[8384] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, November 12, 2013
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Tue Nov 12 15:37:15 2013
Resent-From: ist-security-fyi@MIT.EDU
From: Monique Yeaton <myeaton@MIT.EDU>
To: ist-security-fyi <ist-security-fyi@MIT.EDU>
Date: Tue, 12 Nov 2013 20:34:56 +0000
Message-ID: <3ACED3B2A8CEFB4598A845F07FD4A05F3AA314E8@OC11EXPO24.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============2024411158=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============2024411158==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_3ACED3B2A8CEFB4598A845F07FD4A05F3AA314E8OC11EXPO24excha_"
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F3AA314E8OC11EXPO24excha_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. November 2013 Security Updates from Microsoft
2. Follow Up to Adobe Network Breach
3. Securing the Human=92s Video of the Month: Encryption
--------------------------------------------------------------------
1. November 2013 Security Updates from Microsoft
--------------------------------------------------------------------
Today, Tuesday November 12, Microsoft is releasing eight new security bulle=
tins<http://technet.microsoft.com/en-us/security/bulletin/ms13-nov>. Three =
of the bulletins are rated critical. Systems affected:
* Internet Explorer
* Windows
* Office
* Outlook
It is recommended to accept the updates. MIT WAUS subscribers will receive =
the updates after they have been tested for compatibility. Installing the b=
ulletins manually will require a restart.
The bulletins will not include a fix for the zero-day threat to Windows<htt=
p://nakedsecurity.sophos.com/2013/11/06/microsoft-warns-windows-users-of-ze=
ro-day-danger-from-booby-trapped-image-files/>. Apparently there is a hole =
through which criminals can get control of your computer. The flaw is in th=
e way applications handle specially-crafted image files.
Although there is no patch, Microsoft has published a =93Fix it tool<https:=
//support.microsoft.com/kb/2896666>=94 that will render your computer immun=
e to this type of attack.
---------------------------------------------------
2. Follow Up to Adobe Network Breach
---------------------------------------------------
Last month this newsletter announced that the Adobe network had been attack=
ed<http://securityfyi.wordpress.com/2013/10/08/adobe-network-attacked/>.
On October 3rd of 2013 hackers broke into Adobe network and stole source co=
de for a range of products, including ColdFusion and Acrobat family of prod=
ucts. The breach also affected what was at that time estimated to be 2.9 mi=
llion users but later was revised to include at least 38 million users. Ado=
be said hackers had stolen nearly 3 million encrypted customer credit card =
records, as well as login data for an undetermined number of Adobe user acc=
ounts.
The breach happened in early October but the stolen accounts were not publi=
shed on the web until early November. The published data includes 10s of mi=
llions of accounts with IDs, email addresses, encrypted passwords and more.=
(Read the full follow-up story.<http://nakedsecurity.sophos.com/2013/11/04=
/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/>)
If you haven=92t done so already, please update the password for your adobe=
.com account immediately. As an additional precaution, make sure you change=
any accounts using the same password as your adobe.com account.
If you use a tool such as LastPass<https://lastpass.com/> for password mana=
gement, here is an additional tip: The LastPass Security Challenge, located=
in the Tools menu of the LastPass add-on, will help find any other account=
s using the same password as the leaked account. Go to the plug-in > Tools =
> Security Check.
[Source: LastPass.com]
--------------------------------------------------------------------------
3. Securing the Human=92s Video of the Month: Encryption
---------------------------------------------------------------------------
To raise awareness, each month SANS offers free access to its Securing the =
Human training videos. This month=92s video is on encryption, one of the ke=
y methods to securing data, yet many people do not understand what it is or=
how it works. It takes less than 2 minutes to watch the video<http://www.s=
ecuringthehuman.org/resources/ncsam>.
