[8590] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, November 19, 2013
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Tue Nov 19 10:00:50 2013
Resent-From: ist-security-fyi@MIT.EDU
From: Monique Yeaton <myeaton@MIT.EDU>
To: ist-security-fyi <ist-security-fyi@MIT.EDU>
Date: Tue, 19 Nov 2013 14:58:24 +0000
Message-ID: <3ACED3B2A8CEFB4598A845F07FD4A05F3AA4A098@OC11EXPO24.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1627231314=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============1627231314==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_3ACED3B2A8CEFB4598A845F07FD4A05F3AA4A098OC11EXPO24excha_"
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F3AA4A098OC11EXPO24excha_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Adobe Releases Security Updates for Flash, ColdFusion
2. CyptoLocker Ransomware Prevention Tips
3. Cyber Monday & Online Shopping
---------------------------------------------------------------------------=
---
1. Adobe Releases Security Updates for Flash, ColdFusion
---------------------------------------------------------------------------=
---
Adobe has released security updates for Flash Player<http://www.adobe.com/s=
upport/security/bulletins/apsb13-26.html> and ColdFusion<http://www.adobe.c=
om/support/security/bulletins/apsb13-27.html> to address four vulnerabiliti=
es. The Flash update is available for Windows, Mac, and Linux. According to=
Adobe, the updates are not related to the recent theft of ColdFusion sourc=
e code.
Read the full article online<http://www.computerworld.com/s/article/9244025=
/Adobe_patches_critical_vulnerabilities_in_Flash_Player_ColdFusion?taxonomy=
Id=3D17>.
------------------------------------------------------------
2. CyptoLocker Ransomware Prevention Tips
------------------------------------------------------------
An article released by US-CERT outlines the impact of this malware, which s=
urfaced earlier this year, and how users can prevent infections. I have pos=
ted the article in the IT Knowledge Base<http://kb.mit.edu/confluence/x/IC4=
YCQ>.
If you have any questions about implementing any of the steps listed in the=
article, please contact your local IT administrator or the IS&T Help Desk<=
http://ist.mit.edu/help>.
Read the article<http://kb.mit.edu/confluence/x/IC4YCQ>.
-------------------------------------------------
3. Cyber Monday & Online Shopping
-------------------------------------------------
More people are expected to shop online on Cyber Monday than visit stores o=
n Black Friday, according to American Express<http://amexspendsave.mediaroo=
m.com/index.php?s=3D34135&item=3D22#assets_123>. The use of mobile devices =
for online shopping is projected to increase as well.
Whether you=92ll be conducting transactions from your desktop, laptop or mo=
bile device, keep these tips in mind to help protect yourself from identity=
theft and other malicious activity:
* Secure your computer and mobile device by making sure they are curren=
t with all operating system and application updates<http://ist.mit.edu/secu=
rity/patches>. Anti-virus software<http://ist.mit.edu/security/malware> sho=
uld be installed and running.
* Use strong passwords<http://ist.mit.edu/security/passwords>. When log=
ging on to your computer or mobile device and when visiting sites or using =
applications for shopping, use passwords that are not used for other accoun=
ts.
* Use applications with caution. Malware could be downloaded onto seemi=
ngly legitimate shopping applications, to steal credit card or other sensit=
ive information.
* Know your online merchants. Limit your shopping to merchants you know=
and trust. Go to them by typing in the URL rather than through a search ba=
r. If you are unsure about a merchant, check with the Better Business Burea=
u<http://www.bbb.org/> or Federal Trade Commission<http://www.consumer.ftc.=
gov/features/feature-0014-identity-theft>.
* Consider using an online payment system or credit card. Where availab=
le, use online payment services, which keep your credit card information st=
ored on a secure server, and let you make purchases online without revealin=
g your card details to retailers (example: PayPal). When you use a card onl=
ine, use a credit, not debit card, which are protected by the Fair Credit B=
illing Act and may reduce your liability.
* Look for =93https=94 before you click to purchase. The =93s=94 stands=
for secure and indicates the transaction will be encrypted. A padlock in y=
our browser=92s status window is another indicator.
* Secure your browser.<http://ist.mit.edu/security/browsers> Make sure =
it is up-to-date with latest security patches. Turn off pop-ups and unwante=
d ads (some browser plug-ins can suppress ads on web pages). You may also s=
et the browser status to =93private,=94<http://browsers.about.com/od/faq/tp=
/Private-Browsing.htm> so that your activity on the Web can not be traced, =
removing any history and cache information from others who may have access =
to the same device.
