[2403] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, September 26, 2011
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Sep 26 17:11:19 2011
From: Monique Yeaton <myeaton@mit.edu>
To: "ist-security-fyi@mit.edu" <ist-security-fyi@mit.edu>
Date: Mon, 26 Sep 2011 17:10:15 -0400
Message-ID: <CAA66277.1CE3A%myeaton@exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Cc: "itss@mit.edu" <itss@mit.edu>
Content-Type: multipart/mixed; boundary="===============1027907702=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============1027907702==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_CAA662771CE3Amyeatonexchangemitedu_"
--_000_CAA662771CE3Amyeatonexchangemitedu_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Adobe Fixes Flash Player Vulnerability
2. One-Third of Massachusetts Residents Have Data Compromised
----------------------------------------------------
1. Adobe Fixes Flash Player Vulnerability
----------------------------------------------------
Last week Adobe published an unscheduled emergency patch for Flash Player t=
o address many critical security issues.
Systems affected:
* Flash Player versions up to and including 10.3.183.7 for Windows, Mac =
OS X, Linux and Solaris
* Versions 10.3.186.6 and earlier for Android
The Flash Player updates are the company=92s response to a recently discove=
red universal cross-site scripting (XSS) hole. According to Adobe, the vuln=
erability is already being actively exploited by attackers to bypass the sa=
me origin policy, allowing them to, for example, take actions on a user=92s=
behalf on any Web site, or steal a victim=92s cookies. For an attack to be=
successful, a victim must click on a malicious link.
Read the full story:
< http://www.h-online.com/security/news/item/Adobe-publishes-emergency-patc=
h-to-fix-critical-Flash-vulnerabilities-1348193.html >
Get latest Adobe Flash Player:
< http://get.adobe.com/flashplayer/ >
---------------------------------------------------------------------------=
-----------
2. One-Third of Massachusetts Residents Have Data Compromised
---------------------------------------------------------------------------=
-----------
As posted in an article in Network World (networkworld.com), personal infor=
mation on about one-third of Massachusetts residents has been compromised. =
This number comes from the state=92s attorney general (AG), Martha Coakley,=
citing statistics gleaned from the tough data breach reporting law. About =
2.1 million of the state=92s roughly 6.6 million residents had some form of=
personal data put at risk in 1,166 reported theft incidents the AG said, a=
ccording to a report in the Boston Globe.
Coakley was citing numbers gathered from the start of 2010 through August 2=
011. She said she is reviewing the data to see whether the law, which impos=
es heavy fines for non-compliance by entities entrusted with this informati=
on, is cutting back on breaches that lead to compromises.
The cause? The AG said a combination of hacking, errors by employees, and a=
growing body of personal data stored electronically by businesses will put=
that data at more risk over time. The largest breach in the time period th=
e AG is reviewing involved information on about 800,000 people that was los=
t by a vendor hired to destroy it.
Read the full story:
< http://www.networkworld.com/news/2011/092111-massachusetts-data-compromis=
ed-251099.html >
Try the data breach quiz to test your awareness of the problem:
< http://www.networkworld.com/slideshows/2011/062211-data-breach.html >
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_CAA662771CE3Amyeatonexchangemitedu_
Content-Type: text/html; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
<html><head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252"></head><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space;=
-webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14p=
x; font-family: Calibri, sans-serif; "><div><div><div style=3D"font-family:=
Calibri, sans-serif; font-size: 14px; "><span style=3D"font-family: Arial;=
">In this issue:</span></div><div style=3D"font-family: Calibri, sans-seri=
f; font-size: 14px; "><span style=3D"font-family: Arial; "><br></span></div=
><div><span style=3D"font-family: Arial; ">1. Adobe Fixes Flash Player Vuln=
erability</span></div><div><span class=3D"Apple-style-span" style=3D"font-s=
ize: medium; font-family: Arial; ">2. One-Third of Massachusetts Residents =
Have Data Compromised</span></div><div><span style=3D"font-family: Arial; "=
><br></span></div><div><span style=3D"font-family: Arial; ">---------------=
-------------------------------------</span></div><div><span style=3D"font-=
family: Arial; ">1. Adobe Fixes Flash Player Vulnerability</span></div><div=
><span style=3D"font-family: Arial; ">-------------------------------------=
---------------</span></div><div style=3D"font-family: Calibri, sans-serif;=
font-size: 14px; "><span style=3D"font-family: Arial; "><br></span></div><=
div style=3D"font-family: Calibri, sans-serif; font-size: 14px; "><span cla=
ss=3D"Apple-style-span" style=3D"font-size: medium; font-family: Arial; ">L=
ast week Adobe published an unscheduled emergency patch for Flash Player to=
address many critical security issues. </span></div><div style=3D"fon=
t-family: Calibri, sans-serif; font-size: 14px; "><span class=3D"Apple-styl=
e-span" style=3D"font-size: medium; font-family: Arial; "><br></span></div>=
<div style=3D"font-family: Calibri, sans-serif; font-size: 14px; "><span cl=