If you have extra time, watch a full range of the Securing the Human videos=
within the MIT Learning Center. <http://kb.mit.edu/confluence/x/bB4YCQ>
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F3AA314E8OC11EXPO24excha_
Content-Type: text/html; charset="Windows-1252"
Content-ID: <6DFCDBF36A8F054EA7E06A338416CA49@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif;">
<div>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;">In this=
issue:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">1. November 2013 Security=
Updates from Microsoft </p>
<p style=3D"margin: 0px; font-family: Helvetica;">2. Follow Up to Adobe Net=
work Breach</p>
<p style=3D"margin: 0px; font-family: Helvetica;">3. Securing the Human=92s=
Video of the Month: Encryption</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
-------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica;">1. November 2013 Security=
Updates from Microsoft </p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
-------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">Today, Tuesday November 1=
2, Microsoft is releasing eight new
<a href=3D"http://technet.microsoft.com/en-us/security/bulletin/ms13-nov">s=
ecurity bulletins</a>. Three of the bulletins are rated critical. Systems a=
ffected:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<ul>
<li style=3D"margin: 0px; font-family: Helvetica;">Internet Explorer </li><=
li style=3D"margin: 0px; font-family: Helvetica;">Windows </li><li style=3D=
"margin: 0px; font-family: Helvetica;">Office </li><li style=3D"margin: 0px=
; font-family: Helvetica;">Outlook </li></ul>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">It is recommended to acce=
pt the updates. MIT WAUS subscribers will receive the updates after they ha=
ve been tested for compatibility. Installing the bulletins manually will re=
quire a restart. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">The bulletins will not in=
clude a fix for
<a href=3D"http://nakedsecurity.sophos.com/2013/11/06/microsoft-warns-windo=
ws-users-of-zero-day-danger-from-booby-trapped-image-files/">
the zero-day threat to Windows</a>. Apparently there is a hole through whic=
h criminals can get control of your computer. The flaw is in the way applic=
ations handle specially-crafted image files. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">Although there is no patc=
h, Microsoft has published a =93<a href=3D"https://support.microsoft.com/kb=
/2896666">Fix it tool</a>=94 that will render your computer immune to this =
type of attack.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
--------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica;">2. Follow Up to Adobe Net=
work Breach</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
--------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">Last month this newslette=
r announced that
<a href=3D"http://securityfyi.wordpress.com/2013/10/08/adobe-network-attack=
ed/">the Adobe network had been attacked</a>. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">On October 3rd of 2013 ha=
ckers broke into Adobe network and stole source code for a range of product=
s, including ColdFusion and Acrobat family of products. The breach also aff=
ected what was at that time estimated
to be 2.9 million users but later was revised to include at least 38 milli=
on users. Adobe said hackers had stolen nearly 3 million encrypted customer=
credit card records, as well as login data for an undetermined number of A=
dobe user accounts. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">The breach happened in ea=
rly October but the stolen accounts were not published on the web until ear=
ly November. The published data includes 10s of millions of accounts with I=
Ds, email addresses, encrypted passwords
and more. (<a href=3D"http://nakedsecurity.sophos.com/2013/11/04/anatomy-o=
f-a-password-disaster-adobes-giant-sized-cryptographic-blunder/">Read the f=
ull follow-up story.</a>)</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"> <=
/p>
<p style=3D"margin: 0px; font-family: Helvetica;">If you haven=92t done so =
already, please update the password for your adobe.com account immediately.=
As an additional precaution, make sure you change any accounts using the s=
ame password as your adobe.com account.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">If you use a tool such as=
<a href=3D"https://lastpass.com/">
LastPass</a> for password management, here is an additional tip: The LastPa=
ss Security Challenge, located in the Tools menu of the LastPass add-on, wi=
ll help find any other accounts using the same password as the leaked accou=
nt. Go to the plug-in > Tools >
Security Check.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">[Source: LastPass.com]</p=
>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
-------------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica;">3. Securing the Human=92s=
Video of the Month: Encryption</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
--------------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">To raise awareness, each =
month SANS offers free access to its Securing the Human training videos. Th=
is month=92s video is on encryption, one of the key methods to securing dat=
a, yet many people do not understand
what it is or how it works. It takes less than 2 minutes to <a href=3D"htt=
p://www.securingthehuman.org/resources/ncsam">
watch the video</a>. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">If you have extra time, w=
atch a full range of the
<a href=3D"http://kb.mit.edu/confluence/x/bB4YCQ">Securing the Human videos=
within the MIT Learning Center. </a></p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
</div>
<div><span class=3D"Apple-style-span" style=3D"border-collapse: separate; f=
ont-family: Calibri; font-size: medium; border-spacing: 0px;"><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px; font-family: Helvetica; font-size: 14px; orphans: 2; widows: 2;">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; border=
-spacing: 0px;"><span class=3D"Apple-style-span" style=3D"border-collapse: =
separate; border-spacing: 0px;"><span class=3D"Apple-style-span" style=3D"b=
order-collapse: separate; border-spacing: 0px;"><span class=3D"Apple-style-=
span" style=3D"border-collapse: separate; border-spacing: 0px;"><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px;"><span class=3D"Apple-style-span" style=3D"border-collapse: separate; b=
order-spacing: 0px; font-size: 12px;">
<div>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial;">=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial;">Read all Sec=
urity FYI Newsletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/">http://securityfyi.wordpress.=
com/</a>.</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial;">=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial;"><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial;"><br>
</p>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F3AA314E8OC11EXPO24excha_--
--===============2024411158==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============2024411158==--
