<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">In this issue:<div><br><div apple-content-edited="true"> <span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><span class="Apple-style-span" style="font-size: 12px; "><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;">1. November 2008 Security Updates</span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;">2. MIT Security Awareness Day Presentations Online</span></font></div><div style="font-size: 12px; "><br></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"><br></span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;">----------------------------------------------</span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;">1. November 2008 Security Updates</span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;">----------------------------------------------</span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"><br></span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;">----Microsoft----</span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"><br></span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"> * Microsoft Windows<br> * Microsoft Office XP, 2003, and 2007<br> * Microsoft XML Core Services</span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"><br></span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;">As part of the Microsoft Security Bulletin Summary for November 2008, Microsoft released one critical and one important level patch for the Windows operating system and Office products. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. These patches are now approved for deployment via MIT WAUS.</span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"><br></span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;">According to Network & Infrastructure Services Team at MIT, "The critical patch from this month's release addresses a user based exploit in Microsoft's XML client services. The important level patch addresses a security vulnerability in the SMB protocol. MIT's assessment of this latter patch is to treat it as a critical patch, therefore we have accelerated it's deployment approximately a day ahead of the regular deployment schedule."</span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"><br></span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;">For more information on this update:</span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"><<a href="http://www.microsoft.com/technet/security/bulletin/ms08-nov.mspx">http://www.microsoft.com/technet/security/bulletin/ms08-nov.mspx</a>></span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"><br></span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"><br></span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;">----Adobe Reader and Acrobat Vulnerabilities----</span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"><br></span></font></div><div style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 14px; "> * Adobe Reader version 8.1.2 and earlier</span></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"> * Adobe Acrobat (Professional, 3D, and Standard) version 8.1.2 and earlier</span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"><br></span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;">Adobe has released Security Bulletin APSB08-19 to address multiple vulnerabilities affecting Adobe Reader and Acrobat. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code. An attacker could exploit these vulnerabilities by convincing a user to load a specially crafted Adobe Portable Document Format (PDF) file. Acrobat integrates with popular web browsers, and visiting a website is usually sufficient to cause Acrobat to load PDF content.</span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"><br></span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;">According to the information in Adobe Security bulletin, users with version 8 of Adobe Reader or Acrobat should upgrade to version 8.1.3.</span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"><br></span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;">For more information on this update:</span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"><<a href="http://www.adobe.com/support/security/bulletins/apsb08-19.html">http://www.adobe.com/support/security/bulletins/apsb08-19.html</a>></span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"><br></span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"><br></span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;">----Apple----</span></font></div><div style="font-size: 12px; "><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"><br></span></font></div><div style=""><font class="Apple-style-span" face="Arial" size="4"><span class="Apple-style-span" style="font-size: 14px;"> * Safari for Windows XP, Vista, Mac OS X 10.4.11, Mac OS X 10.5.5</span></font></div><div style=""><font class="Apple-style-span" face="Arial" size="4"><span class="Apple-style-span" style="font-size: 14px;"><br></span></font></div><div style=""><font class="Apple-style-span" face="Arial" size="4"><span class="Apple-style-span" style="font-size: 14px;">Apple released a patch for Safari this week to address multiple vulnerabilities. Users of this browser are recommended to upgrade to Safari 3.2.</span></font></div><div style=""><font class="Apple-style-span" face="Arial" size="4"><span class="Apple-style-span" style="font-size: 14px;"><br></span></font></div><div style=""><font class="Apple-style-span" face="Arial" size="4"><span class="Apple-style-span" style="font-size: 14px;"><span class="Apple-style-span" style="font-family: Helvetica; ">For more information on this update:</span></span></font></div><div style=""><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"><<a href="http://support.apple.com/kb/HT3298">http://support.apple.com/kb/HT3298</a>></span></font></div><div style=""><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"><br></span></font></div><div style=""><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"><br></span></font></div><div style=""><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;">-------------------------------------------------------------------</span></font></div><div style=""><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;">2. MIT Security Awareness Day Presentations Online</span></font></div><div style=""><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;">-------------------------------------------------------------------</span></font></div><div style=""><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"><br></span></font></div><div style=""><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;">The presentations that were given on November 5, MIT Security Awareness Day, are posted online for those who were unable to make it. Topics included Technology Security, Physical Security, and Social Engineering and Phishing.</span></font></div><div style=""><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"><br></span></font></div><div style=""><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"><<a href="http://web.mit.edu/ist/topics/security/campaign2008/securityday.html">http://web.mit.edu/ist/topics/security/campaign2008/securityday.html</a>></span></font></div><div style=""><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px;"><br></span></font></div><div style="font-size: 12px; "><br class="khtml-block-placeholder"></div><div style="font-size: 12px; ">=========================</div><div style="font-size: 12px; ">Monique Yeaton</div><div style="font-size: 12px; ">IT Security Awareness Consultant</div><div style="font-size: 12px; ">MIT Information Services & Technology (IS&T)</div><div style="font-size: 12px; ">(617) 253-2715</div><div style="font-size: 12px; "><a href="http://web.mit.edu/ist/security">http://web.mit.edu/ist/security</a></div></span></div><div><br></div><div><span class="Apple-style-span" style="color: rgb(192, 0, 0); font-family: Arial; font-size: 12px; font-weight: bold; ">---------------------------------------</span></div><div><font class="Apple-style-span" color="#C00000" face="Arial" size="3"><span class="Apple-style-span" style="font-size: 12px; "><b><span class="Apple-style-span" style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-weight: normal; "><div><font class="Apple-style-span" color="#C00000" face="Arial" size="3"><span class="Apple-style-span" style="font-size: 12px; "><b>Important: DO NOT GIVE OUT YOUR PASSWORDS! </b></span></font></div><div><font class="Apple-style-span" color="#C00000" face="Arial" size="3"><span class="Apple-style-span" style="font-size: 12px; "><b>Ignore emails asking you to provide yours. IS&T will *NEVER* ask you for your password. </b></span></font></div></span></b></span></font></div></div></span></div></span></div></span></div></span></div></span></div></span></div></span></div></span></div></span> </div><br></div></body></html>