[3407] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, November 19, 2012
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Nov 19 17:12:52 2012
From: Monique Yeaton <myeaton@mit.edu>
To: "ist-security-fyi@mit.edu" <ist-security-fyi@mit.edu>
Date: Mon, 19 Nov 2012 22:11:30 +0000
Message-ID: <3ACED3B2A8CEFB4598A845F07FD4A05F10D627C6@OC11EXPO24.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1609290713=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============1609290713==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_3ACED3B2A8CEFB4598A845F07FD4A05F10D627C6OC11EXPO24excha_"
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F10D627C6OC11EXPO24excha_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Skype Fixes Password Reset Mechanism
2. Emails Disguised as Coupons or Deals on the Rise
3. Adobe Copies Microsoft Patch Tuesdays
-----------------------------------------------------------
1. Skype Fixes Password Reset Mechanism
-----------------------------------------------------------
Skype says it has fixed a flaw in its password reset mechanism; the vulnera=
bility has been known for at least two months, but was not addressed until =
last week. The flaw allowed anyone who knew a Skype user's email address to=
reset that person's account password. Prior to fixing the problem, Skype d=
isabled the password reset feature.
If you use Skype, you may now want to change your password.
Read the full story in the news<http://www.scmagazine.com/skype-dispatches-=
swift-fix-for-password-reset-flaw/article/268238/>.
-----------------------------------------------------------------------
2. Emails Disguised as Coupons or Deals on the Rise
-----------------------------------------------------------------------
Be sure to double check that Groupon (www.groupon.com) you received in your=
email. Spammers are using the popularity of emailed advertisements for gro=
up discount deals to send malware.
The rise of malware through fake email advertisements and notifications are=
on the rise, according to a study released by security firm Kaspersky Lab.
"They are primarily doing so by sending out malicious emails designed to lo=
ok like official notifications," according to the report. Kaspersky Lab is =
seeing more and more of this malicious spam. Other types of popular emails =
disguised as notifications from official sources include letters from hosti=
ng services, banking systems, social networks, online stores, and hotel con=
firmations.
Read the full story in the news<http://news.cnet.com/8301-1009_3-57549342-8=
3/e-mailed-malware-disguised-as-group-coupon-offers-on-the-rise/>.
----------------------------------------------------------
3. Adobe Copies Microsoft Patch Tuesdays
----------------------------------------------------------
Adobe has changed its schedule for releasing Flash Player security updates =
to coincide with Microsoft's Patch Tuesday.
"Microsoft and Adobe are now officially married," joked Andrew Storms, dire=
ctor of security operations at nCircle Security, a software vendor, in an e=
mail. "They started dating when they decided to share the MAPP program," an=
d once Microsoft agreed to embed Flash into Internet Explorer 10, it was "i=
nevitable" that Adobe would begin following Microsoft's patch schedule, he =
said.
Read the full story in the news<http://www.computerworld.com/s/article/9233=
747/Adobe_to_fix_Flash_Player_on_Patch_Tuesdays>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F10D627C6OC11EXPO24excha_
Content-Type: text/html; charset="us-ascii"
Content-ID: <42F5097A83D9784DA1C762475B769259@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif; ">
<div><span style=3D"font-family: Arial; ">In this issue:</span></div>
<div><span class=3D"Apple-style-span" style=3D"border-collapse: separate; f=
ont-family: Calibri; font-size: medium; border-spacing: 0px; "><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px; font-family: Helvetica; font-size: 14px; ">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; border=
-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse:=
separate; border-spacing: 0px; "><span class=3D"Apple-style-span" style=3D=
"border-collapse: separate; border-spacing: 0px; "><span class=3D"Apple-sty=
le-span" style=3D"border-collapse: separate; border-spacing: 0px; "><span c=
lass=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacin=
g: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separa=
te; border-spacing: 0px; font-size: 12px; ">
<div>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; min-height: 1=
6px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">1. Skype Fi=
xes Password Reset Mechanism</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">2. Emails D=
isguised as Coupons or Deals on the Rise</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">3. Adobe Co=
pies Microsoft Patch Tuesdays</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; min-height: 1=
6px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; min-height: 1=
6px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">-----------=
------------------------------------------------</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">1. Skype Fi=
xes Password Reset Mechanism</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">-----------=
------------------------------------------------</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; min-height: 1=
6px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">Skype says =
it has fixed a flaw in its password reset mechanism; the vulnerability has =
been known for at least two months, but was not addressed until last week. =
The flaw allowed anyone who knew a
Skype user's email address to reset that person's account password. Prior =
to fixing the problem, Skype disabled the password reset feature.</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; min-height: 1=
6px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">If you use =
Skype, you may now want to change your password.</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; min-height: 1=
6px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; "><a href=3D"=
http://www.scmagazine.com/skype-dispatches-swift-fix-for-password-reset-fla=
w/article/268238/">Read the full story in the news</a>.</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; min-height: 1=
6px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; min-height: 1=
6px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">-----------=
------------------------------------------------------------</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">2. Emails D=
isguised as Coupons or Deals on the Rise</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">-----------=
------------------------------------------------------------</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; min-height: 1=
6px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">Be sure to =
double check that Groupon (www.groupon.com) you received in your email. Spa=
mmers are using the popularity of emailed advertisements for group discount=
deals to send malware.</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; min-height: 1=
6px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">The rise of=
malware through fake email advertisements and notifications are on the ris=
e, according to a study released by security firm Kaspersky Lab.</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; min-height: 1=
6px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">"They =
are primarily doing so by sending out malicious emails designed to look lik=
e official notifications," according to the report. Kaspersky Lab is s=
eeing more and more of this malicious spam.
Other types of popular emails disguised as notifications from official sou=
rces include letters from hosting services, banking systems, social network=
s, online stores, and hotel confirmations.</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; min-height: 1=
6px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; "><a href=3D"=
http://news.cnet.com/8301-1009_3-57549342-83/e-mailed-malware-disguised-as-=
group-coupon-offers-on-the-rise/">Read the full story in the news</a>.</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; min-height: 1=
6px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; min-height: 1=
6px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">-----------=
-----------------------------------------------</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">3. Adobe Co=
pies Microsoft Patch Tuesdays</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">-----------=
-----------------------------------------------</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; min-height: 1=
6px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">Adobe has c=
hanged its schedule for releasing Flash Player security updates to coincide=
with Microsoft's Patch Tuesday. </p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; min-height: 1=
6px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">"Micro=
soft and Adobe are now officially married," joked Andrew Storms, direc=
tor of security operations at nCircle Security, a software vendor, in an em=
ail. "They started dating when they decided
to share the MAPP program," and once Microsoft agreed to embed Flash =
into Internet Explorer 10, it was "inevitable" that Adobe would b=
egin following Microsoft's patch schedule, he said.</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; min-height: 1=
6px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; "><a href=3D"=
http://www.computerworld.com/s/article/9233747/Adobe_to_fix_Flash_Player_on=
_Patch_Tuesdays">Read the full story in the news</a>.</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; min-height: 1=
6px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">Read all Se=
curity FYI Newsletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/">http://securityfyi.wordpress.=
com/</a>.</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; "><br>
</p>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F10D627C6OC11EXPO24excha_--
--===============1609290713==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1609290713==--
