[2291] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, June 21, 2010
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Jun 21 11:21:22 2010
From: Monique Yeaton <myeaton@mit.edu>
Date: Mon, 21 Jun 2010 11:20:11 -0400
Message-Id: <C1B65352-5FDB-43F6-9D11-1D0715F7D81F@mit.edu>
To: ist-security-fyi@mit.edu
Mime-Version: 1.0 (Apple Message framework v1078)
Cc: itss@mit.edu
Content-Type: multipart/mixed; boundary="===============0036207415=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============0036207415==
Content-Type: multipart/alternative; boundary=Apple-Mail-93-326184779
--Apple-Mail-93-326184779
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
In this issue:
1. Mac OS X Update 10.6.4 (2010-004) Released
2. Stolen Gaming Credentials Uncovered
3. Printers, Copiers and Fax Machines, Oh My!
---------------------------------------------------------------
1. Mac OS X Update 10.6.4 (2010-004) Released
---------------------------------------------------------------
On Tuesday, June 15, Apple released a security update for Mac OS X to =
address 28 vulnerabilities. The update fixes flaws in 17 of the =
operating system's components, including iChat and Flash Player.
Although the security update addresses a pair of flaws in Flash, the =
version of Flash included with the update is not the most recent and =
safest one (Adobe released Flash version 10.1 last week). Mac users =
should check to see which version of Flash they have on their computers. =
The security update does not appear to downgrade users who already had =
updated to Flash 10.1.
About the content of Security Update 2010-004:
<http://support.apple.com/kb/HT4188>
By default, users will automatically receive the security update through =
Software Update. But it can also be downloaded from the Apple site here:
<http://support.apple.com/downloads/>
----------------------------------------------------
2. Stolen Gaming Credentials Uncovered
----------------------------------------------------
Do you play games online? If you do, you may want to change your log in =
credentials. Symantec has unearthed a server hosting the credentials of =
44 million stolen gaming accounts. As described in a blog post by =
Symantec, the database has accounts for at least 18 gaming sites, =
including World of Warcraft, Aion, PlayNC and Wayi Entertainment. The =
value of stolen gaming credentials can range from $35 to several =
thousand dollars.
The accounts are being validated by a Trojan (a type of malicious =
software) known as Trojan.Loginck and distributed to compromised =
computers. Symantec recommends users of these gaming sites to change =
their passwords and as always to keep their virus definitions up to date =
in order to ensure protection against new threats.
Read the Symantec blog post:
=
<http://www.symantec.com/connect/blogs/44-million-stolen-gaming-credential=
s-uncovered>
------------------------------------------------------------
3. Printers, Copiers and Fax Machines, Oh My!
------------------------------------------------------------
If you watched the CBS News report last month on the data security risks =
of office copiers, you may be a bit concerned about the security of the =
data on copiers here at MIT. The CBS video states that "nearly every =
digital copier built since 2002 contains one of these, a hard drive. =
Like the one in your personal computer, it sores an image of every =
document scanned, copied or emailed by the machine."
It is important to note that this problem is not unique to copiers. Any =
device that contains a flash memory or hard drive can store documents =
electronically, so printers, scanners, fax machines and multi-function =
devices are just as potentially capable of storing sensitive data.
What can be done? For owned copiers and other similar devices, the =
information in the CBS News report makes it clear that a determination =
should be made about what to do with the drive at end of life. They can =
either be wiped clean or removed and destroyed before the device is sold =
or recycled.
For leased copiers/printers/scanners/fax machines, administrators who =
work with the vendors should review contracts and lease agreements to =
ensure they include language that makes it clear no data remains on =
those drives after the lease expires.=20
Note: Some devices do not retain data by default, so it's important to =
know the default settings of the devices being used.
