[IS&T Security-FYI] SFYI Newsletter, February 19, 2013

Tue Feb 19 14:17:37 EST 2013

In this issue:

1. Adobe Updates Various Plug-Ins

2. McAfee's Code-Signing Problem with Mac OS X

3. How To Verify the Source of an Email

-----------------------------------------------

1. Adobe Updates Various Plug-Ins

-----------------------------------------------

Adobe has released updates to address multiple vulnerabilities in both Windows and Mac platforms.

Systems affected:

  *   Adobe Flash Player 11.5 and earlier
  *   Adobe AIR 3.5 and earlier
  *   Adobe Shockwave Player 11.6 and earlier

Adobe recommends that users of these products apply the updates. A remote unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page<http://www.adobe.com/software/flash/about/>. Do this for each browser you use. Google Chrome automatically updates when new versions of Flash Player are available.

See the full security bulletins regarding Adobe Flash Player<https://www.adobe.com/support/security/bulletins/apsb13-05.html> and Adobe Shockwave Player<https://www.adobe.com/support/security/bulletins/apsb13-06.html> for more details and how to update to the newest versions.

-----------------------------------------------------------------

2. McAfee's Code-Signing Problem with Mac OS X

-----------------------------------------------------------------

Last week, McAfee accidentally revoked the digital key<http://arstechnica.com/security/2013/02/a-world-of-hurt-after-mcafee-mistakenly-revokes-key-for-signing-mac-apps/> the company uses to certify applications that run on Apple's Mac OS X platform. The incident caused problems for customers who wanted to install or upgrade their Mac antivirus products.

If you have been attempting to install or upgrade McAfee Security for Mac, you may have noticed that the application was blocked from running on the system. Temporarily disabling Gatekeeper did not allow installation to proceed.

Luckily, McAfee engineers resolved the issue and have provided an updated binary of McAfee Security 1.2 for Mac. The new installer is available on the IS&T Software Grid<http://ist.mit.edu/software-hardware?type=16>.

The latest information on the issue is posted here<http://kb.mit.edu/confluence/x/7qgBCQ>.

-----------------------------------------------------

3. How To Verify the Source of an Email

-----------------------------------------------------

If you are ever in doubt whether an email you received originated from the place it claims to be from, try this: verify the information by reading the full headers of an email.

Email headers (also called "full headers<http://kb.mit.edu/confluence/display/istcontrib/Forwarding+Full+Mail+Headers>") are the details that show the path the message took to reach your inbox. Details such as dates, times, mail servers it passed through and even the originating email address are included.

I am sure you have seen questionable emails that claim to come from the MIT Email Team or a System Administration team in IS&T. You have also likely received many emails that claim to come from a business, such as Fed Ex or a bank. Sometimes they can really fool you; even the "from" address makes it look like these emails are legitimate.

But wait! Before clicking on any links within these emails or replying to the sender, check the header. This article<http://kb.mit.edu/confluence/display/istcontrib/How+to+verify+if+an+email+originated+from+someone+at+MIT> shows you how easy it is to find out who the real sender of an email is by reading the information contained within the header.

===================================================================================

Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.

===================================================================================

Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20130219/7d7d8001/attachment.htm