<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;">In this issue:</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">1. Apple Releases Critical Security Update</div>
<div style="margin: 0px; font-family: Helvetica;">2. Microsoft Releases Security Advisory on Internet Explorer</div>
<div style="margin: 0px; font-family: Helvetica;">3. Upcoming Event: Sophos and Sophos Reporting on March 6th</div>
<div style="margin: 0px; font-family: Helvetica;">4. The University of Maryland Data Breach</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">---------------------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica;">1. Apple Releases Critical Security Update</div>
<div style="margin: 0px; font-family: Helvetica;">---------------------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">Late last week, Apple released a
<a href="http://support.apple.com/kb/ht1222">security update</a> for its iOS mobile operating system to address a flaw in its SSL/TLS implementation. </div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">SSL (Secure Sockets Layer) is part of the TLS (Transport Layer Security) protocol and is used to encrypt sensitive information, often in a browser, as it traverses the Internet. The flaw, as described by Apple,
can provide "an attacker with a privileged network position [to] capture or modify data in sessions protected by SSL/TLS."</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">In other words, the flaw makes it easy for bad actors to create fake websites that look like sites users trust, such as banking sites, and to grab information that the users send to those sites.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">Apple has not yet updated this flaw on laptops or desktops, although it is expected one will be released very soon. </div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">It is recommended that all iOS users update their devices to iOS 7.0.6 and iOS 6.1.6 as soon as possible. This is not one you want to wait on. Information on how to update your iPhone, iPod touch, and iPad can
be found on Apple's website [<a href="http://support.apple.com/kb/ht4623">http://support.apple.com/kb/ht4623</a>].</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;"><b>Note</b>: iOS 6.1.6 is only available for devices that can not run iOS 7. If you have the original iPad and iPhone 3GS or earlier versions of the iPod touch you will install iOS 6.1.6. All other models
of the iPhone, iPad, and iPod that have the ability to run iOS 7, must upgrade to iOS 7.0.6. to get the fix.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">Those that need assistance updating their iOS device should contact their local IT support liaison or the IS&T Help Desk [<a href="http://ist.mit.edu/help">http://ist.mit.edu/help</a>].</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;"><a href="http://www.washingtonpost.com/business/technology/apples-security-bug-what-to-know-about-it-and-what-to-do-about-it/2014/02/24/b59404e4-9d59-11e3-9ba6-800d1192d08b_story.html">Read the story in the
news</a>.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">--------------------------------------------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica;">2. Microsoft Releases Security Advisory on Internet Explorer</div>
<div style="margin: 0px; font-family: Helvetica;">--------------------------------------------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">Microsoft released <a href="http://technet.microsoft.com/security/advisory/2934088">
Security Advisory 2934088</a> - Vulnerability in Internet Explorer Could Allow Remote Code Execution - on February 19th. </div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">A vulnerability in Internet Explorer 9 and 10 is subject to exploit. According to the advisory, an attacker could host a specially crafted website, convince a user to view the website and exploit the vulnerability
if the site is viewed in Internet Explorer.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">There is no current patch for this vulnerability, and Microsoft has not yet scheduled one, but they may provide a solution through the monthly security update release process or an out-of-cycle update. They
do offer a <a href="https://support.microsoft.com/kb/2934088">temporary stopgap “fix it” measure</a>, allowing affected services to go into restricted mode to block attacks.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">Microsoft recommends users to avoid clicking on unsolicited links. It is also a good idea to use an alternative browser until the issue has been permanently fixed.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;"><a href="http://www.scmagazine.com//microsoft-issues-temporary-fix-for-ie-zero-day-targeting-service-members/article/334929/">Read the full story in the news</a>.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">---------------------------------------------------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica;">3. Upcoming Event: Sophos and Sophos Reporting on March 6th</div>
<div style="margin: 0px; font-family: Helvetica;">---------------------------------------------------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">The IT Partners planning team has announced its next luncheon. Andrew Munchbach from the Security Operations team will discuss MIT's
<a href="http://ist.mit.edu/sophos">anti-virus software, Sophos</a>, as well as running reports from Sophos.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">Please join us on Thursday March 6 at 12:00 in Marlar Lounge (<a href="http://whereis.mit.edu/?go=37">37-252</a>).</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">Lunch will be served at noon, and the discussion will begin promptly at 12:15. Please confirm if you plan to attend by sending email to
<a href="mailto:rsvp-itpartners@mit.edu">rsvp-itpartners@mit.edu</a><span style="text-decoration: underline ; color: #4787ff">.</span></div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">---------------------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica;">4. The University of Maryland Data Breach</div>
<div style="margin: 0px; font-family: Helvetica;">---------------------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">University of Maryland President Wallace D. Loh has
<a href="http://www.umd.edu/datasecurity/">disclosed a breach</a> of a university database that compromised personal information of more than 300,000 students and staff members. </div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">The incident affects anyone who was associated with the university's College Park and Shady Grove campuses dating back to 1998. The exposed data include birth dates, Social Security numbers (SSNs) and school
ID numbers, but not financial, academic, or health data. </div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">Forensic investigators are examining the breached files and logs. University CIO Brian Voss said the intruder copied the information in the database.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;"><a href="http://news.cnet.com/8301-1009_3-57619169-83/data-breach-at-university-of-maryland-exposes-300k-records/">Read the full story in the news</a>.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">=======================================================================================</div>
<div style="margin: 0px; font-family: Helvetica;">Read all archived Security FYI Newsletter articles and submit comments online at
<a href="http://securityfyi.wordpress.com/"><span style="color: rgb(4, 46, 238);">http://securityfyi.wordpress.com/</span></a>.</div>
<div style="margin: 0px; font-family: Helvetica;">=======================================================================================</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div apple-content-edited="true">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
Monique Buchanan<br>
IT Security Communications Consultant<br>
Information Systems & Technology (IS&T)<br>
Massachusetts Institute of Technology<br>
<a href="http://ist.mit.edu/secure">http://ist.mit.edu/secure</a><br>
tel: 617.253.2715<br>
<br>
<span style="font-family: Helvetica;">"Distrust and caution are the parents of security" - Benjamin Franklin</span></div>
</div>
</div>
<br>
</body>
</html>