[IS&T Security-FYI] SFYI Newsletter, July 27, 2009
Monique Yeaton
myeaton at MIT.EDU
Mon Jul 27 16:47:47 EDT 2009
In this issue:
1. Flaw Found in Adobe Products
2. Microsoft Releasing Out-of-Band Bulletins
3. Who is Replying to Spam?
4. GMail's Anti-Phishing Key
5. U.S. CyberCom Approved
------------------------------------------
1. Flaw Found in Adobe Products
------------------------------------------
Adobe plans to patch a critical vulnerability in Flash, Reader and
Acrobat this week. The patches for Flash are scheduled to be available
by July 30 and patches for Reader and Acrobat on July 31. The flaw is
already being exploited.
Systems affected:
* Adobe Flash Player 10.0.22.87 and earlier 10.x versions
* Adobe Flash Player 9.0.159.0 and earlier 9.x versions
* Adobe Reader and Acrobat 9.1.2 and earlier 9.x versions
Read the full story here: <http://voices.washingtonpost.com/securityfix/2009/07/attackers_target_new_adobe_fla.html
>
--------------------------------------------------------
2. Microsoft Releasing Out-of-Band Bulletins
--------------------------------------------------------
Microsoft has sent advance notification of two out-of-band security
bulletins that the company is intending to release on July 28, 2009.
One bulletin will be for the Microsoft Visual Studio product line;
application developers should be aware of updates available affecting
certain types of applications.
The second bulletin contains defense-in-depth changes to Internet
Explorer to address attack vectors related to the Visual Studio
bulletin, as well as fixes for unrelated vulnerabilities that are
rated Critical.
Read the notification in full here: <http://www.microsoft.com/technet/security/bulletin/ms09-jul-ans.mspx
>
------------------------------------
3. Who is Replying to Spam?
------------------------------------
The anti-spam group MAAWG did a survey on consumer email behavior and
security awareness. MAAWG is the Messaging Anti-Abuse Working Group (www.maawg.org
). The survey showed that almost a third of consumers admitted to
responding to a message they suspected might be spam and about 80
percent of users doubted their computers were at risk of ever being
infected with a "bot," which is a covertly planted virus capable of
sending spam or causing other damage without the user's knowledge.
The report "A Look at Consumers' Awareness of Email Security and
Practices" (available as download from their website) is based on 800
interviews with computer users in the U.S. and Canada who said they
were not security experts and who used email addresses that were not
managed by a professional IT department. The survey also found that
about two-thirds of the respondents considered themselves "very" or
"somewhat" knowledgeable in Internet security. However, 21 percent
said they take no action to prevent abusive messages from entering
their inbox.
Read the full story here: <http://www.maawg.org/news/maawg090715>
MIT has a spam filter for incoming mail. Learn more about the new Spam
Quarantine service here:
<http://ist.mit.edu/news/spamquarantine>
------------------------------------
4. GMail's Anti-Phishing Key
------------------------------------
If you use Gmail (and I'm not suggesting or recommending that you do
or don't), and are a heavy user of either eBay or PayPal, you may have
some extra protection from phishing scams targeting customers of
these companies. Google has added a "super-trustworthy, anti-phishing
key" to its email service. Basically, Gmail is requiring that any
email coming from eBay or PayPal has to originate from their
respective domains. If the email addresses don't end in "@ebay.com" or
"@paypal.com," then Gmail rejects the email.
Read the full story here: <http://gmailblog.blogspot.com/2009/07/new-in-labs-super-trustworthy-anti.html
>
------------------------------------
5. U.S. CyberCom Approved
------------------------------------
Defense Secretary Robert Gates approved the creation of a unified U.S.
Cyber Command (CyberCom) to oversee the protection of military
networks against cyber threats. The decision follows President Barack
Obama's announcement in May that he will establish a new cyber-
security office at the White House, whose chief will coordinate all
government efforts to protect computer networks. CyberCom will operate
under U.S. Strategic Command for military cyberspace operations.
The proposal to create the new command has been expected for some time
and is part of an effort to address growing threats to Defense
Department and Pentagon networks from foreign and domestic threats. As
part of its mission, CyberCom is also expected to develop a range of
offensive cyber warfare capabilities.
Read the full story here: <http://www.computerworld.com/s/article/9134744/Defense_Secretary_Gates_approves_creation_of_U.S._Cyber_Command?taxonomyName=networking_and_internet
>
or here: <http://online.wsj.com/article/SB124579956278644449.html>
=
=
=
========================================================================
Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090727/7bbcfc7b/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1846 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090727/7bbcfc7b/attachment.bin
More information about the ist-security-fyi
mailing list