[8062] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, August 19, 2013
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Aug 19 17:06:49 2013
Resent-From: ist-security-fyi@MIT.EDU
From: Monique Yeaton <myeaton@MIT.EDU>
To: ist-security-fyi <ist-security-fyi@MIT.EDU>
Date: Mon, 19 Aug 2013 21:04:35 +0000
Message-ID: <3ACED3B2A8CEFB4598A845F07FD4A05F2F3A387F@OC11EXPO24.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1397317193=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============1397317193==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F3A387FOC11EXPO24excha_"
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F3A387FOC11EXPO24excha_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. August 2013 Security Updates from Microsoft
2. The MIT Network Security Policy
3. Android Malware Spreading Through Mobile Ads
----------------------------------------------------------------
1. August 2013 Security Updates from Microsoft
----------------------------------------------------------------
Last week Microsoft released eight security bulletins<http://technet.micros=
oft.com/en-us/security/bulletin/ms13-aug> to address vulnerabilities in the=
following systems:
* Microsoft Windows
* Microsoft Server
* Internet Explorer
It is recommended to accept the updates. The patches have been approved for=
deployment via MIT WAUS (Windows Automatic Update Services).
-----------------------------------------------
2. The MIT Network Security Policy
-----------------------------------------------
On April 2, earlier this year, the MIT News Office reprinted a letter<http:=
//web.mit.edu/itgc/letters/security-memo.html> that Executive Vice Presiden=
t and Treasurer Israel Ruiz sent to the Academic Council detailing planned =
improvements in emergency preparedness, emergency communication protocols a=
nd network security practices.
The improvements, including implementation of the MITnet firewall, as well =
as password policies<http://kb.mit.edu/confluence/display/istcontrib/Strong=
+Passwords> are taking affect this summer.
For more details on the network security policy, see IS&T's Campus Security=
FAQ<http://kb.mit.edu/confluence/display/istcontrib/Campus+Network+Securit=
y+FAQ>.
Additional guidance on how eligible members of the MIT community can opt sy=
stems out of the campus network firewall can be found here<https://kb.mit.e=
du/confluence/pages/viewpage.action?pageId=3D151108614>.
Questions about these changes can be sent to cybersecurity-questions@mit.ed=
u<http://cybersecurity-questions@mit.edu>.
--------------------------------------------------------------------
3. Android Malware Spreading Through Mobile Ads
--------------------------------------------------------------------
Malware targeting Android devices has been found to be spreading through mo=
bile advertisement networks. Many developers include advertising frameworks=
in their apps to help boost profits. Advertisements in mobile apps are ser=
ved by code that is part of the app itself. An attack scheme in Asia involv=
ed a rogue ad network pushing code onto devices. When users download and in=
stall legitimate apps, the malware prompts users to approve its installatio=
n, appearing to be part of the process for the app they have just downloade=
d.
Learn more in the news<http://www.computerworld.com/s/article/9241596/New_A=
ndroid_malware_is_being_distributed_through_mobile_ad_networks>.
How to protect your Android device at MIT<http://kb.mit.edu/confluence/disp=
lay/istcontrib/Android+at+MIT>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F3A387FOC11EXPO24excha_
Content-Type: text/html; charset="us-ascii"
Content-ID: <A6211E55322F174783B055A5AE8A28C8@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif; ">
<div>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; ">In thi=
s issue:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. August 2013 Security =
Updates from Microsoft</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. The MIT Network Secur=
ity Policy</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. Android Malware Sprea=
ding Through Mobile Ads</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. August 2013 Security =
Updates from Microsoft</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Last week Microsoft rele=
ased <a href=3D"http://technet.microsoft.com/en-us/security/bulletin/ms13-a=
ug">
eight security bulletins</a> to address vulnerabilities in the following sy=
stems:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<ul>
<li style=3D"margin: 0px; font-family: Helvetica; ">Microsoft Windows </li>=
<li style=3D"margin: 0px; font-family: Helvetica; ">Microsoft Server </li><=
li style=3D"margin: 0px; font-family: Helvetica; ">Internet Explorer </li><=
/ul>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">It is recommended to acc=
ept the updates. The patches have been approved for deployment via MIT WAUS=
(Windows Automatic Update Services).</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-----------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. The MIT Network Secur=
ity Policy</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-----------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">On April 2, earlier this=
year, the MIT News Office reprinted a
<a href=3D"http://web.mit.edu/itgc/letters/security-memo.html">letter</a> t=
hat Executive Vice President and Treasurer Israel Ruiz sent to the Academic=
Council detailing planned improvements in emergency preparedness, emergenc=
y communication protocols and network
security practices.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">The improvements, includ=
ing implementation of the MITnet firewall, as well as
<a href=3D"http://kb.mit.edu/confluence/display/istcontrib/Strong+Passw=
ords">password policies</a> are taking affect this summer. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">For more details on the =
network security policy, see IS&T's
<a href=3D"http://kb.mit.edu/confluence/display/istcontrib/Campus+Netwo=
rk+Security+FAQ">
Campus Security FAQ</a>. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Additional guidance on h=
ow eligible members of the MIT community can opt systems out of the campus =
network firewall can be found
<a href=3D"https://kb.mit.edu/confluence/pages/viewpage.action?pageId=3D151=
108614">here</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Questions about these ch=
anges can be sent to
<a href=3D"http://cybersecurity-questions@mit.edu">cybersecurity-questions@=
mit.edu</a>. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
--------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. Android Malware Sprea=
ding Through Mobile Ads</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
--------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Malware targeting Androi=
d devices has been found to be spreading through mobile advertisement netwo=
rks. Many developers include advertising frameworks in their apps to help b=
oost profits. Advertisements in mobile
apps are served by code that is part of the app itself. An attack scheme i=
n Asia involved a rogue ad network pushing code onto devices. When users do=
wnload and install legitimate apps, the malware prompts users to approve it=
s installation, appearing to be
part of the process for the app they have just downloaded.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://www.co=
mputerworld.com/s/article/9241596/New_Android_malware_is_being_distributed_=
through_mobile_ad_networks">Learn more in the news</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://kb.mit=
.edu/confluence/display/istcontrib/Android+at+MIT">How to protect y=
our Android device at MIT</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "></p>
<p style=3D"margin: 0px; font-family: Arial; ">=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p=
>
<p style=3D"margin: 0px; font-family: Arial; ">Read all Security FYI Newsle=
tter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/">http://securityfyi.wordpress.=
com/</a>.</p>
<p style=3D"margin: 0px; font-family: Arial; ">=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p=
>
<p></p>
</div>
<div><br>
</div>
<div><span class=3D"Apple-style-span" style=3D"border-collapse: separate; f=
ont-family: Calibri; font-size: medium; border-spacing: 0px; "><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px; font-family: Helvetica; font-size: 14px; ">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; border=
-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse:=
separate; border-spacing: 0px; "><span class=3D"Apple-style-span" style=3D=
"border-collapse: separate; border-spacing: 0px; "><span class=3D"Apple-sty=
le-span" style=3D"border-collapse: separate; border-spacing: 0px; "><span c=
lass=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacin=
g: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separa=
te; border-spacing: 0px; font-size: 12px; ">
<div><br>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F3A387FOC11EXPO24excha_--
--===============1397317193==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1397317193==--
