[IS&T Security-FYI] SFYI Newsletter, June 20, 2011
Monique Yeaton
myeaton at MIT.EDU
Mon Jun 20 15:29:06 EDT 2011
In this issue:
1. Adobe Patches Reader, Acrobat, Shockwave Player and Flash
2. Protecting Medical Implants from Attack
3. Reminder to Change Your Kerberos Password
----------------------------------------------------------------------------------
1. Adobe Patches Reader, Acrobat, Shockwave Player and Flash
----------------------------------------------------------------------------------
Last week this newsletter mentioned the patch released for Flash. Since then Adobe has also released patches for Reader and Acrobat to address a vulnerability that could be exploited by convincing a user to open a specially crafted PDF file. The company also fixed the Shockwave Player.
The vulnerability could allow a remote attack to execute arbitrary code, write arbitrary files or folders to the file system, escalate local privileges, or cause a denial of service on an affected system.
Systems affected:
* Reader and Acrobat 9.3.4, earlier 9.x versions, 8.2.6, and earlier 8.x versions
* Reader X and Acrobat X 10.0.3, 10.0.1, and earlier 10.x versions
* Shockwave Player 11.5.9.620 and earlier versions
* Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris
* Flash Player 10.3.185.23 and earlier versions for Android
Users are encouraged to allow the patches to download when notified via the Adobe Update Manager.
Read the security bulletins:
<http://www.adobe.com/support/security/bulletins/apsb11-16.html>
<http://www.adobe.com/support/security/bulletins/apsb11-18.html>
<http://www.adobe.com/support/security/bulletins/apsb11-17.html>
------------------------------------------------------
2. Protecting Medical Implants from Attack
------------------------------------------------------
The MIT News Office published an article last week that discusses a new system designed by MIT and UMass Amherst researchers that prevents attacks on implantable medical devices. I found the story quite interesting, and could only imagine a future scenario of death by wireless medical device. This is a great example of technology that vastly improves our lives and yet also can put us at risk if used maliciously.
You can read the full article here:
<http://web.mit.edu/newsoffice/2011/protecting-medical-implants-0613.html>
--------------------------------------------------------------
3. Reminder to Change Your Kerberos Password
--------------------------------------------------------------
It's about that time of year to renew our personal web certificates (which expire the end of July) and at the same time to refresh our Kerberos password if it's been over a year since it was last updated.
Why change your password? Password strength requirements change as password cracking methods become more technologically advanced. While a 6-character password used to be considered strong enough a few years ago, today the recommendation is 8 characters and longer. Complexity is also a factor: using 3 different types of characters (upper case and lower case letters plus special characters) is better than just using one or two different types.
Password complexity and length does add one large risk: being able to remember it becomes more difficult. Especially since we often have more than one password we need to remember, it's becoming a challenge to keep track of them without the need to write them down.
I have found a great solution is a password vault that encrypts all my passwords, right on my computer. One master password is needed to gain access to them. LastPass is one such service which I have used for over a year now and can't imagine living without. It is free and easy to use: <http://lastpass.com/>. Other options are KeePass and Password Safe (both free open source password managers). You can find others if you search your browser on the terms "password manager" or "password vault."
How to change your Kerberos password: <https://ca.mit.edu/ca/cpw>
====================================================================
Read all Security FYI Newsletter articles online at http://securityfyi.wordpress.com/.
====================================================================
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20110620/adde0b10/attachment.htm
More information about the ist-security-fyi
mailing list