[IS&T Security-FYI] SFYI Newsletter, November 12, 2013

Tue Nov 12 15:34:56 EST 2013

In this issue:

1. November 2013 Security Updates from Microsoft

2. Follow Up to Adobe Network Breach

3. Securing the Human’s Video of the Month: Encryption

--------------------------------------------------------------------

1. November 2013 Security Updates from Microsoft

--------------------------------------------------------------------

Today, Tuesday November 12, Microsoft is releasing eight new security bulletins<http://technet.microsoft.com/en-us/security/bulletin/ms13-nov>. Three of the bulletins are rated critical. Systems affected:

  *   Internet Explorer
  *   Windows
  *   Office
  *   Outlook

It is recommended to accept the updates. MIT WAUS subscribers will receive the updates after they have been tested for compatibility. Installing the bulletins manually will require a restart.

The bulletins will not include a fix for the zero-day threat to Windows<http://nakedsecurity.sophos.com/2013/11/06/microsoft-warns-windows-users-of-zero-day-danger-from-booby-trapped-image-files/>. Apparently there is a hole through which criminals can get control of your computer. The flaw is in the way applications handle specially-crafted image files.

Although there is no patch, Microsoft has published a “Fix it tool<https://support.microsoft.com/kb/2896666>” that will render your computer immune to this type of attack.

---------------------------------------------------

2. Follow Up to Adobe Network Breach

---------------------------------------------------

Last month this newsletter announced that the Adobe network had been attacked<http://securityfyi.wordpress.com/2013/10/08/adobe-network-attacked/>.

On October 3rd of 2013 hackers broke into Adobe network and stole source code for a range of products, including ColdFusion and Acrobat family of products. The breach also affected what was at that time estimated to be 2.9 million users but later was revised to include at least 38 million users. Adobe said hackers had stolen nearly 3 million encrypted customer credit card records, as well as login data for an undetermined number of Adobe user accounts.

The breach happened in early October but the stolen accounts were not published on the web until early November. The published data includes 10s of millions of accounts with IDs, email addresses, encrypted passwords and more. (Read the full follow-up story.<http://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/>)

If you haven’t done so already, please update the password for your adobe.com account immediately. As an additional precaution, make sure you change any accounts using the same password as your adobe.com account.

If you use a tool such as LastPass<https://lastpass.com/> for password management, here is an additional tip: The LastPass Security Challenge, located in the Tools menu of the LastPass add-on, will help find any other accounts using the same password as the leaked account. Go to the plug-in > Tools > Security Check.

[Source: LastPass.com]

--------------------------------------------------------------------------

3. Securing the Human’s Video of the Month: Encryption

---------------------------------------------------------------------------

To raise awareness, each month SANS offers free access to its Securing the Human training videos. This month’s video is on encryption, one of the key methods to securing data, yet many people do not understand what it is or how it works. It takes less than 2 minutes to watch the video<http://www.securingthehuman.org/resources/ncsam>.

If you have extra time, watch a full range of the Securing the Human videos within the MIT Learning Center. <http://kb.mit.edu/confluence/x/bB4YCQ>

===================================================================================

Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.

===================================================================================

Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20131112/41381f1f/attachment.htm