[IS&T Security-FYI] SFYI Newsletter, March 20, 2009

Monique Yeaton myeaton at MIT.EDU
Fri Mar 20 15:56:50 EDT 2009 

HAPPY SPRING!

In this issue:

1. Adobe Reader and Acrobat Updated
2. Hacker Playtime is Over
3. IE 8 Released... Promises to be Faster, Easier, Safer


-------------------------------------------------
1. Adobe Reader and Acrobat Updated
-------------------------------------------------

Two weeks ago, Adobe announced that a critical vulnerability was  
identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This  
vulnerability would cause the application to crash and could  
potentially allow an attacker to take control of the affected system.  
There were reports that the issue was being exploited.

Adobe released patches for all products on March 18 to resolve this  
security issue.

Adobe recommends users of Adobe Reader and Acrobat 9 update to Adobe  
Reader 9.1 and Acrobat 9.1.

Adobe recommends users of Acrobat 8 update to Acrobat 8.1.4, and users  
of Acrobat 7 update to Acrobat 7.1.1.

For Adobe Reader users who can’t update to Adobe Reader 9.1, Adobe has  
provided the Adobe Reader 8.1.4 and Adobe Reader 7.1.1 updates.

Adobe plans to make available Adobe Reader 9.1 for Unix by March 24.

You can download the updates either through the application's Help  
menu -> updates or from the Adobe site here: <http://get.adobe.com/reader/ 
 >
For more information, please refer to Security Bulletin APSB09-04 and  
Security Bulletin APSB09-03.


----------------------------------
2. Hacker Playtime is Over
----------------------------------

Over the past few years, the cyber threat space has slowly been  
changing. What used to be a mere irritation caused by computer  
aficionados who had nothing better to do with their time, has become a  
costly and dangerous threat. The attacks being carried out come from  
organized and highly-talented people who are not loners committing  
independent attacks from their basements, but are instead working  
together in cartels or legitimate businesses with the purpose of  
making substantial incomes. Some of them are employed by software  
development companies who make a living distributing software that  
installs worms or other viruses onto your system.

The increase in attacks has climbed to unprecedented heights. In 2007,  
malware attacks equaled the combined total of the previous 20 years.

Massive profits are fueling this change in behavior. Currently the  
profits from cyber crime are more lucrative than from drug  
trafficking. We're talking hundreds of billions of dollars. As a  
recent Washington Post article stated, the hackers are "generating six- 
figure paychecks each month by tricking unknowing computer users into  
installing rogue anti-virus and security products."

Being aware of what you do online and being discerning about what you  
click on, will help you go a long way in keeping yourself safe from  
any virus or scam. If using a Windows machine, it is safer to run it  
in "guest" mode, than to be logged on as an administrator, to prevent  
harm to the computer's kernel. Also, keep an eye on children using the  
home computer and tell them about the dangers of downloading "free"  
programs. And last but not least, never run the computer without an  
updated anti-virus or anti-spyware/adware program running on it.

If you do suspect your computer has been compromised by a virus/worm/ 
trojan, you need to restore it to "Factory State" to be sure it is  
clean. This will be fairly easy to do if you follow 2 basic rules:

1. Regularly back up or save all your documents, pictures, music, etc,  
to an external drive or with the TSM backup service available at MIT.

2. Save all the CD's/DVDs and serial numbers/license keys of your  
software. You can save the physical media, but you can also back this  
up on an external drive.

Read the full story here:
<http://voices.washingtonpost.com/securityfix/2009/03/obscene_profits_fuel_rogue_ant.html 
 >

and here:
<http://voices.washingtonpost.com/securityfix/2009/03/antivirus2009_holds_victims_do.html 
 >


----------------------------------------------------------------------
3. IE 8 Released... Promises to be Faster, Easier, Safer
----------------------------------------------------------------------

In a February issue of this newsletter, I listed the new security  
features added to Internet Explorer 8, which was then still in Beta.  
Yesterday the browser was released by Microsoft.

IS&T is not recommending or supporting the new browser at this time,  
due to some compatibility issues with existing software, MIT supported  
applications, and web sites. You may want to wait until IS&T has  
announced full support of IE8 before adopting the new browser. A  
notice about the department's recommendations regarding IE8 is being  
released this afternoon. If you miss the notice, or would like to  
share any issues you find with the browser, please contact the release  
team at <ie-release at mit.edu>.

If you missed the February issue or would like to review the new  
features, you can find them at: <http://www.microsoft.com/windows/internet-explorer/ 
 >

Boston.com's review of the new features:
<http://www.boston.com/business/technology/articles/2009/03/19/microsoft_adds_shortcuts_security_to_new_browser/ 
 >


=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security

---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you  
for your password.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090320/32a679da/attachment.htm

More information about the ist-security-fyi mailing list