[8113] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, October 8, 2013
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Tue Oct 8 09:53:57 2013
Resent-From: ist-security-fyi@mit.edu
From: Monique Yeaton <myeaton@mit.edu>
To: ist-security-fyi <ist-security-fyi@mit.edu>
Date: Tue, 8 Oct 2013 13:50:13 +0000
Message-ID: <3ACED3B2A8CEFB4598A845F07FD4A05F323F78BC@OC11EXPO24.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0365440517=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============0365440517==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_3ACED3B2A8CEFB4598A845F07FD4A05F323F78BCOC11EXPO24excha_"
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F323F78BCOC11EXPO24excha_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Adobe Network Attacked
2. Security Updates for Adobe Reader and Acrobat
3. October 2013 Security Updates from Microsoft
-------------------------------------
1. Adobe Network Attacked
-------------------------------------
Adobe's security team recently discovered sophisticated attacks on their ne=
twork, involving the illegal access of information for approximately 2.9 mi=
llion Adobe customers, as well as source code for numerous Adobe products. =
Adobe believes attacks may be related. They are working diligently, both in=
ternally and with partners and law enforcement, to address the incident.
Adobe recommends these steps<http://helpx.adobe.com/x-productkb/policy-pric=
ing/customer-alert.html?promoid=3DKHQGF>:
* Reset your Adobe ID and password.
* Protect yourself against phishing.
IS&T recommends using the same vigilance as always for safe computing. If y=
ou are taking proactive steps to secure your computer, including applying p=
atches immediately after release, and using virus protection software, ther=
e is a good chance of avoiding any issues.
Read the full Adobe security alert.<http://helpx.adobe.com/x-productkb/poli=
cy-pricing/customer-alert.html?promoid=3DKHQGF>
An MIT colleague mentioned to me that the Adobe security alert was also ema=
iled out to Adobe customers. If you did receive one, you might be tempted t=
o ignore it, or assume it is a scam.
As with all emails that might seem fake, be sure to verify that the email c=
ame from an Adobe email address and that any links embedded in the message =
truly link to an adobe.com web page. Other things to look for in "phishy" e=
mails<http://kb.mit.edu/confluence/x/SBhB>.
--------------------------------------------------------------------
2. Security Updates for Adobe Reader and Acrobat
--------------------------------------------------------------------
Unrelated to the above problems, Adobe is planning to release security upda=
tes<http://www.adobe.com/support/security/bulletins/apsb13-25.html> on Tues=
day, October 8 for Adobe Reader and Acrobat XI for Windows.
-----------------------------------------------------------------
3. October 2013 Security Updates from Microsoft
-----------------------------------------------------------------
On Tuesday, October 8, Microsoft is planning to release eight new security =
bulletins<http://technet.microsoft.com/en-us/security/bulletin/ms13-oct>. A=
ffected software:
* Windows
* Internet Explorer
* Microsoft Office
* Microsoft Office for Mac
It is recommended to accept the updates. MIT WAUS subscribes will receive t=
he updates after they have been tested for compatibility.
The updates include a fix for a zero-day vulnerability in Internet Explorer=
<http://www.zdnet.com/8-microsoft-patches-coming-including-ie-zero-day-7000=
021538/>, that is actively being exploited.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F323F78BCOC11EXPO24excha_
Content-Type: text/html; charset="us-ascii"
Content-ID: <CBB30374B01F354B83F1496F0BB91702@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif; ">
<div>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; ">In thi=
s issue:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. Adobe Network Attacke=
d</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. Security Updates for =
Adobe Reader and Acrobat</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. October 2013 Security=
Updates from Microsoft</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. Adobe Network Attacke=
d</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Adobe's security team re=
cently discovered sophisticated attacks on their network, involving the ill=
egal access of information for approximately 2.9 million Adobe customers, a=
s well as source code for numerous
Adobe products. Adobe believes attacks may be related. They are working di=
ligently, both internally and with partners and law enforcement, to address=
the incident.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Adobe recommends <a href=
=3D"http://helpx.adobe.com/x-productkb/policy-pricing/customer-alert.html?p=
romoid=3DKHQGF">
these steps</a>:</p>
<ul>
<li style=3D"margin: 0px; font-family: Helvetica; ">Reset your Adobe ID and=
password.
