[10239] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, September 30, 2014
daemon@ATHENA.MIT.EDU (Monique Buchanan)
Tue Sep 30 09:36:29 2014
Resent-From: ist-security-fyi@mit.edu
From: Monique Buchanan <myeaton@mit.edu>
To: ist-security-fyi <ist-security-fyi@mit.edu>
Date: Tue, 30 Sep 2014 13:34:37 +0000
Message-ID: <68160C2C-5E74-4984-B390-1738BE9148C3@mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1005405371=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============1005405371==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_68160C2C5E744984B3901738BE9148C3mitedu_"
--_000_68160C2C5E744984B3901738BE9148C3mitedu_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. The ShellShock Bug
2. Event on Oct. 7: Free Coffee and Donut with a Slice of Security
3. The CryptoWall Attack
-------------------------------
1. The ShellShock Bug
-------------------------------
A critical vulnerability in bash Unix shell, nicknamed =93shellshock=94 was=
reported by the security community last week. It is said to be more seriou=
s than the Heartbleed vulnerability.
Bash is a command language interpreter and is available on almost all non-W=
indows systems, including OS X. Especially vulnerable are web servers that =
are hosting CGI scripts, and certain other network services such as DHCP an=
d FTP, so it=92s imperative that bash is patched on these systems.
If you are an IS&T managed-server hosted customer, your systems were patche=
d on 9/24. When doing a scan of the network, IS&T found only a handful of s=
ystems vulnerable to the bug, which indicates that maintainers patched thei=
r systems quickly.
Please refer to this Knowledge Base article for instructions on patching Re=
d Hat Enterprise and Ubuntu Linux systems: http://kb.mit.edu/confluence/x/7=
wgrCQ. Note that the patch CVE-2014-7169 is the patch to apply (it supersed=
es the earlier patch).
Unfortunately, the patches released by the bash scripting team did not fix =
*all* of the bash problems. See this article on ArsTechnica for more on the=
situation<http://arstechnica.com/security/2014/09/still-more-vulnerabiliti=
es-in-bash-shellshock-becomes-whack-a-mole/>.
The vulnerability is being actively exploited. It is recommended to be care=
ful of any unusual attachments to emails.
Additional information:
* A webcast briefing from the Internet Storm Center (ISC) on how shells=
hock works and what to do about it<https://isc.sans.edu/forums/diary/Webcas=
t+Briefing+Bash+Code+Injection+Vulnerability/18709>
* The ISC blog, summarizing the problem<https://isc.sans.edu/forums/dia=
ry/Update+on+CVE-2014-6271+Vulnerability+in+bash+shellshock+/18707>
* Direct link to YouTube video of the ISC briefing<https://www.youtube.=
com/watch?v=3DW7GaVyzkCs0>
---------------------------------------------------------------------------=
------------
2. Event on Oct. 7: Free Coffee and Donut with a Slice of Security
---------------------------------------------------------------------------=
------------
Next week Tuesday, October 7, IS&T is hosting a table in W20 from 9:00 unti=
l 11:00 am, in support of National Cyber Security Awareness Month (NCSAM).
Have any security concerns? Want help with securing your computer or smartp=
hone?
IS&T personnel will be on hand to help.
Think you=92re pretty savvy when it comes to phishing or other cyber attack=
s? Test your threat level with our security quiz cards.
And don=92t forget to grab a free coffee and donut.
---------------------------------
3. The CryptoWall Attack
---------------------------------
A form of ransomware, CryptoWall is one of the viruses trying to hit unpatc=
hed machines. Should you fall victim, CryptoWall will encrypt your folders =
and attempt to extort money from you to decrypt/release them. They ask $750=
.
Your best defense against this type of virus is having virus detection soft=
ware, such as Sophos<http://ist.mit.edu/sophos>, installed on your machine.=
Keep all your software, including browsers, up to date with the latest sec=
urity patches<http://ist.mit.edu/security/patches>.
