[2819] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, September 17, 2012
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Sep 17 16:28:24 2012
From: Monique Yeaton <myeaton@mit.edu>
To: "ist-security-fyi@mit.edu" <ist-security-fyi@mit.edu>
Date: Mon, 17 Sep 2012 20:27:11 +0000
Message-ID: <CC7CFFDE.2E2C7%myeaton@exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0074833686=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============0074833686==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_CC7CFFDE2E2C7myeatonexchangemitedu_"
--_000_CC7CFFDE2E2C7myeatonexchangemitedu_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. October is National Cyber Security Awareness Month (NCSAM)
2. Hacked: Now What?
3. Critical Zero-Day Bug Found in IE
---------------------------------------------------------------------------=
--------
1. October is National Cyber Security Awareness Month (NCSAM)
---------------------------------------------------------------------------=
--------
Increase cybersecurity awareness in your area by using the NCSAM resource g=
uide<https://wiki.internet2.edu/confluence/display/itsg2/NCSAM+Resource+Kit=
> to start planning easy-to-implement awareness activities during the month=
of October.
Plan to join the October 4 National Cybersecurity Kickoff webinar at 1:00 p=
.m. (ET). Efforts are being made by IS&T to host this webinar on the day. M=
ore information about this will be forthcoming.
If you would rather attend the webinar on your own or host it in your area,=
registration is free and will be available by September 27 on the EDUCAUSE=
Live! web page<http://www.educause.edu/conferences-events/educause-live-we=
binars>. Consider attending this event as a team or incorporate it into a c=
ampus event. Learn more about preparing for NCSAM<http://www.educause.edu/b=
logs/vvogel/prepare-national-cyber-security-awareness-month>.
October will be here before you know it, so start planning your awareness e=
vents now.
-----------------------------
2. Hacked: Now What?
-----------------------------
The most recent security awareness newsletter OUCH! explains how to determi=
ne if your accounts, your data or your information has been compromised and=
how to effectively respond.
Read the English version of the newsletter (pdf) here<http://www.securingth=
ehuman.org/newsletters/ouch/issues/OUCH-201209_en.pdf>.
----------------------------------------------
3. Critical Zero-Day Bug Found in IE
----------------------------------------------
Researchers uncovered active malware attacks that exploit a critical and pr=
eviously unknown vulnerability in the latest versions of Microsoft's Intern=
et Explorer (IE) browser. The attacks install a backdoor Trojan when unsusp=
ecting people browse a booby-trapped website using a fully patched version =
of Windows XP running the latest versions of IE 7 or IE 8 and also effects =
versions of IE 9 running on Windows Vista and Windows 7.
A Microsoft representative said that company engineers are investigating th=
e reports and didn't have immediate comment. The article by arstechnica.com=
suggests Windows users should avoid using IE until more is known about the=
vulnerability. Java should be kept up-to-date or uninstalled if not used t=
o enable other software to work.
Read the full article<http://arstechnica.com/security/2012/09/critical-zero=
-day-bug-in-microsoft-internet-explorer/>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_CC7CFFDE2E2C7myeatonexchangemitedu_
Content-Type: text/html; charset="us-ascii"
Content-ID: <8BD768C5F6E6C54BB4CDD5CC28EE4D06@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif; ">
<div>
<div>
<div>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
In this issue:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">1. Oct=
ober is National Cyber Security Awareness Month (NCSAM)</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica">
2. Hacked: Now What?</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica">
3. Critical Zero-Day Bug Found in IE</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica; min-height: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica; min-height: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
---------------------------------------------------------------------------=
--</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">1. Oct=
ober is National Cyber Security Awareness Month (NCSAM)</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
---------------------------------------------------------------------------=
--</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Increa=
se cybersecurity awareness in your area by using the
<a href=3D"https://wiki.internet2.edu/confluence/display/itsg2/NCSAM+Re=
source+Kit">
NCSAM resource guide</a> to start planning easy-to-implement awareness acti=
vities during the month of October. </p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica">
Plan to join the <b>October 4</b> <b>National Cybersecurity Kickoff webinar=
at 1:00 p.m. (ET)</b>. Efforts are being made by IS&T to host this web=
inar on the day. More information about this will be forthcoming.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica; min-height: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica">
If you would rather attend the webinar on your own or host it in your area,=
registration is free and will be available by September 27 on the
<a href=3D"http://www.educause.edu/conferences-events/educause-live-webinar=
s"><span style=3D"color: #1a71c1">EDUCAUSE Live! web page</span></a>. Consi=
der attending this event as a team or incorporate it into a campus event. L=
earn more about
<a href=3D"http://www.educause.edu/blogs/vvogel/prepare-national-cyber-secu=
rity-awareness-month">
preparing for NCSAM</a>. </p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica; min-height: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica">
October will be here before you know it, so start planning your awareness e=
vents now.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica; min-height: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica; min-height: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
-----------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica">
2. Hacked: Now What?</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
-----------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica; min-height: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica">
The most recent security awareness newsletter OUCH! explains how to determi=
ne if your accounts, your data or your information has been compromised and=
how to effectively respond. </p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica; min-height: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica">
Read the English version of the newsletter (pdf) <a href=3D"http://www.secu=
ringthehuman.org/newsletters/ouch/issues/OUCH-201209_en.pdf">
here</a>.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica; min-height: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica; min-height: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
----------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica">
3. Critical Zero-Day Bug Found in IE</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