* Do not use public computers or open wireless networks for your online=
shopping. Criminals may intercept traffic on public wireless to steal sens=
itive information. Make sure the settings for your computer or device preve=
nt it from automatically connecting to open wireless spots.
* Home wireless networks should be secure with authentication requireme=
nts and a strong password.
* Be alert for scams. Cyber criminals try to take advantage of people=
=92s generosity during the holiday season and can use fake charity requests=
to gain access to your information or computer/device. Think before clicki=
ng on emails making these requests. Don=92t give your financial information=
to anyone via email, text or phone, especially when it is unsolicited.
More online shopping assistance can be found at:
* US-CERT<http://www.us-cert.gov/ncas/tips/st07-001>
* OnGuard Online<http://www.onguardonline.gov/articles/0020-shopping-on=
line>
* Microsoft<http://www.microsoft.com/security/online-privacy/finances-r=
ules.aspx>
* Privacy Rights Clearinghouse<https://www.privacyrights.org/Privacy-Wh=
en-You-Shop>
* Internet Crime Complaint Center<http://www.ic3.gov/media/2010/101118.=
aspx>
* Internal Revenue Service<http://www.irs.gov/Charities-&-Non-Profits/E=
xempt-Organizations-Select-Check>
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Read all archived Security FYI Newsletter articles and submit comments onli=
ne at http://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F3AA4A098OC11EXPO24excha_
Content-Type: text/html; charset="Windows-1252"
Content-ID: <64853F054ADB194A978CF3B5245DE7E2@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif;">
<div>
<p style=3D"margin: 0px; font-family: Helvetica;">In this issue:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">1. Adobe Releases Securit=
y Updates for Flash, ColdFusion</p>
<p style=3D"margin: 0px; font-family: Helvetica;">2. CyptoLocker Ransomware=
Prevention Tips</p>
<p style=3D"margin: 0px; font-family: Helvetica;">3. Cyber Monday & Onl=
ine Shopping</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
-----------------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica;">1. Adobe Releases Securit=
y Updates for Flash, ColdFusion</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
-----------------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">Adobe has released securi=
ty updates for
<a href=3D"http://www.adobe.com/support/security/bulletins/apsb13-26.html">=
Flash Player</a> and
<a href=3D"http://www.adobe.com/support/security/bulletins/apsb13-27.html">=
ColdFusion</a> to address four vulnerabilities. The Flash update is availab=
le for Windows, Mac, and Linux. According to Adobe, the updates are not rel=
ated to the recent theft of ColdFusion
source code.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"http://www.com=
puterworld.com/s/article/9244025/Adobe_patches_critical_vulnerabilities_in_=
Flash_Player_ColdFusion?taxonomyId=3D17">Read the full article online</a>.<=
/p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
-----------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica;">2. CyptoLocker Ransomware=
Prevention Tips</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
-----------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">An article released by US=
-CERT outlines the impact of this malware, which surfaced earlier this year=
, and how users can prevent infections. I have posted the article in the
<a href=3D"http://kb.mit.edu/confluence/x/IC4YCQ">IT Knowledge Base</a>.&nb=
sp;</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">If you have any questions=
about implementing any of the steps listed in the article, please contact =
your local IT administrator or the
<a href=3D"http://ist.mit.edu/help">IS&T Help Desk</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"http://kb.mit.=
edu/confluence/x/IC4YCQ">Read the article</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica;">3. Cyber Monday & Onl=
ine Shopping</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">More people are expected =
to shop online on Cyber Monday than visit stores on Black Friday, according=
to
<a href=3D"http://amexspendsave.mediaroom.com/index.php?s=3D34135&item=
=3D22#assets_123">
American Express</a>. The use of mobile devices for online shopping is proj=
ected to increase as well. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">Whether you=92ll be condu=
cting transactions from your desktop, laptop or mobile device, keep these t=
ips in mind to help protect yourself from identity theft and other maliciou=
s activity:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<ul>
<li style=3D"margin: 0px; font-family: Helvetica;">Secure your computer and=
mobile device by making sure they are current with all operating system an=
d application
<a href=3D"http://ist.mit.edu/security/patches">updates</a>. <a href=3D"htt=
p://ist.mit.edu/security/malware">
Anti-virus software</a> should be installed and running. </li><li sty=
le=3D"margin: 0px; font-family: Helvetica;">Use strong <a href=3D"http://is=
t.mit.edu/security/passwords">
passwords</a>. When logging on to your computer or mobile device and when v=
isiting sites or using applications for shopping, use passwords that are no=
t used for other accounts.
