[IS&T Security-FYI] SFYI Newsletter, July 26, 2010

Mon Jul 26 13:41:14 EDT 2010

In this issue:

1. Mozilla Updates Firefox and Thunderbird
2. Microsoft Announces Windows Shortcut Flaw
3. Default Router Login Settings Keep Networks Vulnerable
4. Tips for Safer Facebook Use

-------------------------------------------------------
1. Mozilla Updates Firefox and Thunderbird
-------------------------------------------------------

Mozilla has pushed out an updated version of its Firefox browser to fix 16 security holes, including nine that have been rated critical. Firefox 3.6 also includes changes to improve stability.  Mozilla plans to release another Firefox update following the Black Hat conference to fix any flaws divulged there.

The story in the news: <http://www.computerworld.com/s/article/9179504/>

------------------------------------------------------------
2. Microsoft Announces Windows Shortcut Flaw
------------------------------------------------------------

Microsoft released an advisory about a week ago regarding a zero day flaw in the Windows shell that is present in every supported version of Windows. The flaw can infect a fully patched Windows machine if the user were to view the contents of an infected USB drive with a common file manager such as Windows Explorer which can display shortcut icons. 

A fix for the flaw has not yet been released. The advisory includes a few work arounds but they are not very intuitive for your average user. 

The Microsoft Security Advisory: <http://www.microsoft.com/technet/security/advisory/2286198.mspx>

The story in the news: <http://www.computerworld.com/s/article/9179358/>

---------------------------------------------------------------------------
3. Default Router Login Settings Keep Networks Vulnerable
---------------------------------------------------------------------------

It may seem obvious to some, but changing the default password of home routers is the single most important thing you can do to prevent an attack on your home's network. 

According to a recent Forbes report, an exploit could easily be created to hack most Linksys, Dell, Verizon Fios or DSL routers. The exploit could allow attackers to hijack the routers to steal information or redirect the user's browsing, according to the report. The method of attack still requires the attacker to compromise the victim's router after gaining access to his or her network. But that can be accomplished by using a vulnerability in the device's software or by simply trying the default login password. Only a tiny fraction of users actually change their login settings.

Read the full story: <http://darkreading.com/authentication/security/vulnerabilities/showArticle.jhtml?articleID=225900016>

---------------------------------------
4. Tips for Safer Facebook Use
---------------------------------------

Nearly half a billion people use Facebook, making it a target for criticism, controversy, curiosity as well as a place for hackers, crackers, spammers and scammers to do their evil best. 

These tips come from a recent SANS newsletter and address specifically Facebook and safety issues:

Assume that your personal information is visible to anyone, not just your friends
To prevent identity theft, do not display your full birth date, show just the month and day or leave it blank
To protect children, do not add their names to photos or comments
Do not mention being away from home, leave vacation plans vague
Restrict searches for your information, and find out what options are available for restricting public searches. At minimum, you should be able to prevent your information from being searched by anyone other than your friends
Supervise your children under age 13 using social networks, possibly become one of their online friends
Think twice about who to allow to become an online friend, and find out if you can remove a friend if you change your mind about them or discover they're not who they claim to be
Use an up to date web browser and have comprehensive anti-virus software on your computer as well as an enabled firewall
Adjust your privacy settings to protect your identity, understand how to use them and be aware they change over time
Make a cut-down version of your profile available to everyone, reveal the rest only to people you trust
Disable options and add them one by one and turn off unfamiliar settings until you understand, need or want them
Understand what happens when you close your account; must you submit a delete request and does it come with gotchas such as photos remaining on their server?

===========================================================================

Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB>

Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100726/f6de91c8/attachment.htm