[IS&T Security-FYI] SFYI Newsletter, March 8, 2011

Tue Mar 8 10:15:45 EST 2011

In this issue:

1. March 2011 Microsoft Security Updates

2. Security on Mobile Devices

3. Riskiest Place for Your SSN?

-----------------------------------------------------

1. March 2011 Microsoft Security Updates

-----------------------------------------------------

Microsoft plans to issue three security bulletins on Patch Tuesday, March 8, to address a total of four vulnerabilities. One of the bulletins is rated critical, the other two are rated important.

The bulletins provide fixes for flaws in Windows and Office, as well as for a dynamic link library (DLL) hijacking vulnerability in the Microsoft Groove application.

The bulletins do not fix an Internet Explorer (IE) zero day flaw, as mentioned in a January Security Advisory <http://www.microsoft.com/technet/security/advisory/2501696.mspx>.

Read the full March security bulletin:

<http://www.microsoft.com/technet/security/bulletin/ms11-mar.mspx>

--------------------------------------

2. Security on Mobile Devices

--------------------------------------

For iPhone, iPad, Android and Blackberry users, the Mobile Devices Team has compiled some platform-specific information regarding setting passwords as well as how to remotely wipe and disable your device if lost or stolen. Access the information on all of these devices from the Mobile Device Ninja page: <http://kb.mit.edu/confluence/x/XQdS>.

Additional security recommendations:

 *   Make sure your smartphone is running the latest operating system available and is regularly backed up.
 *   Avoid storing personally identifiable information (PII) on your smartphone.
 *   Do not store web or application passwords with the smartphone auto-save features.

Read the full article on mobile device security tips and recommendations at IS&T News:

<http://ist.mit.edu/news/secure_smartphones>.

----------------------------------------

3. Riskiest Place for Your SSN?

----------------------------------------

According to McAfee, the antivirus software company, universities and colleges are at the top of the list of the most dangerous places to give your Social Security number (SSN).

The ranking is based on the number of data breaches involving SSNs from January 2009 to October 2010. Until recently SSNs were used at universities to provide many of their services to students and staff. More awareness around the proper use of a SSN has helped to minimize the collection of these numbers by universities, however there are still many of these records retained in electronic and paper files.

If you are requesting a service, be hesitant about giving your number out so quickly. Ask the requestor what it will be used for and whether it is absolutely necessary. You may be able to just give the last four digits rather than the full number, or an alternative number, such as your school ID number.

If you are offering a service, and collecting a SSN is required, make sure that it is handled appropriately -- meaning that access to these records is restricted and the security protecting them is strong enough to minimize the risk of exposure and identity theft.

Learn about information protection at MIT: <http://web.mit.edu/infoprotect/>.

========================================================================================

To read all current and archived articles online, visit the Security-FYI Blog at <http://securityfyi.wordpress.com/>

Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20110308/2c7f587a/attachment.htm