[3417] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, December 18, 2012
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Tue Dec 18 10:52:04 2012
From: Monique Yeaton <myeaton@MIT.EDU>
To: "ist-security-fyi@mit.edu" <ist-security-fyi@MIT.EDU>
Date: Tue, 18 Dec 2012 15:48:50 +0000
Message-ID: <3ACED3B2A8CEFB4598A845F07FD4A05F10DDC87A@OC11EXPO24.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0706232108=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============0706232108==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_3ACED3B2A8CEFB4598A845F07FD4A05F10DDC87AOC11EXPO24excha_"
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F10DDC87AOC11EXPO24excha_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Data Privacy Month: Are You Smarter Than Your Phone?
2. Ouch! Newsletter
3. Apple Updates Its Malware Blacklist
4. Adobe Updates Flash and Cold Fusion
---------------------------------------------------------------------------=
---
1. Data Privacy Month: Are You Smarter Than Your Phone?
---------------------------------------------------------------------------=
---
At Educause (www.educause.edu), January is data privacy month<http://www.ed=
ucause.edu/focus-areas-and-initiatives/policy-and-security/educause-policy/=
community-engagement/data-privacy-month>, an annual effort to empower peopl=
e to protect the privacy of their data and to control their digital footpri=
nt.
The month's efforts lead up to Data Privacy Day<http://www.staysafeonline.o=
rg/data-privacy-day/>, held every year on January 28th in several countries=
, including Canada and the United States.
Educause is hosting several free webinars throughout the month of January. =
The first one, "Are You Smarter Than Your Phone?" talks about how you shoul=
d make use of your smartphone on campus:
January 9, 2013
Time: 1:00 - 2:00 p.m. ET
Details and registration (for free) are here<http://www.educause.edu/events=
/educause-live-data-privacy-month-are-you-smarter-your-phone>
--------------------------
2. Ouch! Newsletter
--------------------------
See this month's issue of Ouch!, the newsletter from SANS.org: Seven Steps =
to a Secure Computer<http://www.securingthehuman.org/newsletters/ouch/issue=
s/OUCH-201212_en.pdf> (pdf).
The first five tips are simple actions to do as soon as you acquire your ne=
w (or used) computer. Additional help for MIT community members to implemen=
t the steps can be found on the IS&T website<http://ist.mit.edu/secure> und=
er the Secure Computing tag.
--------------------------------------------------
3. Apple Updates Its Malware Blacklist
--------------------------------------------------
As is becoming more apparent, Macs are not immune to malware and are being =
targeted more by cyber criminals as their market share expands. Last week A=
pple updated its Xprotect anti-malware blacklist tool to address a new Troj=
an for OS X that recently surfaced. The Trojan, aptly named SMSSend, looks =
like a normal program installer for an app called VKMusic 4 Mac, but tricks=
the users into sharing their cell phone number as part of the registration=
process and then entering a code sent via text. After doing so, the user i=
s signed up for a subscription service that charges their monthly phone bil=
l.
The discovery of the Trojan provides further support to the risks of downlo=
ading programs from unofficial software websites.
Learn more in the news here<http://www.theverge.com/2012/12/13/3763970/appl=
e-blacklist-smssend-trojan-mac-os-x> and here<http://www.net-security.org/m=
alware_news.php?id=3D2358>.
------------------------------------------------------
4. Adobe Updates Flash and Cold Fusion
------------------------------------------------------
Adobe has released updates for Flash and AIR which include high priority fi=
xes for Flash Player on Windows. The vulnerabilities are being actively exp=
loited in the wild. Three vulnerabilities are addressed including a buffer =
overflow, an integer overflow and a memory corruption problem, all of which=
can, Adobe says, lead to code execution. Adobe also released a security ho=
tfix for ColdFusion 10, not currently being exploited in the wild. The fix =
is available for Windows, Mac OS X and UNIX.
