[2340] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, Nov 1, 2010
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Nov 1 14:32:58 2010
Message-Id: <B0A2EC3F-29E8-4720-A99F-306802ABF591@mit.edu>
From: Monique Yeaton <myeaton@mit.edu>
To: ist-security-fyi@mit.edu
Mime-Version: 1.0 (Apple Message framework v936)
Date: Mon, 1 Nov 2010 14:32:01 -0400
Content-Type: multipart/mixed; boundary="===============1932747704=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============1932747704==
Content-Type: multipart/alternative; boundary=Apple-Mail-10--1056006917
--Apple-Mail-10--1056006917
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
In this issue:
1. IT Partners Luncheon on Data Protection at MIT
2. Risky Trojan Horse for OS X Found
3. Adobe Warns of Flaw in Reader, Acrobat, Flash
----------------------------------------------------------------
1. IT Partners Luncheon on Data Protection at MIT
----------------------------------------------------------------
November 3, 2010, 12pm - 1:30pm, Bush Room 10-105
This lunch time meeting will review the new regulations and laws that
affect the handling and storing of personal data at MIT and what we
can and should do to meet compliance. Members of the IT Security
Systems & Services team, the Department of Undergraduate Education,
and Procurement will introduce a few technical solutions and a new
vendor service currently in use in various areas of the Institute and
talk about how IT administrators and other MIT individuals can do
their part. Lunch is provided.
Please RVSP: rsvp-itpartners@mit.edu if you plan to attend.
------------------------------------------------
2. Risky Trojan Horse for OS X Found
------------------------------------------------
A new Trojan horse malware that affects Mac OS X has been found called
"trojan.osx.boonana.a." It is being disguised as a video link and
distributed through social-networking sites like Facebook. It may have
the text "Is this you in this video?" in the link. When the link is
clicked, the Trojan will run a Java applet that will download other
files to the computer and run an installer automatically.
The Trojan appears to report system information to servers on the
Internet, which can cause a breach of personal information. The Trojan
also will attempt to spread itself by sending messages from the user
account to other people through spam e-mail messages.
As with most Trojans, this will require you to enter your password to
install the software and make modifications to the system, so be sure
you never supply your password unless you specifically open an
installer file and know and trust where that installer came from.
Read the full story: <http://reviews.cnet.com/8301-13727_7-20020892-263.html
>
----------------------------------------------------------------
3. Adobe Warns of Flaw in Reader, Acrobat, Flash
----------------------------------------------------------------
A new critical vulnerability is being exploited to attack computers
running the PDF viewer software, Adobe warned last week. The
vulnerability is not yet patched.
Systems affected:
Flash Player 10.1.85.3 and earlier versions for Windows, Mac, Linux
and Solaris
Flash Player 10.1.95.2 and earlier versions for Android
Reader 9.4 and earlier versions for Windows, Mac and Unix
Acrobat 9.4 and earlier versions for Windows and Mac
Earlier in October, the company plugged 23 holes in Reader and
Acrobat. Adobe is adding sandbox technology designed to add more
layers of protection in the next version of Adobe Reader, Reader X,
due out by mid-November.
