Archive for April, 2010

DIR Cyber Security publication for May – Cloud Computing

Tuesday, April 27th, 2010

DIR has published their Cyber Security column for May. The topic is cloud computing. You can access the document at – http://www.dir.state.tx.us/security/reading/2010/201005cybersec.pdf

Please patch your Chrome Browser installs to version – 4.1.249.1059

Friday, April 23rd, 2010

http://secunia.com/advisories/39544/DescriptionSome vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct cross-site request forgery and cross-site scripting attacks or potentially compromise a user’s system. 1) An unspecified error exists in the type handling related to forms. 2) An unspecified error in the […]

A little TOO linked in?

Monday, April 19th, 2010

http://isc.sans.org/diary.html?storyid=8650When ISC reader Josh realized that only five people at his firm had received the “legal threat” malware email that we reported on earlier, he started digging. The targeting of the bad guys had been spot on, all five recipients were in fact involved in the handling of money for Josh’s employer, a large real […]

Access to University Risk Assessment Applications – ISAAC and ISAAC-S

Monday, April 19th, 2010

The period between April 2 and May 31 each year Risk Assessment time for University and System applications.  Please use one of the following applications to access the Risk Assessment web application to submit your annual risk assessment.  The ISAAC-S application will require you provide an IP address to the AgriLife ISO before you can […]

Java 1.60.20 has been released

Thursday, April 15th, 2010

A new version of Java has been released. Everything I am seeing indicates it was released in the last 12 hours. Please make sure your Java Control Panel is set to download updates automatically. UpdateLink for the version 20 download is http://java.sun.com/javase/downloads/index.jsp?cid=928338

DIR link to protecting mobile devices pdf

Tuesday, April 13th, 2010

http://www.nascio.org/publications/documents/NASCIO-SecurityAtTheEdge2.pdf SECURITY AT THE EDGE: PROTECTING MOBILE COMPUTING DEVICES If a state is going to permit non-government-issued smartphones to be usedin the workplace, there are steps that need to be taken to provide adequatesecurity measures.  Extend enterprise security policies to encompass personal devices used for business purposes. To the extent possible, State CIOs must formally […]

NIST document 800-122 – Protecting the Confidentiality of Personally Identifiable Information

Monday, April 12th, 2010

Last week, DIR provided a link to an updated NIST document called Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf . Attached is the executive summary from the NIST document.  You can read more at the URL provided above. Organizations should identify all PII residing in their environment.An organization cannot properly protect PII […]

blocking port 25 on TAMULink wireless – May 15

Monday, April 12th, 2010

> On May 15, 2010, Networking and Information Security (NIS) will> begin blocking outbound connections to port 25 (SMTP) from> devices connected to the TAMULink wireless network.> > All wireless users should verify their mail clients are> configured to use the mail submission port 587. Help Desk Central> has step-by-step instructions for many email clients […]

Adobe patch to be issued on April 13 – also auto updater to be implemented

Friday, April 9th, 2010

http://threatpost.com/en_us/blogs/adobe-patches-auto-updater-coming-april-13-040810Adobe today announced plans to ship a critical security patch next Tuesday (April 13, 2010) to fix multiple high-risk security holes in its Reader and Acrobat product lines. The patches will be released alongside a new automatic updater software that the company hopes will speed up the downloading and deployment of its security fixes.   The […]

April Microsoft patch list

Thursday, April 8th, 2010

Looks like April won’t be a bad month for MS patches, but we won’t get out with just the IE out of band patches either. I am seeing the following: Five patches identified as critical for either 2000 or XP systems.Three patches identified as critical for Server 2003 or Server 2008Two patches identified as critical […]