[IS&T Security-FYI] SFYI Newsletter, March 12, 2012
Monique Yeaton
myeaton at MIT.EDU
Mon Mar 12 14:00:53 EDT 2012
In this issue:
1. Microsoft Security Updates for March 2012
2. EVENT: Laptop Tagging on 3/14 in E17 @11:30 am - 1:00 pm
3. Two Interesting Scams Making the Rounds
4. OUCH! Newsletter, March 2012: Email Dos and Don'ts
----------------------------------------------------------
1. Microsoft Security Updates for March 2012
----------------------------------------------------------
On Tuesday, March 13, Microsoft plans to issue six security bulletins that address a total of seven flaws. Only one of the bulletins to be issued is labeled as critical. Systems affected:
* Microsoft Windows (all supported versions)
* Visual Studio
* Expression Design
The critical bulletin will address a remote code execution flaw in Windows. Such flaws can be exploited by hackers to install malware on a targeted system without user warning or interaction.
Read the story in the news<http://www.scmagazine.com.au/News/293142,microsoft-to-patch-seven-security-issues-with-six-bulletins.aspx>.
Read the Microsoft Security Bulletin Advanced Notification<http://technet.microsoft.com/en-us/security/bulletin/ms12-mar>.
----------------------------------------------------------------------------------
2. EVENT: Laptop Tagging on 3/14 in E17 @11:30 am - 1:00 pm
----------------------------------------------------------------------------------
Every second Wednesday of the month, the MIT Campus Police teams up with IS&T to tag and register laptop computers and electronic devices. The STOP tags<http://www.stoptheft.com/site/index.php> take up to 800 pounds of pressure to remove and if removed, leave a tattoo stating "Stolen Property."
With a rash of thefts happening in various open buildings on campus (some items are lifted from locked rooms), it is a good idea to use such visible deterrents as protection, especially for items which can be quickly removed. The registration of such items will also help to return found items to the proper owner.
There is a $10 cost per tagged item, and cash or MIT Cost Object are accepted. Learn more here<https://kb.mit.edu/confluence/display/istcontrib/Campus+Police+Laptop+Tagging+and+Registration>.
The next tagging event will be happening on April 11.
----------------------------------------------------------
3. Two Interesting Scams Making the Rounds
----------------------------------------------------------
Scams are nothing new, they probably have been around since the dawn of civilization. However, new technology brings new ways for criminals to scam people and we should be on the look out for these possibilities. Here are two that caught my attention recently:
Cramming:
Customers finding unauthorized charges on their phone bill (landline or wireless). This type of illegal billing (called "cramming") has been around for at least a decade, but more recently is affecting cell and smart phone users. The bogus charges are for anything from yoga classes to psychic hotline memberships and diet programs. The FCC is proposing new rules designed to reduce the scams. In the meantime, consumers should keep an eye on their phone bills, even for such small amounts as $1.99. If billed each month, those small charges can add up. Read it in the news<http://www.msnbc.msn.com/id/43728825/ns/business-consumer_news/t/fcc-proposes-crackdown-phone-bill-cramming/#.T14SFitSRQ9>.
Gift Giving Scam Targeting Universities:
Several universities in the US, including MIT, are experiencing a scam in which a person donates a large amount of money to the university online with a credit card, then calls to request a refund on a different credit card. They are claiming the intended gift was smaller and would like the difference refunded. When verifying the given names and contact information, the information turns out to be invalid. Example from the State of Mississippi<http://www.bolivarcom.com/view/full_story/17744981/article-Delta-State-targeted-in-credit-card-scam>.
------------------------------------------------------------------------
4. OUCH! Newsletter, March 2012: Email Dos and Don'ts
------------------------------------------------------------------------
The month's issue of OUCH! from SANS.org explains the Dos and Don'ts of using email. Specifically, how people can be their own worst enemy when it comes to copying the wrong recipient with auto-complete, sending an email when emotionally charged or not understanding the privacy limitations of email. The newsletter provides in simple terms how some of email's most common features work and how to avoid shooting yourself in the foot.
Read or download the newsletter in PDF format here<http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201203_en.pdf>.
===================================================================================
Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
===================================================================================
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20120312/23bd0fb0/attachment.htm
More information about the ist-security-fyi
mailing list