Read the full story: <http://news.cnet.com/8301-27080_3-20021055-245.html
>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--Apple-Mail-10--1056006917
Content-Type: text/html;
charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><font =
class=3D"Apple-style-span" face=3D"'Lucida Grande'"><span =
class=3D"Apple-style-span" style=3D"font-size: medium;"><font =
class=3D"Apple-style-span" face=3D"Arial" size=3D"4"><span =
class=3D"Apple-style-span" style=3D"font-size: 14px;"><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">In this issue:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">1. IT Partners Luncheon on Data =
Protection at MIT</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">2. Risky Trojan Horse for OS X Found</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">3. =
Adobe Warns of Flaw in Reader, Acrobat, Flash</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">----------------------------------------------------------------</div><d=
iv style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">1. IT =
Partners Luncheon on Data Protection at MIT</div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">----------------------------------------------------------------</div><d=
iv style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">November 3, 2010, 12pm - 1:30pm, Bush =
Room 10-105</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">This lunch time meeting will =
review the new regulations and laws that affect the handling and storing =
of personal data at MIT and what we can and should do to meet =
compliance. Members of the IT Security Systems & Services team, the =
Department of Undergraduate Education, and Procurement will introduce a =
few technical solutions and a new vendor service currently in use in =
various areas of the Institute and talk about how IT administrators and =
other MIT individuals can do their part. Lunch is =
provided. </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">Please RVSP: <a =
href=3D"mailto:rsvp-itpartners@mit.edu"><span style=3D"text-decoration: =
underline ; color: #2151aa">rsvp-itpartners@mit.edu</span></a> if you =
plan to attend.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; =
">------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">2. =
Risky Trojan Horse for OS X Found</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; =
">------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">A new Trojan horse malware that =
affects Mac OS X has been found called "trojan.osx.boonana.a." It is =
being disguised as a video link and distributed through =
social-networking sites like Facebook. It may have the text "Is this you =
in this video?" in the link. When the link is clicked, the Trojan will =
run a Java applet that will download other files to the computer and run =
an installer automatically.</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><p =
style=3D"margin: 0.0px 0.0px 12.0px 0.0px; font: 14.0px Arial">The =
Trojan appears to report system information to servers on the Internet, =
which can cause a breach of personal information. The Trojan also will =
attempt to spread itself by sending messages from the user account to =
other people through spam e-mail messages.</p><p style=3D"margin: 0.0px =
0.0px 12.0px 0.0px; font: 14.0px Arial">As with most Trojans, this will =
require you to enter your password to install the software and make =
modifications to the system, so be sure you never supply your password =
unless you specifically open an installer file and know and trust where =
that installer came from.</p><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Read the full story: <<a =
href=3D"http://reviews.cnet.com/8301-13727_7-20020892-263.html">http://rev=
iews.cnet.com/8301-13727_7-20020892-263.html</a>></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">----------------------------------------------------------------</div><d=
iv style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">3. =
Adobe Warns of Flaw in Reader, Acrobat, Flash</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">----------------------------------------------------------------</div><d=
iv style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">A new critical vulnerability is being =
exploited to attack computers running the PDF viewer software, Adobe =
warned last week. The vulnerability is not yet patched.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Systems affected:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div>
<ul style=3D"list-style-type: disc">
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Flash =
Player 10.1.85.3 and earlier versions for Windows, Mac, Linux and =
Solaris</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Flash =
Player 10.1.95.2 and earlier versions for Android</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Reader =
9.4 and earlier versions for Windows, Mac and Unix</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Arial">Acrobat 9.4 and earlier versions for Windows and Mac</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; =
min-height: 16.0px"><br></li>
</ul><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">Earlier in October, the company plugged 23 holes in Reader and =
Acrobat. Adobe is adding sandbox technology designed to add more layers =
of protection in the next version of Adobe Reader, Reader X, due out by =
mid-November. </div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Read the full story: <<a =
href=3D"http://news.cnet.com/8301-27080_3-20021055-245.html">http://news.c=
net.com/8301-27080_3-20021055-245.html</a>></div><div><br></div></span>=
</font></span></font></div><br><div apple-content-edited=3D"true"><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; color: =
rgb(0, 0, 0); font-family: Calibri; font-size: medium; font-style: =
normal; font-variant: normal; font-weight: normal; letter-spacing: =
normal; line-height: normal; orphans: 2; text-align: auto; text-indent: =
0px; text-transform: none; white-space: normal; widows: 2; word-spacing: =
0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><div><div><font class=3D"Apple-style-span" =
face=3D"'Lucida Grande'"><span class=3D"Apple-style-span" =
style=3D"font-size: medium;"><br></span></font><div>Monique =
Yeaton</div><div>IT Security Awareness Consultant</div><div>MIT =
Information Services & Technology (IS&T)</div><div>(617) =
253-2715</div><div><a =
href=3D"http://ist.mit.edu/security">http://ist.mit.edu/security</a></div>=
<div><br></div><br></div></div><br></div></span><br =
class=3D"Apple-interchange-newline"></div></span><br =
class=3D"Apple-interchange-newline"> </div><br></body></html>=
--Apple-Mail-10--1056006917--
--===============1932747704==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1932747704==--