Learn more in the news<http://www.h-online.com/security/news/item/Adobe-upd=
ates-Flash-Player-and-Cold-Fusion-1767017.html>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F10DDC87AOC11EXPO24excha_
Content-Type: text/html; charset="us-ascii"
Content-ID: <85B549A683E5ED4FA30DEBB15BE0DEA0@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif; ">
<div>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; ">In thi=
s issue:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. Data Privacy Month: A=
re You Smarter Than Your Phone?</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. Ouch! Newsletter</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. Apple Updates Its Mal=
ware Blacklist</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">4. Adobe Updates Flash a=
nd Cold Fusion</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
------------------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. Data Privacy Month: A=
re You Smarter Than Your Phone?</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
------------------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">At Educause (www.educaus=
e.edu), January is
<a href=3D"http://www.educause.edu/focus-areas-and-initiatives/policy-and-s=
ecurity/educause-policy/community-engagement/data-privacy-month">
data privacy month</a>, an annual effort to empower people to protect the p=
rivacy of their data and to control their digital footprint. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">The month's efforts lead=
up to <a href=3D"http://www.staysafeonline.org/data-privacy-day/">
Data Privacy Day</a>, held every year on January 28th in several countries,=
including Canada and the United States.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Educause is hosting seve=
ral free webinars throughout the month of January. The first one, "Are=
You Smarter Than Your Phone?" talks about how you should make use of =
your smartphone on campus:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">January 9, 2013</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Time: 1:00 - 2:00 p.m. E=
T</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Details and registration=
(for free) are
<a href=3D"http://www.educause.edu/events/educause-live-data-privacy-month-=
are-you-smarter-your-phone">
here</a></p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
--</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. Ouch! Newsletter</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
--</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">See this month's issue o=
f Ouch!, the newsletter from SANS.org:
<a href=3D"http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201=
212_en.pdf">
Seven Steps to a Secure Computer</a> (pdf). </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">The first five tips are =
simple actions to do as soon as you acquire your new (or used) computer. Ad=
ditional help for MIT community members to implement the steps can be found=
on the
<a href=3D"http://ist.mit.edu/secure">IS&T website</a> under the Secure=
Computing tag.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
--------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. Apple Updates Its Mal=
ware Blacklist</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
--------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">As is becoming more appa=
rent, Macs are not immune to malware and are being targeted more by cyber c=
riminals as their market share expands. Last week Apple updated its Xprotec=
t anti-malware blacklist tool to address
a new Trojan for OS X that recently surfaced. The Trojan, aptly named SMSS=
end, looks like a normal program installer for an app called VKMusic 4 Mac,=
but tricks the users into sharing their cell phone number as part of the r=
egistration process and then entering
a code sent via text. After doing so, the user is signed up for a subscrip=
tion service that charges their monthly phone bill.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">The discovery of the Tro=
jan provides further support to the risks of downloading programs from unof=
ficial software websites.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Learn more in the news <=
a href=3D"http://www.theverge.com/2012/12/13/3763970/apple-blacklist-smssen=
d-trojan-mac-os-x">
here</a> and <a href=3D"http://www.net-security.org/malware_news.php?id=3D2=
358">here</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">4. Adobe Updates Flash a=
nd Cold Fusion</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Adobe has released updat=
es for Flash and AIR which include high priority fixes for Flash Player on =
Windows. The vulnerabilities are being actively exploited in the wild. Thre=
e vulnerabilities are addressed including
a buffer overflow, an integer overflow and a memory corruption problem, al=
l of which can, Adobe says, lead to code execution. Adobe also released a s=
ecurity hotfix for ColdFusion 10, not currently being exploited in the wild=
. The fix is available for Windows,
Mac OS X and UNIX.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://www.h-=
online.com/security/news/item/Adobe-updates-Flash-Player-and-Cold-Fusion-17=
67017.html">Learn more in the news</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Arial; ">=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p=
>
<p style=3D"margin: 0px; font-family: Arial; ">Read all Security FYI Newsle=
tter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/">http://securityfyi.wordpress.=
com/</a>.</p>
<p style=3D"margin: 0px; font-family: Arial; ">=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p=
>
</div>
<div><span class=3D"Apple-style-span" style=3D"border-collapse: separate; f=
ont-family: Calibri; font-size: medium; border-spacing: 0px; "><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px; font-family: Helvetica; font-size: 14px; ">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; border=
-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse:=
separate; border-spacing: 0px; "><span class=3D"Apple-style-span" style=3D=
"border-collapse: separate; border-spacing: 0px; "><span class=3D"Apple-sty=
le-span" style=3D"border-collapse: separate; border-spacing: 0px; "><span c=
lass=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacin=
g: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separa=
te; border-spacing: 0px; font-size: 12px; ">
<div><br>
</div>
<div><br>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F10DDC87AOC11EXPO24excha_--
--===============0706232108==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0706232108==--