ass=3D"Apple-style-span" style=3D"font-size: medium; font-family: Arial; ">=
Systems affected:</span></div><ul style=3D"font-family: Calibri, sans-serif=
; font-size: 14px; "><li><span class=3D"Apple-style-span" style=3D"font-siz=
e: medium; font-family: Arial; ">Flash Player versions up to and including =
10.3.183.7 for Windows, Mac OS X, Linux and Solaris</span></li><li><span st=
yle=3D"color: rgb(0, 0, 0); font-size: 14px; font-style: normal; font-weigh=
t: normal; text-decoration: none; font-family: Arial; ">Versions 10.3.186.6=
and earlier for Android</span></li></ul><div style=3D"font-family: Calibri=
, sans-serif; font-size: 14px; "><span class=3D"Apple-style-span" style=3D"=
font-size: medium; font-family: Arial; ">The Flash Player updates are the c=
ompany=92s response to a recently discovered universal cross-site scripting=
(XSS) hole. According to Adobe, the vulnerability is already being activel=
y exploited by attackers to bypass the same origin policy, allowing them to=
, for example, take actions on a user=92s behalf on any Web site, or steal =
a victim=92s cookies. For an attack to be successful, a victim must click o=
n a malicious link. </span></div><div><span style=3D"font-family: Aria=
l; "><br></span></div><div><span style=3D"font-family: Arial; ">Read the fu=
ll story:</span></div><div><span style=3D"font-family: Arial; "><</span>=
<span class=3D"Apple-style-span" style=3D"font-size: medium; font-family: A=
rial; "> </span><a href=3D"http://www.h-online.com/security/news/item/=
Adobe-publishes-emergency-patch-to-fix-critical-Flash-vulnerabilities-13481=
93.html"><span style=3D"font-family: Arial; ">http://www.h-online.com/secur=
ity/news/item/Adobe-publishes-emergency-patch-to-fix-critical-Flash-vulnera=
bilities-1348193.html</span></a><span style=3D"font-family: Arial; "> =
></span></div><div><span style=3D"font-family: Arial; "><br></span></div=
><div><span style=3D"font-family: Arial; ">Get latest Adobe Flash Player:</=
span></div><div><span style=3D"font-family: Arial; ">< <a href=3D"h=
ttp://get.adobe.com/flashplayer">http://get.adobe.com/flashplayer</a>/ >=
</span></div><div><span style=3D"font-family: Arial; "><br></span></div><di=
v><span class=3D"Apple-style-span" style=3D"font-family: Calibri; font-size=
: medium; "><span class=3D"Apple-style-span" style=3D"font-size: 14px; font=
-family: Arial; ">--------------------------------------------------------<=
/span></span><span style=3D"font-family: Arial; ">-------------------------=
-----</span></div><div><span class=3D"Apple-style-span" style=3D"font-size:=
medium; font-family: Arial; ">2. One-Third of Massachusetts Residents Have=
Data Compromised</span></div><div><span class=3D"Apple-style-span" style=
=3D"font-family: Calibri; font-size: medium; "><span class=3D"Apple-style-s=
pan" style=3D"font-size: 14px; font-family: Arial; ">----------------------=
----------------------------------</span></span><span style=3D"font-family:=
Arial; ">------------------------------</span></div><div><span class=3D"Ap=
ple-style-span" style=3D"font-size: medium; font-family: Arial; "><br></spa=
n></div><div><span class=3D"Apple-style-span" style=3D"font-size: medium; f=
ont-family: Arial; ">As posted in an article in Network World (networkworld=
.com), personal information on about one-third of Massachusetts residents h=
as been compromised. This number comes from the state=92s attorney general =
(AG), Martha Coakley, citing statistics gleaned from the tough data breach =
reporting law. About 2.1 million of the state=92s roughly 6.6 million resid=
ents had some form of personal data put at risk in 1,166 reported theft inc=
idents the AG said, according to a report in the Boston Globe. </span>=
</div><div><span class=3D"Apple-style-span" style=3D"font-size: medium; fon=
t-family: Arial; "><br></span></div><div><span class=3D"Apple-style-span" s=
tyle=3D"font-size: medium; font-family: Arial; ">Coakley was citing numbers=
gathered from the start of 2010 through August 2011. She said she is revie=
wing the data to see whether the law, which imposes heavy fines for non-com=
pliance by entities entrusted with this information, is cutting back on bre=
aches that lead to compromises. </span></div><div><span class=3D"Apple=
-style-span" style=3D"font-size: medium; font-family: Arial; "><br></span><=
/div><div><span class=3D"Apple-style-span" style=3D"font-size: medium; font=
-family: Arial; ">The cause? The AG said a combination of hacking, errors b=
y employees, and a growing body of personal data stored electronically by b=
usinesses will put that data at more risk over time. The largest breach in =
the time period the AG is reviewing involved information on about 800,000 p=
eople that was lost by a vendor hired to destroy it. </span></div><div=
><span class=3D"Apple-style-span" style=3D"font-size: medium; font-family: =
Arial; "><br></span></div><div><span style=3D"font-family: Arial; ">Read th=
e full story:</span></div><div><span style=3D"font-family: Arial; "><&nb=
sp;</span><a href=3D"http://www.networkworld.com/news/2011/092111-massachus=
etts-data-compromised-251099.html"><span style=3D"font-family: Arial; ">htt=
p://www.networkworld.com/news/2011/092111-massachusetts-data-compromised-25=
1099.html</span></a><span style=3D"font-family: Arial; "> ></span><=
/div><div><span style=3D"font-family: Arial; "><br></span></div><div><span =
style=3D"font-family: Arial; ">Try the data breach quiz to test your awaren=
ess of the problem:</span></div><div><span style=3D"font-family: Arial; "><=
