[IS&T Security-FYI] SFYI Newsletter, September 20, 2010

Mon Sep 20 15:04:52 EDT 2010

In this issue:

1. Patch Issued for QuickTime for Windows
2. Study Says IT Security Workers Most Gullible
3. Tips on Laptop Security

-------------------------------------------------------
1. Patch Issued for QuickTime for Windows
-------------------------------------------------------

Apple has issued a patch for a critical flaw in QuickTime that could be exploited to hijack Microsoft Windows XP, Vista or Windows 7 running Internet Explorer with the QuickTime ActiveX control.  The company was notified of the vulnerability in June through a bug bounty program.  The update, QuickTime 7.6.8, also addresses the DLL load hijacking bug.  

The update is for Windows versions of QuickTime only. It can be obtained from the Apple website:
<http://www.apple.com/quicktime/download/>

-------------------------------------------------------------
2. Study Says IT Security Workers Most Gullible
-------------------------------------------------------------

A vast portion of a study group were duped into revealing corporate and personal secrets after being invited to "friend" a seemingly honest but bogus profile on a popular social networking site. Out of the 2000 randomly selected people, 86 percent identified themselves as working in the IT industry and 31 percent of those said they worked in some capacity in IT security.

BitDefender, the vendor who ran the study believes this study should serve as a wake-up call to IT security professionals, because it demonstrates that those responsible for safeguarding enterprise data networks are the most likely to divulge sensitive personal and key corporate information to a stranger through a social networking site.

Read the full story:
<http://www.esecurityplanet.com/features/article.php/3901431/IT-Security-Workers-Are-Most-Gullible-of-All-Study.htm>

----------------------------------
3. Tips on Laptop Security
----------------------------------

This week students, faculty and staff can obtain STOP (Security Tracking of Office Property) tags for their laptops. When you purchase a tag, it is glued to your laptop and MIT Police take down your contact information and computer's information for the STOP data base.

Next scheduled session: Wednesday, September 22 from 11:30 to 1:00 in Lobby 10. Bring your laptop and $10 cash or your department's cost object to purchase.

A STOP tag is a visible theft deterrent that is difficult to remove. If removed, it leaves behind a tattoo stating the item is stolen property. A recovered laptop with a tag can be traced back to its owner through the registration information. For more info on STOP tags see: www.stoptheft.com.

After the recent flurry of laptop thefts from dorms on campus earlier this semester, the one laptop stolen that had a STOP tag was retrieved by local police, and although damaged, the hard drive was still intact so the owner was able to get back all his data.

Other suggestions for protecting your laptop:
When traveling with your laptop, don't leave it in a car or leave it behind for "just a sec", no matter where you are
Pay attention in airports, especially when going through security
Use a cable or lock to attach the laptop to a desk or other immovable object

More information about loss prevention can be found online at: <http://ist.mit.edu/security/loss>. 

===========================================================================

Find current and older issues of Security FYI Newsletter in Hermes at <http://kb.mit.edu/confluence/x/ehBB> or by visiting the Security FYI Blog at <http://securityfyi.wordpress.com/>

Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100920/d58443d2/attachment.htm