[IS&T Security-FYI] SFYI Newsletter, Nov 1, 2010

Monique Yeaton myeaton at MIT.EDU
Mon Nov 1 14:32:01 EDT 2010 

In this issue:

1. IT Partners Luncheon on Data Protection at MIT
2. Risky Trojan Horse for OS X Found
3. Adobe Warns of Flaw in Reader, Acrobat, Flash


----------------------------------------------------------------
1. IT Partners Luncheon on Data Protection at MIT
----------------------------------------------------------------

November 3, 2010, 12pm - 1:30pm, Bush Room 10-105

This lunch time meeting will review the new regulations and laws that  
affect the handling and storing of personal data at MIT and what we  
can and should do to meet compliance. Members of the IT Security  
Systems & Services team, the Department of Undergraduate Education,  
and Procurement will introduce a few technical solutions and a new  
vendor service currently in use in various areas of the Institute and  
talk about how IT administrators and other MIT individuals can do  
their part. Lunch is provided.
Please RVSP: rsvp-itpartners at mit.edu if you plan to attend.


------------------------------------------------
2. Risky Trojan Horse for OS X Found
------------------------------------------------

A new Trojan horse malware that affects Mac OS X has been found called  
"trojan.osx.boonana.a." It is being disguised as a video link and  
distributed through social-networking sites like Facebook. It may have  
the text "Is this you in this video?" in the link. When the link is  
clicked, the Trojan will run a Java applet that will download other  
files to the computer and run an installer automatically.

The Trojan appears to report system information to servers on the  
Internet, which can cause a breach of personal information. The Trojan  
also will attempt to spread itself by sending messages from the user  
account to other people through spam e-mail messages.

As with most Trojans, this will require you to enter your password to  
install the software and make modifications to the system, so be sure  
you never supply your password unless you specifically open an  
installer file and know and trust where that installer came from.

Read the full story: <http://reviews.cnet.com/8301-13727_7-20020892-263.html 
 >


----------------------------------------------------------------
3. Adobe Warns of Flaw in Reader, Acrobat, Flash
----------------------------------------------------------------

A new critical vulnerability is being exploited to attack computers  
running the PDF viewer software, Adobe warned last week. The  
vulnerability is not yet patched.

Systems affected:

Flash Player 10.1.85.3 and earlier versions for Windows, Mac, Linux  
and Solaris
Flash Player 10.1.95.2 and earlier versions for Android
Reader 9.4 and earlier versions for Windows, Mac and Unix
Acrobat 9.4 and earlier versions for Windows and Mac

Earlier in October, the company plugged 23 holes in Reader and  
Acrobat. Adobe is adding sandbox technology designed to add more  
layers of protection in the next version of Adobe Reader, Reader X,  
due out by mid-November.

Read the full story: <http://news.cnet.com/8301-27080_3-20021055-245.html 
 >



Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20101101/92060411/attachment.htm

More information about the ist-security-fyi mailing list