br></span></div><div><span style=3D"font-family: Arial; ">< </span>=
<a href=3D"http://www.networkworld.com/slideshows/2011/062211-data-breach.h=
tml"><span style=3D"font-family: Arial; ">http://www.networkworld.com/slide=
shows/2011/062211-data-breach.html</span></a><span style=3D"font-family: Ar=
ial; "> ></span></div><div><span style=3D"font-family: Arial; "><br=
></span></div><div><p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0p=
x Arial">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p><span style=3D"font-family: Arial; ">
</span><p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Rea=
d all Security FYI Newsletter articles and submit comments online =
;at http://securityfyi.wordpress.com/.</p><span style=3D"font-family: Arial=
; ">
</span><p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D</p></div><div><br></div><div><div style=3D"word-wrap:=
break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-spac=
e; font-family: Helvetica; "><span class=3D"Apple-style-span" style=3D"bord=
er-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-bord=
er-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font=
-size: 14px; font-style: normal; font-variant: normal; font-weight: normal;=
letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-e=
ffect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transfo=
rm: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; ">=
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; -webki=
t-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; col=
or: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: norm=
al; font-variant: normal; font-weight: normal; letter-spacing: normal; line=
-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px=
; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-s=
pace: normal; widows: 2; word-spacing: 0px; "><span class=3D"Apple-style-sp=
an" style=3D"border-collapse: separate; -webkit-border-horizontal-spacing: =
0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family=
: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; fon=
t-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text=
-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: a=
uto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word=
-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse:=
separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-=
spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px;=
font-style: normal; font-variant: normal; font-weight: normal; letter-spac=
ing: normal; line-height: normal; -webkit-text-decorations-in-effect: none;=
text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; or=
phans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; -webkit-border-ho=
rizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, =
0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-va=
riant: normal; font-weight: normal; letter-spacing: normal; line-height: no=
rmal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-t=
ext-size-adjust: auto; text-transform: none; orphans: 2; white-space: norma=
l; widows: 2; word-spacing: 0px; "><div style=3D"font-size: 12px; "><br></d=
iv><div style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=
=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size:=
12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span=
class=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Appl=
e-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; ">Monique Yeaton</span></span></span></span></spa=
n></span></div><div style=3D"font-size: 12px; "><span class=3D"Apple-style-=
span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D=
"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12=
px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cl=
ass=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-s=
tyle-span" style=3D"font-size: 12px; ">IT Security Communications Consultan=
t</span></span></span></span></span></span></div><div style=3D"font-size: 1=
2px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span c=
lass=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-=
style-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" st=
yle=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-si=
ze: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; ">MI=
T Information Services & Technology (IS&T)</span></span></span></sp=
an></span></span></div><div style=3D"font-size: 12px; "><span class=3D"Appl=
e-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-=
size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; ">=
<span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D=
"Apple-style-span" style=3D"font-size: 12px; ">(617) 253-2715</span></span>=
</span></span></span></span></div><div style=3D"font-size: 12px; "><span cl=
ass=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-s=
tyle-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" sty=
le=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-siz=
e: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><sp=
an class=3D"Apple-style-span" style=3D"font-size: 12px; ">http://ist.mit.ed=
u/security</span></span></span></span></span></span></div><div style=3D"fon=
t-size: 12px; "><br class=3D"khtml-block-placeholder"></div><br class=3D"Ap=
ple-interchange-newline"></span></span></span></span></span></div></div></d=
iv></div></body></html>
--_000_CAA662771CE3Amyeatonexchangemitedu_--
--===============1027907702==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1027907702==--