</li><li style=3D"margin: 0px; font-family: Helvetica;">Use applications wi=
th caution. Malware could be downloaded onto seemingly legitimate shopping =
applications, to steal credit card or other sensitive information.
</li><li style=3D"margin: 0px; font-family: Helvetica;">Know your online me=
rchants. Limit your shopping to merchants you know and trust. Go to them by=
typing in the URL rather than through a search bar. If you are unsure abou=
t a merchant, check with the
<a href=3D"http://www.bbb.org/">Better Business Bureau</a> or <a href=3D"ht=
tp://www.consumer.ftc.gov/features/feature-0014-identity-theft">
Federal Trade Commission</a>. </li><li style=3D"margin: 0px; font-fam=
ily: Helvetica;">Consider using an online payment system or credit card. Wh=
ere available, use online payment services, which keep your credit card inf=
ormation stored on a secure server, and let you make purchases online witho=
ut
revealing your card details to retailers (example: PayPal). When you use a=
card online, use a credit, not debit card, which are protected by the Fair=
Credit Billing Act and may reduce your liability.
</li><li style=3D"margin: 0px; font-family: Helvetica;">Look for =93https=
=94 before you click to purchase. The =93s=94 stands for secure and indicat=
es the transaction will be encrypted. A padlock in your browser=92s status =
window is another indicator.
</li><li style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"http://i=
st.mit.edu/security/browsers">Secure your browser.</a> Make sure it is up-t=
o-date with latest security patches. Turn off pop-ups and unwanted ads (som=
e browser plug-ins can suppress ads on web
pages). You may also set the <a href=3D"http://browsers.about.com/od/faq/t=
p/Private-Browsing.htm">
browser status to =93private,=94</a> so that your activity on the Web can n=
ot be traced, removing any history and cache information from others who ma=
y have access to the same device.
</li><li style=3D"margin: 0px; font-family: Helvetica;">Do not use public c=
omputers or open wireless networks for your online shopping. Criminals may =
intercept traffic on public wireless to steal sensitive information. Make s=
ure the settings for your computer or device
prevent it from automatically connecting to open wireless spots. </li><li =
style=3D"margin: 0px; font-family: Helvetica;">Home wireless networks shoul=
d be secure with authentication requirements and a strong password.
</li><li style=3D"margin: 0px; font-family: Helvetica;">Be alert for scams.=
Cyber criminals try to take advantage of people=92s generosity during the =
holiday season and can use fake charity requests to gain access to your inf=
ormation or computer/device. Think before
clicking on emails making these requests. Don=92t give your financial info=
rmation to anyone via email, text or phone, especially when it is unsolicit=
ed.
</li></ul>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">More online shopping assi=
stance can be found at:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<ul>
<li style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"http://www.us=
-cert.gov/ncas/tips/st07-001">US-CERT</a>
</li><li style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"http://w=
ww.onguardonline.gov/articles/0020-shopping-online">OnGuard Online</a>
</li><li style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"http://w=
ww.microsoft.com/security/online-privacy/finances-rules.aspx">Microsoft</a>
</li><li style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"https://=
www.privacyrights.org/Privacy-When-You-Shop">Privacy Rights Clearinghouse</=
a>
</li><li style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"http://w=
ww.ic3.gov/media/2010/101118.aspx">Internet Crime Complaint Center</a>
</li><li style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"http://w=
ww.irs.gov/Charities-&-Non-Profits/Exempt-Organizations-Select-Check">I=
nternal Revenue Service</a>
</li></ul>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D</p>
<p style=3D"margin: 0px; font-family: Helvetica;">Read all archived Securit=
y FYI Newsletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"color: rgb(4, =
46, 238);">http://securityfyi.wordpress.com/</span></a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
</div>
<div><span class=3D"Apple-style-span" style=3D"border-collapse: separate; f=
ont-family: Calibri; font-size: medium; border-spacing: 0px;"><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px; font-family: Helvetica; font-size: 14px; orphans: 2; widows: 2;">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; border=
-spacing: 0px;"><span class=3D"Apple-style-span" style=3D"border-collapse: =
separate; border-spacing: 0px;"><span class=3D"Apple-style-span" style=3D"b=
order-collapse: separate; border-spacing: 0px;"><span class=3D"Apple-style-=
span" style=3D"border-collapse: separate; border-spacing: 0px;"><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px;"><span class=3D"Apple-style-span" style=3D"border-collapse: separate; b=
order-spacing: 0px; font-size: 12px;">
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F3AA4A098OC11EXPO24excha_--
--===============1627231314==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1627231314==--
