[6510] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, May 20, 2013
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon May 20 17:24:37 2013
Resent-From: ist-security-fyi@MIT.EDU
From: Monique Yeaton <myeaton@MIT.EDU>
To: ist-security-fyi <ist-security-fyi@MIT.EDU>
Date: Mon, 20 May 2013 21:22:38 +0000
Message-ID: <3ACED3B2A8CEFB4598A845F07FD4A05F2F2959FD@OC11EXPO24.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1101757889=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============1101757889==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F2959FDOC11EXPO24excha_"
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F2959FDOC11EXPO24excha_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. SNMP Amplification Attacks on MIT Network
2. Software Patches for Adobe and Mozilla Products
3. Published by CSAIL, a Paper on Honeywords
---------------------------------------------------------------
1. SNMP Amplification Attacks on MIT Network
---------------------------------------------------------------
Simple Network Management Protocol (SNMP) refers to a standard Internet pro=
tocol that allows network managers to monitor and administer devices on IP =
networks. These devices typically include routers, switches, servers, works=
tations, printers, etc.
Last week an issue came to the attention of some IT administrators at MIT. =
The issue affects printers and similar devices on the MIT network, which ha=
ve SNMP enabled, causing slow or unreliable printing behavior.
It appears that SNMP requests are being spoofed by hosts outside of MIT, ta=
rgeting these devices on the network.
A way to fix the issue has been documented in the Knowledge Base.<http://kb=
.mit.edu/confluence/display/istcontrib/2013-05-16+SNMP+amplification+attack=
> If you have any questions or need additional help, please contact the IS&=
T Help Desk<http://ist.mit.edu/help>.
---------------------------------------------------------------------------
2. Software Patches for Adobe and Mozilla Products
---------------------------------------------------------------------------
Adobe
Adobe has issued security updates to address critical flaws in Reader, Acro=
bat, Flash Player and ColdFusion. The updates for Reader and Acrobat addres=
s a total of 27 vulnerabilities, 24 of which could be exploited to execute =
arbitrary code (malware). The updates for Flash address 13 vulnerabilities,=
and a hotfix for ColdFusion addresses two flaws.
Read the details in the news<http://www.computerworld.com/s/article/9239199=
/Adobe_releases_critical_security_updates_for_Reader_Flash_Player_and_ColdF=
usion>.
Mozilla
Mozilla has released Firefox 21, which addresses 13 security issues in the =
previous version of the browser. Firefox 21 also introduces a feature calle=
d "Health Report," which lets users see information about the browser's per=
formance, including start-up times, total running time, and crashes, as wel=
l as the number of plug-ins, add-ons, and bookmarks. Mozilla has also relea=
sed Firefox 21 for Android.
Read the details in the news<http://www.h-online.com/security/news/item/Moz=
illa-s-Firefox-update-fixes-three-critical-holes-1863449.html>.
----------------------------------------------------------------
3. Published by CSAIL, a Paper on Honeywords
----------------------------------------------------------------
No, this is not a paper on sweet talking, but on passwords. The paper<http:=
//people.csail.mit.edu/rivest/pubs/JR13.pdf> (.pdf) published by Ari Juels =
and Ron Rivest entitled "Honeywords: Making Password-Cracking Detectable," =
discusses a method for improving the security of hashed passwords, using wh=
at he calls "honeywords" or false passwords.
An adversary who steals a file of hashed passwords and inverts the hash fun=
ction cannot tell if he has found the password or a honeyword. An auxiliary=
server (the "honeychecker") can distinguish the user password from honeywo=
rds for the login routine, and will set off an alarm if a honeyword is subm=
itted.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F2959FDOC11EXPO24excha_
Content-Type: text/html; charset="us-ascii"
Content-ID: <CB75694214AA154BBF0A62BA595BF463@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif; ">
<div>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; ">In thi=
s issue:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. SNMP Amplification At=
tacks on MIT Network</p>
<p style=3D"margin: 0px; font-size: 15px; font-family: Helvetica; ">2. Soft=
ware Patches for Adobe and Mozilla Products</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. Published by CSAIL, a=
Paper on Honeywords</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
---------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. SNMP Amplification At=
tacks on MIT Network</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
---------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Simple Network Managemen=
t Protocol (SNMP) refers to a standard Internet protocol that allows networ=
k managers to monitor and administer devices on IP networks. These devices =
typically include routers, switches,
servers, workstations, printers, etc. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Last week an issue came =
to the attention of some IT administrators at MIT. The issue affects printe=
rs and similar devices on the MIT network, which have SNMP enabled, causing=
slow or unreliable printing behavior.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">It appears that SNMP req=
