[2314] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, July 26, 2010
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Jul 26 13:42:10 2010
From: Monique Yeaton <myeaton@MIT.EDU>
Date: Mon, 26 Jul 2010 13:41:14 -0400
Message-Id: <A16997B1-D883-400E-954B-F9F6C4EDFB29@mit.edu>
To: ist-security-fyi@MIT.EDU
Mime-Version: 1.0 (Apple Message framework v1081)
Cc: itss@MIT.EDU
Content-Type: multipart/mixed; boundary="===============2057897666=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============2057897666==
Content-Type: multipart/alternative; boundary=Apple-Mail-58--936319529
--Apple-Mail-58--936319529
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
In this issue:
1. Mozilla Updates Firefox and Thunderbird
2. Microsoft Announces Windows Shortcut Flaw
3. Default Router Login Settings Keep Networks Vulnerable
4. Tips for Safer Facebook Use
-------------------------------------------------------
1. Mozilla Updates Firefox and Thunderbird
-------------------------------------------------------
Mozilla has pushed out an updated version of its Firefox browser to fix =
16 security holes, including nine that have been rated critical. Firefox =
3.6 also includes changes to improve stability. Mozilla plans to =
release another Firefox update following the Black Hat conference to fix =
any flaws divulged there.
The story in the news: <http://www.computerworld.com/s/article/9179504/>
------------------------------------------------------------
2. Microsoft Announces Windows Shortcut Flaw
------------------------------------------------------------
Microsoft released an advisory about a week ago regarding a zero day =
flaw in the Windows shell that is present in every supported version of =
Windows. The flaw can infect a fully patched Windows machine if the user =
were to view the contents of an infected USB drive with a common file =
manager such as Windows Explorer which can display shortcut icons.=20
A fix for the flaw has not yet been released. The advisory includes a =
few work arounds but they are not very intuitive for your average user.=20=
The Microsoft Security Advisory: =
<http://www.microsoft.com/technet/security/advisory/2286198.mspx>
The story in the news: <http://www.computerworld.com/s/article/9179358/>
=
--------------------------------------------------------------------------=
-
3. Default Router Login Settings Keep Networks Vulnerable
=
--------------------------------------------------------------------------=
-
It may seem obvious to some, but changing the default password of home =
routers is the single most important thing you can do to prevent an =
attack on your home's network.=20
According to a recent Forbes report, an exploit could easily be created =
to hack most Linksys, Dell, Verizon Fios or DSL routers. The exploit =
could allow attackers to hijack the routers to steal information or =
redirect the user's browsing, according to the report. The method of =
attack still requires the attacker to compromise the victim's router =
after gaining access to his or her network. But that can be accomplished =
by using a vulnerability in the device's software or by simply trying =
the default login password. Only a tiny fraction of users actually =
change their login settings.
Read the full story: =
<http://darkreading.com/authentication/security/vulnerabilities/showArticl=
e.jhtml?articleID=3D225900016>
---------------------------------------
4. Tips for Safer Facebook Use
---------------------------------------
Nearly half a billion people use Facebook, making it a target for =
criticism, controversy, curiosity as well as a place for hackers, =
crackers, spammers and scammers to do their evil best.=20
These tips come from a recent SANS newsletter and address specifically =
Facebook and safety issues:
Assume that your personal information is visible to anyone, not just =
your friends
To prevent identity theft, do not display your full birth date, show =
just the month and day or leave it blank
To protect children, do not add their names to photos or comments
Do not mention being away from home, leave vacation plans vague
Restrict searches for your information, and find out what options are =
available for restricting public searches. At minimum, you should be =
able to prevent your information from being searched by anyone other =
than your friends
Supervise your children under age 13 using social networks, possibly =
become one of their online friends
Think twice about who to allow to become an online friend, and find out =
if you can remove a friend if you change your mind about them or =
discover they're not who they claim to be
Use an up to date web browser and have comprehensive anti-virus software =
on your computer as well as an enabled firewall
Adjust your privacy settings to protect your identity, understand how to =
use them and be aware they change over time
Make a cut-down version of your profile available to everyone, reveal =
the rest only to people you trust
Disable options and add them one by one and turn off unfamiliar settings =
until you understand, need or want them
Understand what happens when you close your account; must you submit a =
delete request and does it come with gotchas such as photos remaining on =
their server?
