[IS&T Security-FYI] Newsletter, Feb. 1, 2007
Monique Yeaton
myeaton at MIT.EDU
Thu Feb 1 17:09:57 EST 2007
This issue of Security-FYI includes:
1. Microsoft Word Flaw Update
2. Medium Risk Vulnerability in PGP Desktop
3. Safety Tip of the Week
---------------------------------------
1. Microsoft Word Flaw Update
---------------------------------------
In January I mentioned in the newsletter that Microsoft is monitoring
three previously reported zero-day Word vulnerabilities but has not
yet released a patch. This past week a fourth vulnerability has been
reported. These are targeted attacks and pose a low risk to most
users. Still, Microsoft cautions against opening any Word attachments
coming from untrusted sources. MIT's email server should also catch
any infected files before they reach your inbox.
To read up on this:
<http://www.eweek.com/article2/0%2C1895%2C2087554%2C00.asp>
<http://www.microsoft.com/technet/security/advisory/932114.mspx?
pubDate=2007-01-26>
--------------------------------------------------------
2. Medium Risk Vulnerability in PGP Desktop
--------------------------------------------------------
A flaw has been found in PGP Desktop encryption tool and users are
recommended to upgrade to the latest version of the software.
Vulnerability testers NGS Software rated the flaw as a 'medium risk'
and said that it affects versions of the software earlier than PGP
Desktop 9.5.1.
To read up on this:
<http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-
pgp-desktop/>
<http://www.vnunet.com/vnunet/news/2173564/flaw-found-pgp-encryption>
<https://pgp.custhelp.com/cgi-bin/pgp.cfg/php/enduser/std_adp.php?
p_faqid=703&p_li=&p_topview=1>
--------------------------------
3. Safety Tip of the Week
--------------------------------
Spam has gotten very sneaky these days. Perhaps because they know
that people are starting to catch on and that email systems are
filtering most spam before it can reach people's in boxes, spammers
look for ways to get around the blocks. One way in which they do this
is by deceptively gathering email addresses by sending you to a hoax
site. One of those hoax sites actually claims to be a "National Do
Not E-mail Registry." They appeal to those people who are fed up with
spam and want to actively do something about it. Only it's a trick,
warns the FTC, meant to deceive you into revealing personal
information. Makes you wonder what causes people to kick you when
you're down, doesn't it?
More about this hoax can be found here:
<http://www.nasafcu.com/l2.aspx?ci=638>
If you have any questions please contact us at security at mit.edu or if
you need help with your computer contact the Computing Help Desk at
computing-help at mit.edu.
Don't forget to check out our Blog !! :
<http://bloggeroff.mit.edu/blogs/security/>
Happy computing,
Monique
=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security
More information about the ist-security-fyi
mailing list