uests are being spoofed by hosts outside of MIT, targeting these devices on=
the network. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">A way to fix the issue h=
as been documented in the
<a href=3D"http://kb.mit.edu/confluence/display/istcontrib/2013-05-16+S=
NMP+amplification+attack">
Knowledge Base.</a> If you have any questions or need additional help, plea=
se contact the
<a href=3D"http://ist.mit.edu/help">IS&T Help Desk</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
---------------------------------------------------</p>
<p style=3D"margin: 0px; font-size: 15px; font-family: Helvetica; ">2. Soft=
ware Patches for Adobe and Mozilla Products</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
---------------------------------------------------</p>
<p style=3D"margin: 0px; font-size: 15px; font-family: Helvetica; min-heigh=
t: 18px; ">
<br>
</p>
<p style=3D"margin: 0px; font-size: 15px; font-family: Helvetica; ">Adobe</=
p>
<p style=3D"margin: 0px; font-size: 15px; font-family: Helvetica; min-heigh=
t: 18px; ">
<br>
</p>
<p style=3D"margin: 0px; font-size: 15px; font-family: Helvetica; ">Adobe h=
as issued security updates to address critical flaws in Reader, Acrobat, Fl=
ash Player and ColdFusion. The updates for Reader and Acrobat address a tot=
al of 27 vulnerabilities, 24 of which
could be exploited to execute arbitrary code (malware). The updates for Fl=
ash address 13 vulnerabilities, and a hotfix for ColdFusion addresses two f=
laws.</p>
<p style=3D"margin: 0px; font-size: 15px; font-family: Helvetica; min-heigh=
t: 18px; ">
<br>
</p>
<p style=3D"margin: 0px; font-size: 15px; font-family: Helvetica; "><a href=
=3D"http://www.computerworld.com/s/article/9239199/Adobe_releases_critical_=
security_updates_for_Reader_Flash_Player_and_ColdFusion">Read the details i=
n the news</a>.</p>
<p style=3D"margin: 0px; font-size: 15px; font-family: Helvetica; min-heigh=
t: 18px; ">
<br>
</p>
<p style=3D"margin: 0px; font-size: 15px; font-family: Helvetica; ">Mozilla=
</p>
<p style=3D"margin: 0px; font-size: 15px; font-family: Helvetica; min-heigh=
t: 18px; ">
<br>
</p>
<p style=3D"margin: 0px; font-size: 15px; font-family: Helvetica; ">Mozilla=
has released Firefox 21, which addresses 13 security issues in the previou=
s version of the browser. Firefox 21 also introduces a feature called "=
;Health Report," which lets users see information
about the browser's performance, including start-up times, total running t=
ime, and crashes, as well as the number of plug-ins, add-ons, and bookmarks=
. Mozilla has also released Firefox 21 for Android.</p>
<p style=3D"margin: 0px; font-size: 15px; font-family: Helvetica; min-heigh=
t: 18px; ">
<br>
</p>
<p style=3D"margin: 0px; font-size: 15px; font-family: Helvetica; "><a href=
=3D"http://www.h-online.com/security/news/item/Mozilla-s-Firefox-update-fix=
es-three-critical-holes-1863449.html">Read the details in the news</a>.</p>
<p style=3D"margin: 0px; font-size: 15px; font-family: Helvetica; min-heigh=
t: 18px; ">
<br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. Published by CSAIL, a=
Paper on Honeywords</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------------------------------<span class=3D"Apple-tab-span" styl=
e=3D"white-space:pre">
</span></p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">No, this is not a paper =
on sweet talking, but on passwords. The
<a href=3D"http://people.csail.mit.edu/rivest/pubs/JR13.pdf">paper</a> (.pd=
f) published by Ari Juels and Ron Rivest entitled "Honeywords: Making =
Password-Cracking Detectable," discusses a method for improving the se=
curity of hashed passwords, using what he calls
"honeywords" or false passwords. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">An adversary who steals =
a file of hashed passwords and inverts the hash function cannot tell if he =
has found the password or a honeyword. An auxiliary server (the "honey=
checker") can distinguish the user password
from honeywords for the login routine, and will set off an alarm if a hone=
yword is submitted.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Arial; ">=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p=
>
<p style=3D"margin: 0px; font-family: Arial; ">Read all Security FYI Newsle=
tter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/">http://securityfyi.wordpress.=
com/</a>.</p>
<p style=3D"margin: 0px; font-family: Arial; ">=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p=
>
<p style=3D"margin: 0px; font-family: Arial; "><br>
</p>
</div>
<div><span class=3D"Apple-style-span" style=3D"border-collapse: separate; f=
ont-family: Calibri; font-size: medium; border-spacing: 0px; "><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px; font-family: Helvetica; font-size: 14px; ">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; border=
-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse:=
separate; border-spacing: 0px; "><span class=3D"Apple-style-span" style=3D=
"border-collapse: separate; border-spacing: 0px; "><span class=3D"Apple-sty=
le-span" style=3D"border-collapse: separate; border-spacing: 0px; "><span c=
lass=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacin=
g: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separa=
te; border-spacing: 0px; font-size: 12px; ">
<div><br>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F2959FDOC11EXPO24excha_--
--===============1101757889==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1101757889==--
