[IS&T Security-FYI] SFYI Newsletter, July 27, 2009

Monique Yeaton myeaton at MIT.EDU
Mon Jul 27 16:47:47 EDT 2009 

In this issue:

1. Flaw Found in Adobe Products
2. Microsoft Releasing Out-of-Band Bulletins
3. Who is Replying to Spam?
4. GMail's Anti-Phishing Key
5. U.S. CyberCom Approved


------------------------------------------
1. Flaw Found in Adobe Products
------------------------------------------

Adobe plans to patch a critical vulnerability in Flash, Reader and  
Acrobat this week. The patches for Flash are scheduled to be available  
by July 30 and patches for Reader and Acrobat on July 31. The flaw is  
already being exploited.

Systems affected:

  * Adobe Flash Player 10.0.22.87 and earlier 10.x versions
  * Adobe Flash Player 9.0.159.0 and earlier 9.x versions
  * Adobe Reader and Acrobat 9.1.2 and earlier 9.x versions

Read the full story here: <http://voices.washingtonpost.com/securityfix/2009/07/attackers_target_new_adobe_fla.html 
 >


--------------------------------------------------------
2. Microsoft Releasing Out-of-Band Bulletins
--------------------------------------------------------

Microsoft has sent advance notification of two out-of-band security  
bulletins that the company is intending to release on July 28, 2009.

One bulletin will be for the Microsoft Visual Studio product line;  
application developers should be aware of updates available affecting  
certain types of applications.

The second bulletin contains defense-in-depth changes to Internet  
Explorer to address attack vectors related to the Visual Studio  
bulletin, as well as fixes for unrelated vulnerabilities that are  
rated Critical.

Read the notification in full here: <http://www.microsoft.com/technet/security/bulletin/ms09-jul-ans.mspx 
 >


------------------------------------
3. Who is Replying to Spam?
------------------------------------

The anti-spam group MAAWG did a survey on consumer email behavior and  
security awareness. MAAWG is the Messaging Anti-Abuse Working Group (www.maawg.org 
). The survey showed that almost a third of consumers admitted to  
responding to a message they suspected might be spam and about 80  
percent of users doubted their computers were at risk of ever being  
infected with a "bot," which is a covertly planted virus capable of  
sending spam or causing other damage without the user's knowledge.

The report "A Look at Consumers' Awareness of Email Security and  
Practices" (available as download from their website) is based on 800  
interviews with computer users in the U.S. and Canada who said they  
were not security experts and who used email addresses that were not  
managed by a professional IT department. The survey also found that  
about two-thirds of the respondents considered themselves "very" or  
"somewhat" knowledgeable in Internet security. However, 21 percent  
said they take no action to prevent abusive messages from entering  
their inbox.

Read the full story here: <http://www.maawg.org/news/maawg090715>

MIT has a spam filter for incoming mail. Learn more about the new Spam  
Quarantine service here:
<http://ist.mit.edu/news/spamquarantine>


------------------------------------
4. GMail's Anti-Phishing Key
------------------------------------

If you use Gmail (and I'm not suggesting or recommending that you do  
or don't), and are a heavy user of either eBay or PayPal, you may have  
some extra protection from phishing scams targeting customers of   
these companies. Google has added a "super-trustworthy, anti-phishing  
key" to its email service. Basically, Gmail is requiring that any  
email coming from eBay or PayPal has to originate from their  
respective domains. If the email addresses don't end in "@ebay.com" or  
"@paypal.com," then Gmail rejects the email.

Read the full story here: <http://gmailblog.blogspot.com/2009/07/new-in-labs-super-trustworthy-anti.html 
 >


------------------------------------
5. U.S. CyberCom Approved
------------------------------------

Defense Secretary Robert Gates approved the creation of a unified U.S.  
Cyber Command (CyberCom) to oversee the protection of military  
networks against cyber threats. The decision follows President Barack  
Obama's announcement in May that he will establish a new cyber- 
security office at the White House, whose chief will coordinate all  
government efforts to protect computer networks. CyberCom will operate  
under U.S. Strategic Command for military cyberspace operations.

The proposal to create the new command has been expected for some time  
and is part of an effort to address growing threats to Defense  
Department and Pentagon networks from foreign and domestic threats. As  
part of its mission, CyberCom is also expected to develop a range of  
offensive cyber warfare capabilities.

Read the full story here: <http://www.computerworld.com/s/article/9134744/Defense_Secretary_Gates_approves_creation_of_U.S._Cyber_Command?taxonomyName=networking_and_internet 
 >

or here: <http://online.wsj.com/article/SB124579956278644449.html>


= 
= 
= 
========================================================================

Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB 
 >



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090727/7bbcfc7b/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1846 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090727/7bbcfc7b/attachment.bin

More information about the ist-security-fyi mailing list