[IS&T Security-FYI] SFYI Newsletter, December 14, 2009

Monique Yeaton myeaton at MIT.EDU
Mon Dec 14 11:51:12 EST 2009 

In this issue:

1. Adobe Security Updates
2. SANS WebCasts
3. Removing Sensitive Data


----------------------------------
1. Adobe Security Updates
----------------------------------

Systems affected:

  * Adobe Flash Player 10.0.32.18 and earlier versions
  * Adobe AIR 1.5.2 and earlier versions

Adobe has released Security Bulletin APSB09-19, which describes  
vulnerabilities affecting Adobe Flash Player and Adobe AIR. An  
attacker could exploit these vulnerabilities by convincing a user to  
visit a website that hosts a specially crafted SWF file.

The Adobe Flash browser plugin is available for multiple web browsers  
and operating systems, any of which could be affected.

Users are encouraged to update Flash Player 10.0.32.18 and earlier  
versions as well as Adobe AIR 1.5.2 and earlier versions to the latest  
version.

Flash Player latest update: <http://get.adobe.com/flashplayer/>
Adobe AIR latest update: <http://get.adobe.com/air/>

The full bulletin:
<http://www.adobe.com/support/security/bulletins/apsb09-19.html>


-------------------------
2. SANS WebCasts
-------------------------

SANS (SysAdmin, Audit, Network, Security) provides regular webcasts by  
experts in the field of computer security. These are live web  
broadcasts that allow you to hear knowledgeable speakers while viewing  
presentation slides that you download in advance. They are free and  
informative. If interested, you can also subscribe to the Webcast  
Calendar.

To learn more see:
<https://www.sans.org/webcasts/>


-----------------------------------
3. Removing Sensitive Data
-----------------------------------

The past few weeks I have included articles in this newsletter on data  
security in higher education. Much of this information will be  
discussed during the IAP seminar "Handling Sensitive Data."
<http://student.mit.edu/iap/nsis.html>

Part of the IAP seminar will review paper shredding and electronic  
data wiping techniques. At MIT the responsibility of data destruction  
falls to the departments who store the information. When paper files  
are no longer needed or computers are repurposed or recycled, it is up  
to the data stewards to ensure that the information is destroyed  
beyond recovery.

Don't let a data leak occur at MIT! Below are just a few examples of  
schools whose data was not correctly disposed of:
<http://www.adamdodge.com/esi/search/node/trash>
<http://www.adamdodge.com/esi/search/node/shred>
<http://www.adamdodge.com/esi/search/node/surplus>
<http://www.adamdodge.com/esi/scratch_paper_contains_list_of_student_ssns 
 >

Electronic data wiping information:
<http://ist.mit.edu/security/support/remove_sensitivedata>

Paper shredding information:
<http://web.mit.edu/infoprotect/papershredding.html>

= 
= 
= 
========================================================================

Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB 
 >


Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20091214/72650b39/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1846 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20091214/72650b39/attachment.bin

More information about the ist-security-fyi mailing list