONT><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;"> </SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Arial; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">The risks have the potential to crash the operating system due to a buffer overrun in CAD and, under certain conditions, use of server-initiated prompted scheduling can allow unauthorized access to the client's data.</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Arial; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">How it affects you at MIT:</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Arial; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">- The TSM web client is not configured for use by default. If you use the web client, you need to upgrade to TSM 5.4.1.2 to avoid having your machine at risk.</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Arial; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">- By default on Macintosh, scheduled backups use the CAD to initiate the scheduler. Therefore, all Mac users that run scheduled backups should upgrade to TSM 5.4.1.2. Regardless of your platform, if you are using CAD for scheduled backups or you are not sure, the safest path is to upgrade the TSM client.</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Arial; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">- At MIT we use the 'client polling' method, which is not affected, rather than the server-initiated prompted scheduling, so no one is impacted.</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Arial; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">- The TSM Servers are not affected.</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Arial; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">MIT's Solution:</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Arial; min-height: 14px; "><BR></DIV><P style="margin: 0.0px 0.0px 14.0px 0.0px"><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">IS&T recommends all TSM clients update to Version 5.4.1.2 which includes fixes for these security vulnerabilities. The MIT software distribution web page <</SPAN></FONT><A href="http://web.mit.edu/software"><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;"><FONT class="Apple-style-span" color="#000BFF">http://web.mit.edu/software</FONT></SPAN></FONT></A><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">> has been updated with the new TSM client release for Linux, Macintosh and Windows. To download other TSM clients, go to: <</SPAN></FONT><A href="http://web.mit.edu/tsmsystems/download.html"><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;"><FONT class="Apple-style-span" color="#000BFF">http://web.mit.edu/tsmsystems/download.html</FONT></SPAN></FONT></A><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">>.</SPAN></FONT></P><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">Until you have installed the upgrade:</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Arial; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">- do not start up or use the CAD</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">- do not use the Web client</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">- use client-initiated traditional scheduling instead of CAD-managed scheduling</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Arial; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">If you have questions regarding this TSM alert, please contact <</SPAN></FONT><A href="mailto:tsm-systems@mit.edu"><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;"><FONT class="Apple-style-span" color="#000BFF">tsm-systems@mit.edu</FONT></SPAN></FONT></A><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">>. If you need assistance upgrading to TSM 5.4.1.2, please contact the Computing Help Desk at <</SPAN></FONT><A href="mailto:computing-help@mit.edu"><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;"><FONT class="Apple-style-span" color="#000BFF">computing-help@mit.edu</FONT></SPAN></FONT></A><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">> or (617) 253-1101.</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Arial; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">------------------------------------------------------------</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">3. National Cyber Security Awareness Month</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">------------------------------------------------------------</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Arial; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">Every year, the month of October is dedicated to National Cyber Security Awareness. Several universities around the country are hosting events to discuss Internet security and to find ways to protect ourselves and our children.</SPAN></FONT><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;"> </SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Arial; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">The widespread availability of computers and connections to the Internet provides everyone with 24/7 access to information, credit and financial services, and shopping. The Internet is also an incredible tool for educators and students to communicate and learn.</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Arial; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">Unfortunately, some individuals exploit the Internet through criminal behavior and other harmful acts. Criminals can try to gain unauthorized access to your computer and then use that access to steal your identity, commit fraud, or even launch cyber attacks against others.</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Arial; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">However, there is no single cyber security practice or technological solution that will prevent online crime. The National Cyber Security Alliance (NCSA), which sponsors the month <<A href="http://www.staysafeonline.org">www.staysafeonline.org</A>>, provides several security practices on its site that include Internet habits as well as technology solutions.</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Arial; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" face="Arial" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">To learn more about the events in October 2007, visit: <<A href="http://www.staysafeonline.info/events/index.html">http://www.staysafeonline.info/events/index.html</A>></SPAN></FONT></DIV><BR><DIV> <SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><DIV style="font-size: 12px; "><SPAN class="Apple-style-span" style="font-size: 12px; "><SPAN class="Apple-style-span" style="font-size: 12px; ">=========================</SPAN></SPAN></DIV><DIV style="font-size: 12px; "><SPAN class="Apple-style-span" style="font-size: 12px; "><SPAN class="Apple-style-span" style="font-size: 12px; ">Monique Yeaton</SPAN></SPAN></DIV><DIV style="font-size: 12px; "><SPAN class="Apple-style-span" style="font-size: 12px; "><SPAN class="Apple-style-span" style="font-size: 12px; ">IT Security Awareness Consultant</SPAN></SPAN></DIV><DIV style="font-size: 12px; "><SPAN class="Apple-style-span" style="font-size: 12px; "><SPAN class="Apple-style-span" style="font-size: 12px; ">MIT Information Services & Technology (IS&T)</SPAN></SPAN></DIV><DIV style="font-size: 12px; "><SPAN class="Apple-style-span" style="font-size: 12px; "><SPAN class="Apple-style-span" style="font-size: 12px; ">(617) 253-2715</SPAN></SPAN></DIV><DIV style="font-size: 12px; "><SPAN class="Apple-style-span" style="font-size: 12px; "><SPAN class="Apple-style-span" style="font-size: 12px; "><A href="http://web.mit.edu/ist/security">http://web.mit.edu/ist/security</A></SPAN></SPAN></DIV><DIV style="font-size: 12px; "><BR class="khtml-block-placeholder"></DIV><BR class="Apple-interchange-newline"></SPAN></SPAN></SPAN></SPAN> </DIV><BR></BODY></HTML>