[IS&T Security-FYI] SFYI Newsletter, September 13, 2010

Mon Sep 13 12:17:32 EDT 2010

Welcome (back) to MIT!

In this issue:

1. Laptop Theft on Campus
2. Microsoft Security Updates for September 2010
3. Zero Day Exploit in Adobe Reader/Acrobat
4. New Mass-Mailing Worm Detected

-----------------------------------
1. Laptop Theft on Campus 
-----------------------------------

Five instances of laptop theft have been reported to MIT Police since August 16. All of these incidents occurred in MIT campus residences, with the laptops removed from rooms that were left open or unlocked.

Laptop theft can lead to not just inconvenience for the owner but also access to his or her personal information by criminals. Additionally, a substantial data breach could occur, depending on the amount and type of information the computer contains. For example, earlier this month a laptop that contained 7,000 student Social Security numbers was stolen from a college campus in New York City. 

Costs associated with computer theft range from that of replacing the hardware and software to potentially millions of dollars for forensics, remediation for identity theft, and reputation management. The average cost of a data breach incident in the U.S. is $6.75 million.

Suggestions:

Keep your doors locked. If you live in a campus residence, that includes locking the door to your room. 

If someone who you don't recognize follows you into a residence or office building, ask the front desk worker to call MIT Police. The police would much rather respond and find that there is nothing wrong than not prevent a theft from occurring.

Register your laptop computer with the MIT Police by attending the next Security Tracking of Office Property (STOP) tagging sessions; they are held on Monday, September 20 and Wednesday, September 22 from 11:30 am – 1:00 pm in Lobby 10. There is a $10 cash fee for this loss prevention measure. (Departments can use a cost object code.)

Safety starts with you! If you see something, say something – call the MIT Police at 617.253.1212.

STOP Tagging details: <http://ist.mit.edu/security/loss/deterrents>

---------------------------------------------------------------
2. Microsoft Security Updates for September 2010
---------------------------------------------------------------

On Tuesday, September 14, 2010, Microsoft will issue nine security bulletins to address 34 vulnerabilities in various software. Four of the bulletins are rated critical.

Systems affected:

Microsoft Windows (XP, Vista and 7)
Microsoft Windows Server (2003, 2008 and 2008 R2)
Microsoft Office (XP, 2003 and 2007)

Flaws could be exploited to allow remote code execution or privilege elevation. It is possible that some of the bulletins will address the DLL hijacking threat covered in the August 30 issue of this newsletter.

Read the full bulletin:
<http://www.microsoft.com/technet/security/bulletin/ms10-sep.mspx>

---------------------------------------------------------
3. Zero Day Exploit in Adobe Reader/Acrobat
---------------------------------------------------------

Another zero day flaw has been found in Adobe Reader and Acrobat products versions 9.3.4 and earlier. A previously reported zero day flaw was fixed in early August with the release of 9.3.4. 

According to the advisory, this critical vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of the public exploit code and the next scheduled patch date is October 13, however an emergency patch may be released earlier. In August the company pledged to provide a security sandbox to the next major upgrade of Reader.

In the meantime, the advice is to disable JavaScript, but this appears to only be a temporary measure. 

Read the security advisory: 
<http://www.adobe.com/support/security/advisories/apsa10-02.html>

Read the story in the news:
<http://www.digitaltrends.com/computing/adobe-acrobat-and-reader-under-attack-with-a-zero-day-exploit/>

-----------------------------------------------
4. New Mass-Mailing Worm Detected
-----------------------------------------------

[Article source: SANS.org]
There are reports that a new mass-mailing worm is spreading.  The worm spreads through email messages with the subject line "Here you have;" the body of the message includes a link that appears to lead to a PDF file, but instead leads to a malicious executable file.  For users' machines to become infected, they must agree to install what claims to be a screensaver, but is actually the worm, which tries to disable security software and then sends itself to everyone in the infected computer's email contact list.  The worm is the first wide-spread infection of this type in nearly a decade.

TIP: Never click on attachments in emails coming from dubious sources.

Read the story in the news:
<http://www.computerworld.com/s/article/9184438/_Here_you_have_e_mail_worm_spreads_quickly>

===========================================================================

Find current and older issues of Security FYI Newsletter in Hermes at <http://kb.mit.edu/confluence/x/ehBB> or by visiting the Security FYI Blog at <http://securityfyi.wordpress.com/>

Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100913/d4b86f6a/attachment.htm