[IS&T Security-FYI] SFYI Newsletter, March 20, 2009
Monique Yeaton
myeaton at MIT.EDU
Fri Mar 20 15:56:50 EDT 2009
HAPPY SPRING!
In this issue:
1. Adobe Reader and Acrobat Updated
2. Hacker Playtime is Over
3. IE 8 Released... Promises to be Faster, Easier, Safer
-------------------------------------------------
1. Adobe Reader and Acrobat Updated
-------------------------------------------------
Two weeks ago, Adobe announced that a critical vulnerability was
identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This
vulnerability would cause the application to crash and could
potentially allow an attacker to take control of the affected system.
There were reports that the issue was being exploited.
Adobe released patches for all products on March 18 to resolve this
security issue.
Adobe recommends users of Adobe Reader and Acrobat 9 update to Adobe
Reader 9.1 and Acrobat 9.1.
Adobe recommends users of Acrobat 8 update to Acrobat 8.1.4, and users
of Acrobat 7 update to Acrobat 7.1.1.
For Adobe Reader users who can’t update to Adobe Reader 9.1, Adobe has
provided the Adobe Reader 8.1.4 and Adobe Reader 7.1.1 updates.
Adobe plans to make available Adobe Reader 9.1 for Unix by March 24.
You can download the updates either through the application's Help
menu -> updates or from the Adobe site here: <http://get.adobe.com/reader/
>
For more information, please refer to Security Bulletin APSB09-04 and
Security Bulletin APSB09-03.
----------------------------------
2. Hacker Playtime is Over
----------------------------------
Over the past few years, the cyber threat space has slowly been
changing. What used to be a mere irritation caused by computer
aficionados who had nothing better to do with their time, has become a
costly and dangerous threat. The attacks being carried out come from
organized and highly-talented people who are not loners committing
independent attacks from their basements, but are instead working
together in cartels or legitimate businesses with the purpose of
making substantial incomes. Some of them are employed by software
development companies who make a living distributing software that
installs worms or other viruses onto your system.
The increase in attacks has climbed to unprecedented heights. In 2007,
malware attacks equaled the combined total of the previous 20 years.
Massive profits are fueling this change in behavior. Currently the
profits from cyber crime are more lucrative than from drug
trafficking. We're talking hundreds of billions of dollars. As a
recent Washington Post article stated, the hackers are "generating six-
figure paychecks each month by tricking unknowing computer users into
installing rogue anti-virus and security products."
Being aware of what you do online and being discerning about what you
click on, will help you go a long way in keeping yourself safe from
any virus or scam. If using a Windows machine, it is safer to run it
in "guest" mode, than to be logged on as an administrator, to prevent
harm to the computer's kernel. Also, keep an eye on children using the
home computer and tell them about the dangers of downloading "free"
programs. And last but not least, never run the computer without an
updated anti-virus or anti-spyware/adware program running on it.
If you do suspect your computer has been compromised by a virus/worm/
trojan, you need to restore it to "Factory State" to be sure it is
clean. This will be fairly easy to do if you follow 2 basic rules:
1. Regularly back up or save all your documents, pictures, music, etc,
to an external drive or with the TSM backup service available at MIT.
2. Save all the CD's/DVDs and serial numbers/license keys of your
software. You can save the physical media, but you can also back this
up on an external drive.
Read the full story here:
<http://voices.washingtonpost.com/securityfix/2009/03/obscene_profits_fuel_rogue_ant.html
>
and here:
<http://voices.washingtonpost.com/securityfix/2009/03/antivirus2009_holds_victims_do.html
>
----------------------------------------------------------------------
3. IE 8 Released... Promises to be Faster, Easier, Safer
----------------------------------------------------------------------
In a February issue of this newsletter, I listed the new security
features added to Internet Explorer 8, which was then still in Beta.
Yesterday the browser was released by Microsoft.
IS&T is not recommending or supporting the new browser at this time,
due to some compatibility issues with existing software, MIT supported
applications, and web sites. You may want to wait until IS&T has
announced full support of IE8 before adopting the new browser. A
notice about the department's recommendations regarding IE8 is being
released this afternoon. If you miss the notice, or would like to
share any issues you find with the browser, please contact the release
team at <ie-release at mit.edu>.
If you missed the February issue or would like to review the new
features, you can find them at: <http://www.microsoft.com/windows/internet-explorer/
>
Boston.com's review of the new features:
<http://www.boston.com/business/technology/articles/2009/03/19/microsoft_adds_shortcuts_security_to_new_browser/
>
=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security
---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you
for your password.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090320/32a679da/attachment.htm
More information about the ist-security-fyi
mailing list