<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

</head>

<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<div style="margin: 0px; font-family: Helvetica; min-height: 17px;" class="">In this issue:</div>

<div style="margin: 0px; font-family: Helvetica; min-height: 17px;" class=""><br class="">

</div>

<div style="margin: 0px; font-family: Helvetica;" class="">1. EVENT: Security SIG Lunch on February 18, 2015</div>

<div style="margin: 0px; font-family: Helvetica;" class="">2. Various Security Updates in January&nbsp;</div>

<div style="margin: 0px; font-family: Helvetica;" class="">3. Google and Microsoft Miscommunication?</div>

<div style="margin: 0px; font-family: Helvetica; min-height: 17px;" class=""><br class="">

</div>

<div style="margin: 0px; font-family: Helvetica; min-height: 17px;" class=""><br class="">

</div>

<div style="margin: 0px; font-family: Helvetica;" class="">----------------------------------------------------------------------</div>

<div style="margin: 0px; font-family: Helvetica;" class="">1. EVENT: Security SIG Lunch on February 18, 2015</div>

<div style="margin: 0px; font-family: Helvetica;" class="">----------------------------------------------------------------------</div>

<div style="margin: 0px; font-family: Helvetica; min-height: 17px;" class=""><br class="">

</div>

<div style="margin: 0px; font-family: Helvetica;" class="">The next Security SIG has been scheduled. To go a bit further on the topic of hardening, we asked Anthony Grutta to give a presentation on securing web applications.&nbsp;</div>

<div style="margin: 0px; font-family: Helvetica; min-height: 17px;" class=""><br class="">

</div>

<div style="margin: 0px; font-family: Helvetica;" class="">Topic: Web Application Security Best Practices</div>

<div style="margin: 0px; font-family: Helvetica;" class="">Speaker: Anthony Grutta,&nbsp;Senior Application Administrator in IS&amp;T</div>

<div style="margin: 0px; font-family: Helvetica;" class="">Where: 37-252 (Marlar Lounge)</div>

<div style="margin: 0px; font-family: Helvetica;" class="">When: Wednesday, February 18, 2015, 12:00 - 1:30 pm</div>

<div style="margin: 0px; font-family: Helvetica; min-height: 17px;" class=""><br class="">

</div>

<div style="margin: 0px; font-family: Helvetica;" class="">Lunch will be provided upon arrival and the presentation will begin around 12:15. There will be time for questions after the presentation. Please&nbsp;<a href="mailto:Security_sig_events@mit.edu" class="">RSVP</a>&nbsp;if

 you plan on having lunch with us.</div>

<div style="margin: 0px; font-family: Helvetica; min-height: 17px;" class=""><br class="">

</div>

<div style="margin: 0px; font-family: Helvetica; min-height: 17px;" class=""><br class="">

</div>

<div style="margin: 0px; font-family: Helvetica;" class="">----------------------------------------------------</div>

<div style="margin: 0px; font-family: Helvetica;" class="">2. Various Security Updates in January</div>

<div style="margin: 0px; font-family: Helvetica;" class="">----------------------------------------------------&nbsp;</div>

<div style="margin: 0px; font-family: Helvetica; min-height: 17px;" class=""><br class="">

</div>

<div style="margin: 0px; font-family: Helvetica;" class="">Microsoft</div>

<div style="margin: 0px; font-family: Helvetica; min-height: 17px;" class=""><br class="">

</div>

<div style="margin: 0px; font-family: Helvetica;" class="">On Tuesday, January 13,

<a href="http://www.computerworld.com/article/2868480/microsofts-patch-tuesday-focuses-on-windows.html" class="">

Microsoft issued eight bulletins</a>, including one marked critical, to address security issues in various versions of Windows. Included in the patches are fixes for two flaws in Windows 8.1 that Google recently disclosed as part of its Project Zero security

 program. Both flaws are also exploitable in other versions of Windows, although Google tested them in Windows 8.1 only. None of the bulletins address flaws in Internet Explorer, a rare occurrence for Microsoft.&nbsp;</div>

<div style="margin: 0px; font-family: Helvetica; min-height: 17px;" class=""><br class="">

</div>

<div style="margin: 0px; font-family: Helvetica;" class="">Adobe</div>

<div style="margin: 0px; font-family: Helvetica; min-height: 17px;" class=""><br class="">

</div>

<div style="margin: 0px; font-family: Helvetica;" class=""><a href="http://www.computerworld.com/article/2868669/adobe-patches-remote-code-execution-and-keylogging-flaws-in-flash-player.html" class="">Adobe has issued fixes for nine flaws in Flash Player</a>.

