Weekly News Review

MOREnet Security News Review -- April 16-20, 2012

We’d like your input… The call for presenters is now open for M3 – MOREnet’s NEW Megaconference -- and we want to know what topics or technologies are on the top of your list to learn about. If there’s something specific you’d like to see in October, please send an email to conferences@more.net or security@more.net.

 

TOP HEADLINES THIS WEEK

Looks like Google is going to have to dig a little deeper into their pockets. 
http://www.theregister.co.uk/2012/04/17/google_ftc_fine_safari_privacy_gaffe/
 
Google search results sometimes display malicious web sites despite the company’s best efforts to filter them out.
http://threatpost.com/en_us/blogs/google-warns-20000-webmasters-about-weird-redirects-041812
 
Flashback is still around and now researchers believe they know how it spread …
http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/232900618/apple-mac-attack-began-with-infected-wordpress-sites.html
 
Thinking about using Cloud services? Here are some tips for negotiating SLAs.
http://www.informationweek.in/Cloud_Computing/12-04-20/5_tips_for_negotiating_cloud_software_SLAs.aspx
 
Do you follow SSL Best Practices?
http://www.net-security.org/article.php?id=1702&utm
 
 

VULNERABILITIES AND PATCHES

US-CERT Vulnerability Summary for the Week of April 9, 2012
http://www.us-cert.gov/cas/bulletins/SB12-107.html
 
This week Oracle released a Critical Patch Update which contains 88 new security fixes.
http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html 
 
OpenSSL Security  Advisory
http://isc.sans.edu/diary.html?storyid=13018&rss
 
 

SECURITY TOOLBOX

Social media sites are great ways to communicate but they can be the source of security threats to your users and organization. Sophos has a Social Media Security Toolkit that contains a variety of resources to help teach users how to stay safe.
http://www.sophos.com/en-us/security-news-trends/security-trends/social-media-security-toolkit.aspx
 
Looking for a free open-source IDS… check out OSSEC.  It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
http://www.ossec.net/main/about
 
 

FEATURED SERVICE

Network Backup -- MOREnet is offering a network backup service for members to back up mission-critical data to an off-site location. Members will have access to a hosted backup service located in a secure data facility that connects directly into the core MOREnet network.
http://www.more.net/services/network-backup
 
 

UPCOMING TRAINING AND EVENTS

 1.       Cloud Security Webinar – Wednesday, May 16, 2012 3:00 – 4:00 p.m. We have been talking about "the cloud" for years and years but what is "the cloud"? What constitutes a "cloud" device or storage or offering? What questions should you be asking of your cloud provider to make sure you are protected? We will discuss all of those items and more as we talk about how to securely move into the cloud.
2.       Introduction to Windows 2008 Server Administration – Tuesday June 26 through Thursday June 28, Columbia, Missouri  – Designed to build a foundation in basic server administration, this class introduces students to many of Windows Server 2008 features. The class includes extensive exercises which reinforce Microsoft Windows Server 2008 network administration skills as they are learned.
3.       Introduction to Windows 2008 DNS, DHCP and CSVde – Friday June 29, Columbia, Missouri  - This course is designed to provide a foundation for understanding both Domain Name System and Dynamic Host Configuration Protocol. Students will install and configure these services for automated IP communications. At the end of the day the students will also use the bulk user import utility CSVde. Students must have taken Intro to Windows 2008 server to attend.
 
 

SECURITY AWARENESS TIP OF THE WEEK

 Wireless security is in the news this week thanks to Google’s Street View street-mapping service which inadvertently collected data about people’s online activities from unsecured Wi-Fi networks. (If you haven’t read about it, here’s a link http://news.cnet.com/8301-1009_3-57415550-83/google-street-view-may-face-further-scrutiny/.) In the meantime… make sure your home wireless network is secure by turning on encryption. Encryption scrambles the data sent over wireless networks so it cannot be easily read by humans. We recommend you pick the strongest form of encryption that works with devices that connect to your wireless network.