CyptoWall Indicators<https://msisac.cisecurity.org/daily-tips/cryptowall-in=
dicators.cfm>
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Read all archived Security FYI Newsletter articles and submit comments onli=
ne at http://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Monique Buchanan
IT Security Communications Coordinator
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715
--_000_68160C2C5E744984B3901738BE9148C3mitedu_
Content-Type: text/html; charset="Windows-1252"
Content-ID: <5C2B5952A291DD45B9D2B8DCAAB96965@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space;">
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">In this issue:</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">1. The ShellShock Bug</=
div>
<div style=3D"margin: 0px; font-family: Helvetica;">2. Event on Oct. 7: Fre=
e Coffee and Donut with a Slice of Security</div>
<div style=3D"margin: 0px; font-family: Helvetica;">3. The CryptoWall Attac=
k</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
--------</div>
<div style=3D"margin: 0px; font-family: Helvetica;">1. The ShellShock Bug</=
div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
--------</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">A critical vulnerabilit=
y in bash Unix shell, nicknamed =93shellshock=94 was reported by the securi=
ty community last week. It is said to be more serious than the Heartbleed v=
ulnerability.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Bash is a command langu=
age interpreter and is available on almost all non-Windows systems, includi=
ng OS X. Especially vulnerable are web servers that are hosting CGI scripts=
, and certain other network services
such as DHCP and FTP, so it=92s imperative that bash is patched on these s=
ystems.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">If you are an IS&T =
managed-server hosted customer, your systems were patched on 9/24. When doi=
ng a scan of the network, IS&T found only a handful of systems vulnerab=
le to the bug, which indicates that maintainers
patched their systems quickly.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Please refer to this Kn=
owledge Base article for instructions on patching Red Hat Enterprise and Ub=
untu Linux systems:
<a href=3D"http://kb.mit.edu/confluence/x/7wgrCQ">http://kb.mit.edu/conflue=
nce/x/7wgrCQ</a><span style=3D"text-decoration: underline ; color: #4787ff"=
>.</span> Note that the patch CVE-2014-7169 is the patch to apply (it super=
sedes the earlier patch).</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Unfortunately, the patc=
hes released by the bash scripting team did not fix *all* of the bash probl=
ems.
<a href=3D"http://arstechnica.com/security/2014/09/still-more-vulnerabiliti=
es-in-bash-shellshock-becomes-whack-a-mole/">
See this article on ArsTechnica for more on the situation</a>. </div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">The vulnerability is be=
ing actively exploited. It is recommended to be careful of any unusual atta=
chments to emails.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Additional information:=
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<ul>
<li style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"https://isc.s=
ans.edu/forums/diary/Webcast+Briefing+Bash+Code+Injection&#=
43;Vulnerability/18709">A webcast briefing from the Internet Storm Center (=
ISC) on how shellshock works and what to do about it</a>
</li><li style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"https://=
isc.sans.edu/forums/diary/Update+on+CVE-2014-6271+Vulnerability=
+in+bash+shellshock+/18707">The ISC blog, summarizing the p=
roblem</a>
</li><li style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"https://=
www.youtube.com/watch?v=3DW7GaVyzkCs0">Direct link to YouTube video of the =
ISC briefing</a>
</li></ul>
<div style=3D"margin: 0px; font-family: Helvetica; color: rgb(71, 135, 255)=
; min-height: 17px;">
<span style=3D"text-decoration: underline"></span><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
----------------------------------------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica;">2. Event on Oct. 7: Fre=
e Coffee and Donut with a Slice of Security</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
----------------------------------------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Next week Tuesday, Octo=
ber 7, IS&T is hosting a table in W20 from 9:00 until 11:00 am, in supp=
ort of National Cyber Security Awareness Month (NCSAM). </div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Have any security conce=
rns? Want help with securing your computer or smartphone?</div>
<div style=3D"margin: 0px; font-family: Helvetica;">IS&T personnel will=
be on hand to help.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Think you=92re pretty s=
avvy when it comes to phishing or other cyber attacks? Test your threat lev=
el with our security quiz cards.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">And don=92t forget to g=
rab a free coffee and donut.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
----------</div>
<div style=3D"margin: 0px; font-family: Helvetica;">3. The CryptoWall Attac=
k</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
----------</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">A form of ransomware, C=
ryptoWall is one of the viruses trying to hit unpatched machines. Should yo=
u fall victim, CryptoWall will encrypt your folders and attempt to extort m=
oney from you to decrypt/release them.
They ask $750. </div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Your best defense again=
st this type of virus is having virus detection software, such as
<a href=3D"http://ist.mit.edu/sophos">Sophos</a>, installed on your machine=
. Keep all your software, including browsers, up to date with the latest
<a href=3D"http://ist.mit.edu/security/patches">security patches</a>. =
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"https://msis=
ac.cisecurity.org/daily-tips/cryptowall-indicators.cfm">CyptoWall Indicator=
s</a></div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div apple-content-edited=3D"true">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<div style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Read all archived Secur=
ity FYI Newsletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"color: rgb(4, =
46, 238);">http://securityfyi.wordpress.com/</span></a>.</div>
<div style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</div>
</div>
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<br>
</div>
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<br>
Monique Buchanan<br>
IT Security Communications Coordinator<br>
Information Systems & Technology (IS&T)<br>
Massachusetts Institute of Technology<br>
<a href=3D"http://ist.mit.edu/secure">http://ist.mit.edu/secure</a><br>
tel: 617.253.2715<br>
<br>
<br>
</div>
</div>
</div>
</div>
<br>
</body>
</html>
--_000_68160C2C5E744984B3901738BE9148C3mitedu_--
--===============1005405371==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1005405371==--