 The flaws could be exploited to record keystrokes or take control of vulnerable systems. Flash Player 16.0.0.257 is available for Windows and Mac OS X, and FlashPlayer 11.2.202.429 is available for Linux. Flash will be automatically updated in Google's Chrome

 browser and in Internet Explorer running on Windows 8 and 8.1.&nbsp;<a href="http://www.adobe.com/software/flash/about/" class="">Check your version at the Adobe site</a>.</div>

<div style="margin: 0px; font-family: Helvetica; min-height: 17px;" class=""><br class="">

</div>

<div style="margin: 0px; font-family: Helvetica;" class="">Mozilla</div>

<div style="margin: 0px; font-family: Helvetica; min-height: 17px;" class=""><br class="">

</div>

<div style="margin: 0px; font-family: Helvetica;" class=""><a href="http://www.scmagazine.com/gecko-media-plugin-sandbox-escape-among-vulnerabilities-fixed/article/392802/" class="">Mozilla has released Firefox 35</a>. The latest version of the browser includes&nbsp;<a href="https://www.mozilla.org/en-US/firefox/35.0/releasenotes/" class="">fixes

 for a number of security issues</a>&nbsp; Several of the flaws have been rated critical. Mozilla has also issued updates for Firefox ESR, SeaMonkey, and Thunderbird.</div>

<div style="margin: 0px; font-family: Helvetica; min-height: 17px;" class=""><br class="">

</div>

<div style="margin: 0px; font-family: Helvetica; min-height: 17px;" class=""><br class="">

</div>

<div style="margin: 0px; font-family: Helvetica;" class="">-----------------------------------------------------------</div>

<div style="margin: 0px; font-family: Helvetica;" class="">3. Google and Microsoft Miscommunication?</div>

<div style="margin: 0px; font-family: Helvetica;" class="">-----------------------------------------------------------</div>

<div style="margin: 0px; font-family: Helvetica; min-height: 17px;" class=""><br class="">

</div>

<div style="margin: 0px; font-family: Helvetica;" class=""><a href="https://code.google.com/p/google-security-research/issues/detail?id=118" class="">Google’s Project Zero posted details of a vulnerability in Windows 8.1</a> after waiting for Microsoft to respond,

 to no avail, for 90 days. Once a vulnerability is public knowledge, it can be abused by attackers.

<a href="http://www.computerworld.com/article/2867564/microsoft-blasts-google-for-baring-windows-bugs-before-theyre-patched.html" class="">

Microsoft criticized Google</a> for publicizing the flaw too early, saying the company had put Windows customers at risk.&nbsp;</div>

<div style="margin: 0px; font-family: Helvetica; min-height: 17px;" class=""><br class="">

</div>

<div style="margin: 0px; font-family: Helvetica;" class="">According to Microsoft, it had specifically asked Google to withhold details of the flaw until January 13, Patch Tuesday, when the fix would be released. Microsoft patched two Windows vulnerabilities

 that were exposed by Google in MS15-001 and MS15-003.&nbsp;</div>

<div style="margin: 0px; font-family: Helvetica; min-height: 17px;" class=""><br class="">

</div>

<div style="margin: 0px; font-family: Helvetica;" class="">With adherence to its 90-day policy,

<a href="http://www.computerworld.com/article/2870967/google-goes-public-with-more-windows-bugs.html" class="">

Google disclosed two additional vulnerabilities</a> after last week Tuesday’s patches were released. One of them does not appear to be a security issue. The next Patch Tuesday is scheduled for February 10, when presumably the more serious of the two vulnerabilities

 will be patched.</div>

<div apple-content-edited="true" class="">

<div style="color: rgb(0, 0, 0); font-family: Avenir; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<div style="color: rgb(0, 0, 0); font-family: Avenir; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<br class="">

</div>

<div style="color: rgb(0, 0, 0); font-family: Avenir; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<div style="margin: 0px; font-family: Helvetica;" class=""><br class="">

</div>

<div style="margin: 0px; font-family: Helvetica;" class="">=======================================================================================</div>

<div style="margin: 0px; font-family: Helvetica;" class="">Read all archived Security FYI Newsletter articles and submit comments&nbsp;online&nbsp;at

<a href="http://securityfyi.wordpress.com/" class=""><span style="color: rgb(4, 46, 238);" class="">http://securityfyi.wordpress.com/</span></a>.</div>

<div style="margin: 0px; font-family: Helvetica;" class="">=======================================================================================</div>

<div style="margin: 0px; font-family: Helvetica;" class=""><br class="">

</div>

<div style="margin: 0px; font-family: Helvetica;" class=""><br class="">

</div>

Monique Buchanan<br class="">

IT Security Communications Coordinator<br class="">

Information Systems &amp; Technology (IS&amp;T)<br class="">

Massachusetts Institute of Technology<br class="">

<a href="http://ist.mit.edu/secure" class="">http://ist.mit.edu/secure</a><br class="">

tel: 617.253.2715</div>

<div style="color: rgb(0, 0, 0); font-family: Avenir; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<br class="">

</div>

<br class="Apple-interchange-newline">

</div>

</div>

</div>

<br class="">

<br class="Apple-interchange-newline">

</div>

<br class="">

</body>

</html>