[3411] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, November 26, 2012
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Nov 26 17:26:42 2012
From: Monique Yeaton <myeaton@mit.edu>
To: "ist-security-fyi@mit.edu" <ist-security-fyi@mit.edu>
Date: Mon, 26 Nov 2012 22:25:19 +0000
Message-ID: <3ACED3B2A8CEFB4598A845F07FD4A05F10DAAF17@OC11EXPO24.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1165806267=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============1165806267==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_3ACED3B2A8CEFB4598A845F07FD4A05F10DAAF17OC11EXPO24excha_"
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F10DAAF17OC11EXPO24excha_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Online Shopping Risks During the Holiday Season
2. Zero-Day Threat in Adobe Reader
3. The Blackhole Exploit Kit Explored
4. From Sophos: The A-Z of Computer and Data Security Threats
-----------------------------------------------------------------------
1. Online Shopping Risks During the Holiday Season
-----------------------------------------------------------------------
The trickery involved in a different form of phishing came to my attention =
this weekend. You may have already heard about phishing as it relates to em=
ails. Phishing emails<http://kb.mit.edu/confluence/x/SBhB> are spam message=
s that arrive in our mailboxes and pretend to come from a legitimate entity=
, such as a bank or your school's email administrator and then attempt to o=
btain your credentials so that they can access your email account, your ban=
k account or any of your other online accounts. A keen eye and suspicious m=
ind will go far to prevent you from falling for these scams.
What you might not be as familiar with is internet phishing. This is when y=
ou visit a website that you might already trust or which has a good reputat=
ion and so you have no reason to suspect foul-play. Even so, some scammer h=
as managed to compromise a portion of that site so that when you are submit=
ting your personal information, you are actually submitting it to a cyber c=
riminal.
An example I saw this weekend involved renting a vacation property via a po=
pular website. When submitting an inquiry or deciding to place a reservatio=
n, the victim is unaware that he is sending his information to the phisher,=
rather than to the property owner/manager. The phisher intercepts the clie=
nt's credit card information and the victim is unaware that not only did th=
e inquiry or reservation not go through, but his credit card could now be c=
ompromised. In this example, the phisher impersonated the owner/manager and=
perhaps already gained access to his or her email account.
Today is Cyber Monday, kicking off the online shopping season, and cyber cr=
iminals are out there busily setting traps for the unwary shopper.
This news article provides some tips<http://ist.mit.edu/news/shop_smart> to=
help you have a safe and pleasant online shopping experience this holiday =
season. In addition, if you experience fraud via a website, be sure to let =
the owners of the website know so that others don't fall victim as well.
-------------------------------------------------
2. Zero-Day Threat in Adobe Reader
-------------------------------------------------
An unpatched vulnerability recently found in Adobe Reader could be exploite=
d when users open a PDF file in a browser other than Google Chrome (Chrome =
has an added defense on the Adobe Reader application). The exploit is very =
limited, but if triggered could evade the sandbox security feature in Adobe=
Reader X and XI and connect to malware. Adobe has yet to respond to the re=
port.
Learn more about this issue in the news<http://www.onlinesafety411.com/pdf-=
exploit-adobe-reader-unprotected>.
--------------------------------------------------
3. The Blackhole Exploit Kit Explored
--------------------------------------------------
Malware has increased exponentially in the past years and this is mostly th=
anks to the use of automation and kits which facilitate its creation and di=
stribution around the world.
Whether the malware is scareware, a form of malware payload (like Zeus), tr=
ies to control user web traffic, or is aimed primarily to infect users thro=
ugh web attacks (known as drive-by downloads), these exploit kits are the t=
ools of the cyber criminal's trade.
This article<http://nakedsecurity.sophos.com/exploring-the-blackhole-exploi=
t-kit-2/> examines the most recent and notorious of exploit kits on the bla=
ck market, known as Blackhole.
---------------------------------------------------------------------------=
------------
4. From Sophos: The A-Z of Computer and Data Security Threats
---------------------------------------------------------------------------=
------------
Sophos has written a guide that helps even your grandmother understand phis=
hing and encryption. "Threatsaurus," a .pdf guide you can download for free=
from Sophos, and is written in plain language, not security jargon.
According to Sophos, "Whether you're an IT professional, use a computer at =
work, or just browse the Internet, our Threatsaurus is for you." It include=
s an A-Z glossary on computer and data security risks as well as practical =
tips to stay safe from email scams, identity theft, malware and other threa=
ts.
Find the downloadable "Threatsaurus" here.<http://www.sophos.com/en-us/secu=
rity-news-trends/security-trends/threatsaurus.aspx>
Disclaimer: MIT (and IS&T) does not officially endorse, support or recommen=
d Sophos products. Please contact the company directly if you are intereste=
d in them.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F10DAAF17OC11EXPO24excha_
Content-Type: text/html; charset="us-ascii"
Content-ID: <FFFEDB57B9280D41823FC97453C19BE3@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif; ">
<div>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; ">In thi=
s issue:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. Online Shopping Risks=
During the Holiday Season</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. Zero-Day Threat in Ad=
obe Reader</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. The Blackhole Exploit=
Kit Explored</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">4. From Sophos: The A-Z =
of Computer and Data Security Threats</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-----------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. Online Shopping Risks=
During the Holiday Season</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-----------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">The trickery involved in=
a different form of phishing came to my attention this weekend. You may ha=
ve already heard about phishing as it relates to emails.
