[7782] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, June 24, 2013
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Jun 24 11:33:57 2013
Resent-From: ist-security-fyi@mit.edu
From: Monique Yeaton <myeaton@mit.edu>
To: ist-security-fyi <ist-security-fyi@mit.edu>
Date: Mon, 24 Jun 2013 15:32:07 +0000
Message-ID: <3ACED3B2A8CEFB4598A845F07FD4A05F2F310D9F@OC11EXPO24.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Cc: "itss@mit.edu" <itss@mit.edu>
Content-Type: multipart/mixed; boundary="===============0214234271=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============0214234271==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F310D9FOC11EXPO24excha_"
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F310D9FOC11EXPO24excha_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Oracle Security Patches Released
2. Internet Wiretapping Explained
3. Teaching Teens about Identity Theft
-------------------------------------------------
1. Oracle Security Patches Released
-------------------------------------------------
Last week Oracle released its security update for June 2013<http://www.orac=
le.com/technetwork/topics/security/javacpujun2013-1899847.html>, which comp=
rises 40 security updates, with 37 of them addressing vulnerabilities that =
lead to malware execution. Among the updates is one that fixes a vulnerabil=
ity found in Javadoc<http://www.oracle.com/technetwork/java/javase/document=
ation/index-jsp-135444.html>.
Javadoc is a tool that generates frames for online documentation web apps. =
However, there is a vulnerability in how Javadoc interprets user supplied f=
rames, leaving it vulnerable to frame injection when hosted on a web server=
. By using the vulnerable variation, and put into a webpage, a user clickin=
g into the frame will be going to a malicious redirection.
The other updates address vulnerabilities in:
=95 JDK and JRE 7, 6 and 5.0
=95 JavaFX 2.2.21 and earlier
NOTE TO MIT USERS: Before installing Java updates to a computer in the MIT =
environment, please review this article: Which Java version should I instal=
l?<http://kb.mit.edu/confluence/pages/viewpage.action?pageId=3D151102086>
--------------------------------------------
2. Internet Wiretapping Explained
--------------------------------------------
With the revelation of the Prism program, and with warrantless wiretapping =
being the topic of the day, there has been much confusion and speculation i=
n the debates. This article from the Associated Press<http://bigstory.ap.or=
g/article/secret-prism-success-even-bigger-data-seizure> explains in clear =
terms what we know, and what it means for our data.
This article from ZD Net<http://www.zdnet.com/how-did-mainstream-media-get-=
the-nsa-prism-story-so-hopelessly-wrong-7000016822/> corrects some of the m=
isleading stories in the mainstream media.
---------------------------------------------------
3. Teaching Teens about Identity Theft
---------------------------------------------------
According to the Juvenile Justice Information Exchange, "kids under the age=
of 18 are 51 times more likely to become victims of identity theft than th=
eir parents."
This summer teens are likely to spend a lot of time online and many of them=
don't think that anything can happen to them. They are much more likely to=
fall for a scam.