=09
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
Find current and older issues of Security FYI Newsletter: =
<http://kb.mit.edu/confluence/x/ehBB>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--Apple-Mail-58--936319529
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">In this issue:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">1. Mozilla Updates Firefox and =
Thunderbird</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">2. Microsoft Announces Windows Shortcut =
Flaw</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">3. Default Router Login Settings Keep Networks =
Vulnerable</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">4. Tips for Safer Facebook Use</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">-------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">1. =
Mozilla Updates Firefox and Thunderbird</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">-------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Mozilla has pushed out an updated =
version of its Firefox browser to fix 16 security holes, including nine =
that have been rated critical. Firefox 3.6 also includes changes to =
improve stability. Mozilla plans to release another Firefox update =
following the Black Hat conference to fix any flaws divulged =
there.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">The story in the news: <<a =
href=3D"http://www.computerworld.com/s/article/9179504/">http://www.comput=
erworld.com/s/article/9179504/</a>></div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">------------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">2. =
Microsoft Announces Windows Shortcut Flaw</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">------------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Microsoft released an advisory about =
a week ago regarding a zero day flaw in the Windows shell that is =
present in every supported version of Windows. The flaw can infect a =
fully patched Windows machine if the user were to view the contents of =
an infected USB drive with a common file manager such as Windows =
Explorer which can display shortcut icons. </div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">A fix for the flaw has not yet been =
released. The advisory includes a few work arounds but they are not very =
intuitive for your average user. </div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">The Microsoft Security Advisory: <<a =
href=3D"http://www.microsoft.com/technet/security/advisory/2286198.mspx">h=
ttp://www.microsoft.com/technet/security/advisory/2286198.mspx</a>></di=
v><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">The story in the news: <<a =
href=3D"http://www.computerworld.com/s/article/9179358/">http://www.comput=
erworld.com/s/article/9179358/</a>></div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">------------------------------------------------------------------------=
---</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">3. Default Router Login Settings Keep Networks =
Vulnerable</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; =
">------------------------------------------------------------------------=
---</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">It may seem obvious to some, =
but changing the default password of home routers is the single most =
important thing you can do to prevent an attack on your home's =
network. </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">According to a recent Forbes =
report, an exploit could easily be created to hack most Linksys, Dell, =
Verizon Fios or DSL routers. The exploit could allow attackers to hijack =
the routers to steal information or redirect the user's browsing, =
according to the report. The method of attack still requires the =
attacker to compromise the victim's router after gaining access to his =
or her network. But that can be accomplished by using a vulnerability in =
the device's software or by simply trying the default login password. =
Only a tiny fraction of users actually change their login =
settings.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Read the full story: <<a =
href=3D"http://darkreading.com/authentication/security/vulnerabilities/sho=
wArticle.jhtml?articleID=3D225900016">http://darkreading.com/authenticatio=
n/security/vulnerabilities/showArticle.jhtml?articleID=3D225900016</a>>=
</div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">---------------------------------------</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">4. Tips for Safer Facebook =
Use</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">---------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Nearly half a billion people use =
Facebook, making it a target for criticism, controversy, curiosity as =
well as a place for hackers, crackers, spammers and scammers to do their =
evil best. </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">These tips come from a recent =
SANS newsletter and address specifically Facebook and safety =
issues:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div>
<ul style=3D"list-style-type: disc">
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Assume =
that your personal information is visible to anyone, not just your =
friends</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">To =
prevent identity theft, do not display your full birth date, show just =
the month and day or leave it blank</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">To =
protect children, do not add their names to photos or comments</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Do not =
mention being away from home, leave vacation plans vague</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Arial">Restrict searches for your information, and find out what options =
are available for restricting public searches. At minimum, you should be =
able to prevent your information from being searched by anyone other =
than your friends</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Arial">Supervise your children under age 13 using social networks, =
possibly become one of their online friends</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Think =
twice about who to allow to become an online friend, and find out if you =
can remove a friend if you change your mind about them or discover =
they're not who they claim to be</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Use an =
up to date web browser and have comprehensive anti-virus software on =
your computer as well as an enabled firewall</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Adjust =
your privacy settings to protect your identity, understand how to use =
them and be aware they change over time</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Make a =
cut-down version of your profile available to everyone, reveal the rest =
only to people you trust</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Arial">Disable options and add them one by one and turn off unfamiliar =
settings until you understand, need or want them</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Arial">Understand what happens when you close your account; must you =
submit a delete request and does it come with gotchas such as photos =
remaining on their server?</li>
</ul><p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; =
min-height: 16.0px"><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span><br =
class=3D"webkit-block-placeholder"></p><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Find current and older issues =
of Security FYI Newsletter: <<a =
href=3D"http://kb.mit.edu/confluence/x/ehBB"><span =
style=3D"text-decoration: underline ; color: =
#2f69b5">http://kb.mit.edu/confluence/x/ehBB</span></a>></div><div><br>=
</div><div><span class=3D"Apple-style-span" style=3D"border-collapse: =
separate; color: rgb(0, 0, 0); font-family: Calibri; font-size: medium; =
font-style: normal; font-variant: normal; font-weight: normal; =
letter-spacing: normal; line-height: normal; orphans: 2; text-align: =
auto; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><div><div><font class=3D"Apple-style-span" =
face=3D"'Lucida Grande'"><span class=3D"Apple-style-span" =
style=3D"font-size: medium;"><br></span></font><div>Monique =
Yeaton</div><div>IT Security Awareness Consultant</div><div>MIT =
Information Services & Technology (IS&T)</div><div>(617) =
253-2715</div><div><a =
href=3D"http://ist.mit.edu/security">http://ist.mit.edu/security</a></div>=
<div><br></div><br></div></div><br></div></span><br =
class=3D"Apple-interchange-newline"></span><br =
class=3D"Apple-interchange-newline">
</div>
<br></body></html>=
--Apple-Mail-58--936319529--
--===============2057897666==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============2057897666==--
