[IS&T Security-FYI] SFYI Newsletter, February 22, 2010

Mon Feb 22 12:50:56 EST 2010

In this issue:

1. Adobe Issues Out-of-Cycle Update
2. Move Over Confickr, Kneber is Here!
3. Tip of the Week: Website Security

-----------------------------------------------
1. Adobe Issues Out-of-Cycle Update
-----------------------------------------------

Adobe issued an out-of-cycle security update last week for Reader and  
Acrobat. Systems affected:

Adobe Reader 9.3 and earlier versions for Windows, Macintosh, and UNIX
Adobe Acrobat 9.3 and earlier versions for Windows and Macintosh

Version 9.3.1 of the programs addresses a pair of critical  
vulnerabilities. One of the flaws is the same as the vulnerability  
Adobe recently patched in Flash; it could allow unauthorized cross- 
domain requests. The other flaw could be exploited to crash vulnerable  
computers and possible allow attackers to gain control of the machines.

Adobe has also released version 8.2.1 to address the vulnerabilities  
for users who are unable to update to version 9.x.

Read more here:
http://www.adobe.com/support/security/bulletins/apsb10-07.html

[Source: SANS]

--------------------------------------------------
2. Move Over Confickr, Kneber is Here!
--------------------------------------------------

Remember the Confickr worm, the worm that was to take over the cyber  
world last April? Well, a new threat is here. ("Actually it's not so  
new," says a Symantec spokesperson. "Kneber is the same as the ZeuS  
bot, which Symantec has been monitoring for a while now.")

The Kneber botnet [http://en.wikipedia.org/wiki/Botnet] has reportedly  
breached nearly 75,000 computers at 374 US companies and government  
organizations, with the goal of harvesting login credentials for  
online financial accounts, social networking sites, and email systems.  
The compromised systems include those at some commercial enterprises  
such as Merck (a pharmaceutical company) and Paramount Pictures.

Computers with up-to-date security software should already be  
protected from this threat, but users should not depend on malware  
protection alone. "There are 'less technical ways' to detect the  
botnet," Johannes Ullrich, chief research officer for the SANS  
Institute, says. "For example, the bot may inject additional pages  
into online banking login screens. If the user is all of a sudden  
asked for a secret question, Social Security number or other unusual  
items during the login process, abort the login, and call your bank or  
try the login from another computer."

Read the full story here:
http://www.msnbc.msn.com/id/35456838/ns/technology_and_science-security/
http://www.computerworld.com/s/article/9158778/Kneber_botnet_hit_374_U.S._firms_gov_t_agencies

----------------------------------------------
3. Tip of the Week: Website Security
----------------------------------------------

If your browser questions a website's security, stop, think, and verify.

When visiting the "https" secure sites of banks and online shopping  
retailers, you may see an onscreen warning, such as "There is a  
problem with the website's security certificate" or "Secure Connection  
Failed." Don't just click to continue or to make an exception. The  
warning may only indicate that there is a harmless temporary problem  
with the site or with the network. But it can also mean that the site  
is bogus or has been compromised by hackers, and someone is listening  
in on your conversation with your bank or retailer.

Be smart. Contact your bank or retailer by phone to find out if they  
know about a problem with their website or the network. Don't be the  
next victim of fraud.

= 
= 
= 
========================================================================

Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB 
 >

Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS, SSN, OR OTHER PERSONAL  
INFORMATION!
Ignore emails asking you to provide yours. MIT will *NEVER* ask you  
for this information through email.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100222/1c7d438d/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1846 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100222/1c7d438d/attachment.bin