[IS&T Security-FYI] SFYI Newsletter, June 4, 2012
Monique Yeaton
myeaton at MIT.EDU
Mon Jun 4 16:58:09 EDT 2012
In this issue:
1. Travel Safely with Your Laptop
2. Vulnerable Websites a Target for Hackers
------------------------------------------
1. Travel Safely with Your Laptop
------------------------------------------
Over the course of the summer many of us travel to various destinations and, for work or entertainment purposes, we bring our laptop with us. It is almost common knowledge now that traveling via airplane with a laptop can be dangerous, because many laptops end up lost or stolen at airports.
There are some precautions you can take before you travel, such as removing sensitive data from the computer, registering the laptop with police via STOP, and (if it's your personal computer) buying insurance coverage for the value of the laptop. Then there are cautionary tips to follow while traveling, such as keeping your laptop with you at all times or locked away in a safe place (i.e., not in a car or lying out in your hotel room) and avoiding using unfamiliar networks for transmitting confidential information.
You can find more of these laptop travel tips via this recent IS&T news article<http://ist.mit.edu/news/safe_laptop_travel>.
--------------------------------------------------------
2. Vulnerable Websites a Target for Hackers
--------------------------------------------------------
In the past month, several universities have been the target of supposed friendly "white hat" attacks to prove that they are vulnerable to SQL Injection attacks. The fact that their websites are vulnerable should be of high concern to the site owners, especially if they are the gateway to sensitive data.
Are you sure that your website is protected? Web developers are typically careful about checking vulnerabilities before publishing a site. But to be certain, scans by free tools or affordable services are good at identifying XSS, SQL Injection, SSL/Cert issues and more. The reports generated by the scans offer suggested remediation. If you are a website owner but not a developer, you can send the report to the developer or site administrator so that they can see where the vulnerability is and how to fix it.
This site<http://sectools.org/tag/web-scanners/> has a list of web scanning tools and also lists which vulnerabilities they will identify. Some browser plug-ins for web developers do the same.
===================================================================================
Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
===================================================================================
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20120604/d26847ac/attachment.htm
More information about the ist-security-fyi
mailing list