</li><li style=3D"margin: 0px; font-family: Helvetica; ">Protect yourself a=
gainst phishing.
</li></ul>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">IS&T recommends usin=
g the same vigilance as always for safe computing. If you are taking proact=
ive steps to secure your computer, including applying patches immediately a=
fter release, and using virus protection
software, there is a good chance of avoiding any issues.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://helpx.=
adobe.com/x-productkb/policy-pricing/customer-alert.html?promoid=3DKHQGF">R=
ead the full Adobe security alert.</a></p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">An MIT colleague mention=
ed to me that the Adobe security alert was also emailed out to Adobe custom=
ers. If you did receive one, you might be tempted to ignore it, or assume i=
t is a scam. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">As with all emails that =
might seem fake, be sure to verify that the email came from an Adobe email =
address and that any links embedded in the message truly link to an adobe.c=
om web page.
<a href=3D"http://kb.mit.edu/confluence/x/SBhB">Other things to look for in=
"phishy" emails</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
--------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. Security Updates for =
Adobe Reader and Acrobat</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
--------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Unrelated to the above p=
roblems,
<a href=3D"http://www.adobe.com/support/security/bulletins/apsb13-25.html">=
Adobe is planning to release security updates</a> on Tuesday, October 8 for=
Adobe Reader and Acrobat XI for Windows.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-----------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. October 2013 Security=
Updates from Microsoft</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------------------------------- </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">On Tuesday, October 8, M=
icrosoft is planning to release eight new
<a href=3D"http://technet.microsoft.com/en-us/security/bulletin/ms13-oct">s=
ecurity bulletins</a>. Affected software:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<ul>
<li style=3D"margin: 0px; font-family: Helvetica; ">Windows </li><li style=
=3D"margin: 0px; font-family: Helvetica; ">Internet Explorer </li><li style=
=3D"margin: 0px; font-family: Helvetica; ">Microsoft Office </li><li style=
=3D"margin: 0px; font-family: Helvetica; ">Microsoft Office for Mac </li></=
ul>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">It is recommended to acc=
ept the updates. MIT WAUS subscribes will receive the updates after they ha=
ve been tested for compatibility.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">The updates include a <a=
href=3D"http://www.zdnet.com/8-microsoft-patches-coming-including-ie-zero-=
day-7000021538/">
fix for a zero-day vulnerability in Internet Explorer</a>, that is actively=
being exploited. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Arial; ">=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p=
>
<p style=3D"margin: 0px; font-family: Arial; ">Read all Security FYI Newsle=
tter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/">http://securityfyi.wordpress.=
com/</a>.</p>
<p style=3D"margin: 0px; font-family: Arial; ">=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p=
>
<p style=3D"margin: 0px; font-family: Arial; "><br>
</p>
</div>
<div><span class=3D"Apple-style-span" style=3D"border-collapse: separate; f=
ont-family: Calibri; font-size: medium; border-spacing: 0px; "><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px; font-family: Helvetica; font-size: 14px; ">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; border=
-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse:=
separate; border-spacing: 0px; "><span class=3D"Apple-style-span" style=3D=
"border-collapse: separate; border-spacing: 0px; "><span class=3D"Apple-sty=
le-span" style=3D"border-collapse: separate; border-spacing: 0px; "><span c=
lass=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacin=
g: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separa=
te; border-spacing: 0px; font-size: 12px; ">
<div><br>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F323F78BCOC11EXPO24excha_--
--===============0365440517==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0365440517==--
