[IS&T Security-FYI] SFYI Newsletter, May 8, 2009
Monique Yeaton
myeaton at MIT.EDU
Fri May 8 12:57:11 EDT 2009
In this issue:
1. Updated Browsers More Secure
2. Adobe Patch Coming Soon for Zero-Day Flaw
3. Pirated Windows 7 Release Candidate Contains Trojan
--------------------------------------------
1. Updated Browsers More Secure
--------------------------------------------
When was the last time you updated your browser? Does this happen
automatically, or do you need to install the update manually?
In a study conducted by Thomas Duebendorfer of Google Switzerland and
Stefan Frei of the Swiss Federal Institute of Technology, statistics
show how updating browsers more frequently and automatically makes for
safer browsing.
Chrome, Google's browser, updates without asking the user every 5
hours. Compared to other browsers, such as Firefox, Safari, Opera and
Internet Explorer, Google Chrome's update policy is set to occur the
most frequent.
Why is frequent and automatic updates considered a good thing? Aside
from the obvious bias the researchers had when conducting the study,
it showed that 97% of Chrome users had the most current version of
their browser, compared to 85% of Firefox users, 53% of Safari users,
and 24% of Opera users. Browsers that have not been updated with
security patches remain vulnerable to the latest cyber threats.
The researchers conclude their study by encouraging browser makers to
adopt the Chrome silent update mechanism.
Read the full story:
<http://www.informationweek.com/news/internet/security/showArticle.jhtml?articleID=217300466
>
-------------------------------------------------------------
2. Adobe Patch Coming Soon for Zero-Day Flaw
-------------------------------------------------------------
Adobe plans to push out a patch on May 12th to address a zero-day flaw
in Acrobat and Reader that could be exploited to create denial of
service conditions or execute arbitrary code. Adobe will issue fixes
for Reader and Acrobat versions 7, 8 and 9 for Windows and for
versions 8 and 9 for Mac and Unix. Adobe has also acknowledged a
second flaw in Reader for Unix that will be fixed in forthcoming Adobe
Reader for Unix updates.
Until the fixes are available, Adobe recommends disabling JavaScript
in both Reader and Acrobat by using the following instructions:
1. Launch Acrobat or Adobe Reader
2. Select Edit > Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK
Adobe Security Bulletins CVE-2009-1492 and CVE-2009-1493
<http://www.adobe.com/support/security/advisories/apsa09-02.html>
Full story:
<http://www.eweek.com/c/a/Security/Adobe-Preps-Patch-for-Zeroday-Vulnerability-366529/
>
[Article source: SANS]
-------------------------------------------------------------------------
3. Pirated Windows 7 Release Candidate Contains Trojan
-------------------------------------------------------------------------
Reports are circulating that pirated versions of Windows 7 Release
Candidate (RC) available on file sharing sites contain malware. The
malware has been identified by one user as the Falder Trojan horse
program, which plants scareware on PCs and uses a rootkit to evade
detection by real antivirus packages.
Microsoft released Windows 7 RC on Tuesday, May 5. Earlier this year,
pirated copies of Apple's iWork '09 were found to contain malware that
took control of Macs.
It is recommended to always download software (even pre-lease software
like Windows 7 RC) from trustworthy sources, such as the company's
official download page, and not from file sharing sites. In addition,
it is not advisable to test pre-release software on your primary or
business computer, but on a virtual or other test computer.
Read the full story:
<http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9132522
>
[Article source: SANS]
=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090508/b51c0310/attachment.htm
More information about the ist-security-fyi
mailing list