----------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica; min-height: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica">
Researchers uncovered active malware attacks that exploit a critical and pr=
eviously unknown vulnerability in the latest versions of Microsoft's Intern=
et Explorer (IE) browser. The attacks install a backdoor Trojan when unsusp=
ecting people browse a booby-trapped
website using a fully patched version of Windows XP running the latest ver=
sions of IE 7 or IE 8 and also effects versions of IE 9 running on Windows =
Vista and Windows 7.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica; min-height: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica">
A Microsoft representative said that company engineers are investigating th=
e reports and didn't have immediate comment. The article by arstechnica.com=
suggests Windows users should avoid using IE until more is known about the=
vulnerability. Java should be kept
up-to-date or uninstalled if not used to enable other software to work.&nb=
sp;</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica; min-height: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica">
<a href=3D"http://arstechnica.com/security/2012/09/critical-zero-day-bug-in=
-microsoft-internet-explorer/">Read the full article</a>.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica; min-height: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 14.=
0px Helvetica; min-height: 17.0px">
<br>
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Read all S=
ecurity FYI Newsletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"text-decoratio=
n: underline ; color: #1e37ee">http://securityfyi.wordpress.com/</span></a>=
.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</p>
</div>
<div><br>
</div>
<div>
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; font-family: Helvetica; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; -webki=
t-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; col=
or: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: norm=
al; font-variant: normal; font-weight: normal; letter-spacing: normal; line=
-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px=
; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-s=
pace: normal; widows: 2; word-spacing: 0px; "><span class=3D"Apple-style-sp=
an" style=3D"border-collapse: separate; -webkit-border-horizontal-spacing: =
0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family=
: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; fon=
t-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text=
-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: a=
uto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word=
-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse:=
separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-=
spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px;=
font-style: normal; font-variant: normal; font-weight: normal; letter-spac=
ing: normal; line-height: normal; -webkit-text-decorations-in-effect: none;=
text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; or=
phans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; -webkit-border-ho=
rizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, =
0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-va=
riant: normal; font-weight: normal; letter-spacing: normal; line-height: no=
rmal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-t=
ext-size-adjust: auto; text-transform: none; orphans: 2; white-space: norma=
l; widows: 2; word-spacing: 0px; "><span class=3D"Apple-style-span" style=
=3D"border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -web=
kit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helveti=
ca; font-size: 14px; font-style: normal; font-variant: normal; font-weight:=
normal; letter-spacing: normal; line-height: normal; -webkit-text-decorati=
ons-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text=
-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing:=
0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separate=
; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: =
0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-sty=
le: normal; font-variant: normal; font-weight: normal; letter-spacing: norm=
al; line-height: normal; -webkit-text-decorations-in-effect: none; text-ind=
ent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2;=
white-space: normal; widows: 2; word-spacing: 0px; "><span class=3D"Apple-=
style-span" style=3D"border-collapse: separate; -webkit-border-horizontal-s=
pacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); fon=
t-family: Helvetica; font-size: 12px; font-style: normal; font-variant: nor=
mal; font-weight: normal; letter-spacing: normal; line-height: normal; -web=
kit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-a=
djust: auto; text-transform: none; orphans: 2; white-space: normal; widows:=
2; word-spacing: 0px; ">
<div style=3D"font-size: 12px; "><br>
</div>
<div style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"=
font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12p=
x; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cla=
ss=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-st=
yle-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" styl=
e=3D"font-size: 12px; ">Monique
Yeaton</span></span></span></span></span></span></div>
<div style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"=
font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12p=
x; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cla=
ss=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-st=
yle-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" styl=
e=3D"font-size: 12px; ">IT
Security Communications Consultant</span></span></span></span></span></spa=
n></div>
<div style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"=
font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12p=
x; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cla=
ss=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-st=
yle-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" styl=
e=3D"font-size: 12px; ">MIT
Information Services & Technology (IS&T)</span></span></span></spa=
n></span></span></div>
<div style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"=
font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12p=
x; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cla=
ss=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-st=
yle-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" styl=
e=3D"font-size: 12px; ">(617)
253-2715</span></span></span></span></span></span></div>
<div style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"=
font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12p=
x; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cla=
ss=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-st=
yle-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" styl=
e=3D"font-size: 12px; ">http://ist.mit.edu/security</span></span></span></s=
pan></span></span></div>
<div style=3D"font-size: 12px; "><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></span></div>
</div>
</div>
</div>
</body>
</html>
--_000_CC7CFFDE2E2C7myeatonexchangemitedu_--
--===============0074833686==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0074833686==--