Watch the report: <http://www.youtube.com/watch?v=3Dy01xLquSIrc>
Educause has collected guidelines and resources addressing security =
concerns for copiers or multi-function devices here:
=
<https://wiki.internet2.edu/confluence/display/itsg2/Copier+and+MFD+Securi=
ty>
I also found this article by Michael Kassner of TechRepublic.com, which =
has tips for securing data on some copiers:
<http://blogs.techrepublic.com.com/security/?p=3D3841>
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
Find current and older issues of Security FYI Newsletter: =
<http://kb.mit.edu/confluence/x/ehBB>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--Apple-Mail-93-326184779
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">In this issue:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">1. Mac OS X Update 10.6.4 (2010-004) =
Released</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">2. Stolen Gaming Credentials Uncovered</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">3. =
Printers, Copiers and Fax Machines, Oh My!</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">---------------------------------------------------------------</div><di=
v style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">1. Mac =
OS X Update 10.6.4 (2010-004) Released</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">---------------------------------------------------------------</div><di=
v style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">On Tuesday, June 15, Apple released a =
security update for Mac OS X to address 28 vulnerabilities. The update =
fixes flaws in 17 of the operating system's components, including iChat =
and Flash Player.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Although the security update =
addresses a pair of flaws in Flash, the version of Flash included with =
the update is not the most recent and safest one (Adobe released Flash =
version 10.1 last week). Mac users should check to see which version of =
Flash they have on their computers. The security update does not appear =
to downgrade users who already had updated to Flash 10.1.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">About the content of Security Update =
2010-004:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; "><<a =
href=3D"http://support.apple.com/kb/HT4188">http://support.apple.com/kb/HT=
4188</a>></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">By default, users will =
automatically receive the security update through Software Update. But =
it can also be downloaded from the Apple site here:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; "><<a =
href=3D"http://support.apple.com/downloads/">http://support.apple.com/down=
loads/</a>></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; =
">----------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">2. =
Stolen Gaming Credentials Uncovered</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; =
">----------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Do you play games online? If you do, =
you may want to change your log in credentials. Symantec has unearthed a =
server hosting the credentials of 44 million stolen gaming accounts. As =
described in a blog post by Symantec, the database has accounts for at =
least 18 gaming sites, including World of Warcraft, Aion, PlayNC and =
Wayi Entertainment. The value of stolen gaming credentials can range =
from $35 to several thousand dollars.</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">The accounts are being validated by a Trojan (a =
type of malicious software) known as Trojan.Loginck and distributed to =
compromised computers. Symantec recommends users of these gaming sites =
to change their passwords and as always to keep their virus definitions =
up to date in order to ensure protection against new threats.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Read the Symantec blog =
post:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; "><<a =
href=3D"http://www.symantec.com/connect/blogs/44-million-stolen-gaming-cre=
dentials-uncovered">http://www.symantec.com/connect/blogs/44-million-stole=
n-gaming-credentials-uncovered</a>></div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">------------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">3. =
Printers, Copiers and Fax Machines, Oh My!</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">------------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">If you watched the CBS News report =
last month on the data security risks of office copiers, you may be a =
bit concerned about the security of the data on copiers here at MIT. The =
CBS video states that "nearly every digital copier built since 2002 =
contains one of these, a hard drive. Like the one in your personal =
computer, it sores an image of every document scanned, copied or emailed =
by the machine."</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">It is important to note that =
this problem is not unique to copiers. Any device that contains a flash =
memory or hard drive can store documents electronically, so printers, =
scanners, fax machines and multi-function devices are just as =
potentially capable of storing sensitive data.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">What can be done? For owned copiers =
and other similar devices, the information in the CBS News report makes =
it clear that a determination should be made about what to do with the =
drive at end of life. They can either be wiped clean or removed and =
destroyed before the device is sold or recycled.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">For leased =
copiers/printers/scanners/fax machines, administrators who work with the =
vendors should review contracts and lease agreements to ensure they =
include language that makes it clear no data remains on those drives =
after the lease expires. </div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Note: =
Some devices do not retain data by default, so it's important to know =
the default settings of the devices being used.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; color: rgb(19, 79, 174); "><span =
style=3D"color: #000000">Watch the report: <</span><span =
style=3D"text-decoration: underline"><a =
href=3D"http://www.youtube.com/watch?v=3Dy01xLquSIrc">http://www.youtube.c=
om/watch?v=3Dy01xLquSIrc</a></span><span style=3D"color: =
#000000">></span></div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Educause has collected =
guidelines and resources addressing security concerns for copiers or =
multi-function devices here:</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; "><<a =
href=3D"https://wiki.internet2.edu/confluence/display/itsg2/Copier+and+MFD=
+Security">https://wiki.internet2.edu/confluence/display/itsg2/Copier+and+=
MFD+Security</a>></div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">I also found this article by =
Michael Kassner of <a =
href=3D"http://TechRepublic.com">TechRepublic.com</a>, which has tips =
for securing data on some copiers:</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; "><<a =
href=3D"http://blogs.techrepublic.com.com/security/?p=3D3841">http://blogs=
.techrepublic.com.com/security/?p=3D3841</a>></div><div><br></div><div>=
<div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; =
">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Find current and older issues =
of Security FYI Newsletter: <<a =
href=3D"http://kb.mit.edu/confluence/x/ehBB"><span =
style=3D"text-decoration: underline ; color: =
#2f69b5">http://kb.mit.edu/confluence/x/ehBB</span></a>></div></div><br=
><br><div>
<span class=3D"Apple-style-span" style=3D"font-family: Calibri; =
font-size: 14px; "><div style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; =
"><div><div><div><br></div><div>Monique Yeaton</div><div>IT Security =
Awareness Consultant</div><div>MIT Information Services & Technology =
(IS&T)</div><div>(617) 253-2715</div><div><a =
href=3D"http://ist.mit.edu/security">http://ist.mit.edu/security</a></div>=
<div><br></div><br></div></div><br></div></span><br =
class=3D"Apple-interchange-newline"><br =
class=3D"Apple-interchange-newline">
</div>
<br></body></html>=
--Apple-Mail-93-326184779--
--===============0036207415==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0036207415==--