<a href=3D"http://kb.mit.edu/confluence/x/SBhB">Phishing emails</a> are spa=
m messages that arrive in our mailboxes and pretend to come from a legitima=
te entity, such as a bank or your school's email administrator and then att=
empt to obtain your credentials so
that they can access your email account, your bank account or any of your =
other online accounts. A keen eye and suspicious mind will go far to preven=
t you from falling for these scams.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">What you might not be as=
familiar with is internet phishing. This is when you visit a website that =
you might already trust or which has a good reputation and so you have no r=
eason to suspect foul-play. Even so,
some scammer has managed to compromise a portion of that site so that when=
you are submitting your personal information, you are actually submitting =
it to a cyber criminal. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">An example I saw this we=
ekend involved renting a vacation property via a popular website. When subm=
itting an inquiry or deciding to place a reservation, the victim is unaware=
that he is sending his information
to the phisher, rather than to the property owner/manager. The phisher int=
ercepts the client's credit card information and the victim is unaware that=
not only did the inquiry or reservation not go through, but his credit car=
d could now be compromised. In this
example, the phisher impersonated the owner/manager and perhaps already ga=
ined access to his or her email account.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Today is Cyber Monday, k=
icking off the online shopping season, and cyber criminals are out there bu=
sily setting traps for the unwary shopper. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://ist.mi=
t.edu/news/shop_smart">This news article provides some tips</a> to help you=
have a safe and pleasant online shopping experience this holiday season. I=
n addition, if you experience fraud
via a website, be sure to let the owners of the website know so that other=
s don't fall victim as well.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. Zero-Day Threat in Ad=
obe Reader</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">An unpatched vulnerabili=
ty recently found in Adobe Reader could be exploited when users open a PDF =
file in a browser other than Google Chrome (Chrome has an added defense on =
the Adobe Reader application). The
exploit is very limited, but if triggered could evade the sandbox security=
feature in Adobe Reader X and XI and connect to malware. Adobe has yet to =
respond to the report.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://www.on=
linesafety411.com/pdf-exploit-adobe-reader-unprotected">Learn more about th=
is issue in the news</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
--------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. The Blackhole Exploit=
Kit Explored</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
--------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Malware has increased ex=
ponentially in the past years and this is mostly thanks to the use of autom=
ation and kits which facilitate its creation and distribution around the wo=
rld.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Whether the malware is s=
careware, a form of malware payload (like Zeus), tries to control user web =
traffic, or is aimed primarily to infect users through web attacks (known a=
s drive-by downloads), these exploit
kits are the tools of the cyber criminal's trade.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://nakeds=
ecurity.sophos.com/exploring-the-blackhole-exploit-kit-2/">This article</a>=
examines the most recent and notorious of exploit kits on the black market=
, known as Blackhole.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
---------------------------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">4. From Sophos: The A-Z =
of Computer and Data Security Threats</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
---------------------------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Sophos has written a gui=
de that helps even your grandmother understand phishing and encryption. &qu=
ot;Threatsaurus," a .pdf guide you can download for free from Sophos, =
and is written in plain language, not security
jargon. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Arial; "><span style=3D"font-family: =
Helvetica; ">According to Soph</span>os, "<span style=3D"color: #32333=
3">Whether you're an IT professional, use a computer at work, or just brows=
e the Internet, our Threatsaurus is for you."
It includes an </span>A-Z glossary on computer and data security risks as =
well as practical tips to stay safe from email scams, identity theft, malwa=
re and other threats.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://www.so=
phos.com/en-us/security-news-trends/security-trends/threatsaurus.aspx">Find=
the downloadable "Threatsaurus" here.</a></p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Disclaimer: MIT (and IS&=
amp;T) does not officially endorse, support or recommend Sophos products. P=
lease contact the company directly if you are interested in them.</p>
</div>
<div><br>
</div>
<div><span class=3D"Apple-style-span" style=3D"border-collapse: separate; f=
ont-family: Calibri; font-size: medium; border-spacing: 0px; "><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px; font-family: Helvetica; font-size: 14px; ">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; border=
-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse:=
separate; border-spacing: 0px; "><span class=3D"Apple-style-span" style=3D=
"border-collapse: separate; border-spacing: 0px; "><span class=3D"Apple-sty=
le-span" style=3D"border-collapse: separate; border-spacing: 0px; "><span c=
lass=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacin=
g: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separa=
te; border-spacing: 0px; font-size: 12px; ">
<div><br>
</div>
<div>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">Read all Se=
curity FYI Newsletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/">http://securityfyi.wordpress.=
com/</a>.</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; "><br>
</p>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F10DAAF17OC11EXPO24excha_--
--===============1165806267==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1165806267==--