Learn what you can do to teach your teen about preventing identity theft<ht=
tp://moneyning.com/credit/teaching-teens-to-prevent-identity-theft/>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
Information Services & Technology, MIT
http://ist.mit.edu/security
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F310D9FOC11EXPO24excha_
Content-Type: text/html; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
<html dir=3D"ltr">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
<style type=3D"text/css" id=3D"owaParaStyle"></style><style type=3D"text/cs=
s"></style><style type=3D"text/css"></style>
</head>
<body fpstyle=3D"1" ocsi=3D"0">
<div style=3D"direction: ltr;font-family: Tahoma;color: #000000;font-size: =
10pt;">
<p class=3D"p1"><span style=3D"font-size: 10pt;">In this issue:</span></p>
<p class=3D"p1"><br>
</p>
<p class=3D"p2">1. Oracle Security Patches Released</p>
<p class=3D"p2">2. Internet Wiretapping Explained</p>
<p class=3D"p2">3. Teaching Teens about Identity Theft</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p2">-------------------------------------------------</p>
<p class=3D"p2">1. Oracle Security Patches Released</p>
<p class=3D"p2">-------------------------------------------------</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p2">Last week Oracle released its <a href=3D"http://www.oracle.=
com/technetwork/topics/security/javacpujun2013-1899847.html">
security update for June 2013</a>, which comprises 40 security updates, wit=
h 37 of them addressing vulnerabilities that lead to malware execution. Amo=
ng the updates is one that fixes a vulnerability found in
<a href=3D"http://www.oracle.com/technetwork/java/javase/documentation/inde=
x-jsp-135444.html">
Javadoc</a>.</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p2">Javadoc is a tool that generates frames for online document=
ation web apps. However, there is a vulnerability in how Javadoc interprets=
user supplied frames, leaving it vulnerable to frame injection when hosted=
on a web server. By using the vulnerable
variation, and put into a webpage, a user clicking into the frame will be =
going to a malicious redirection.</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p2">The other updates address vulnerabilities in:</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p2"><span class=3D"Apple-tab-span"></span>=95<span class=3D"App=
le-tab-span"> </span>
JDK and JRE 7, 6 and 5.0</p>
<p class=3D"p2"><span class=3D"Apple-tab-span"></span>=95<span class=3D"App=
le-tab-span"> </span>
JavaFX 2.2.21 and earlier</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p2">NOTE TO MIT USERS: Before installing Java updates to a comp=
uter in the MIT environment, please review this article:
<a href=3D"http://kb.mit.edu/confluence/pages/viewpage.action?pageId=3D1511=
02086">Which Java version should I install?</a></p>
<p class=3D"p1"><br>
</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p2">--------------------------------------------</p>
<p class=3D"p2">2. Internet Wiretapping Explained</p>
<p class=3D"p2">--------------------------------------------</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p2">With the revelation of the Prism program, and with warrantl=
ess wiretapping being the topic of the day, there has been much confusion a=
nd speculation in the debates.
<a href=3D"http://bigstory.ap.org/article/secret-prism-success-even-bigger-=
data-seizure">
This article from the Associated Press</a> explains in clear terms what we =
know, and what it means for our data.</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p2"><a href=3D"http://www.zdnet.com/how-did-mainstream-media-ge=
t-the-nsa-prism-story-so-hopelessly-wrong-7000016822/">This article from ZD=
Net</a> corrects some of the misleading stories in the mainstream media.</=
p>
<p class=3D"p1"><br>
</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p2">---------------------------------------------------</p>
<p class=3D"p2">3. Teaching Teens about Identity Theft</p>
<p class=3D"p2">---------------------------------------------------</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p2">According to the Juvenile Justice Information Exchange, &qu=
ot;kids under the age of 18 are 51 times more likely to become victims of i=
dentity theft than their parents."</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p2">This summer teens are likely to spend a lot of time online =
and many of them don't think that anything can happen to them. They are muc=
h more likely to fall for a scam.</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p2">Learn what you can do to <a href=3D"http://moneyning.com/cr=
edit/teaching-teens-to-prevent-identity-theft/">
teach your teen about preventing identity theft</a>.</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p3">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p>
<p class=3D"p3">Read all Security FYI Newsletter articles and submit commen=
ts online at
<a href=3D"http://securityfyi.wordpress.com/">http://securityfyi.wordpress.=
com/</a>.</p>
<p class=3D"p3">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p>
<p class=3D"p4"><br>
</p>
<div><br>
<div style=3D"font-family:Tahoma; font-size:13px">
<div class=3D"BodyFragment"><font size=3D"2">
<div class=3D"PlainText">Monique Yeaton<br>
IT Security Communications Consultant<br>
Information Services & Technology, MIT<br>
http://ist.mit.edu/security</div>
</font></div>
</div>
</div>
</div>
</body>
</html>
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F310D9FOC11EXPO24excha_--
--===============0214234271==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0214234271==--
