<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">In this issue:</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">1. October 2009 Security Patches</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">2. FBI Rounds Up Phishing Criminals</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">3. Microsoft Blocks Hacked Hotmail Accounts</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">4. Is Phishing Really Declining?</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">-------------------------------------------</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">1. October 2009 Security Patches</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">-------------------------------------------</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; "> ---- Microsoft ----</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Systems affected:</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div>
<ul style="list-style-type: disc">
<li style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Microsoft Office</li>
<li style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Internet Explorer</li>
<li style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">SQL Server</li>
<li style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Windows and Windows Server (all supported versions)</li>
<li style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Various Developer Tools and Software</li>
<li style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Forefront Security</li>
</ul><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">According to its Security Bulletin Advance Notification for October 2009, Microsoft plans to release 13 security bulletins on Tuesday, October 13 (today) to address various vulnerabilities. Eight of the bulletins are rated critical, five are rated important. This is the largest number of bulletins Microsoft has issued at one time since it began its scheduled monthly security updates.</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">For details:</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; color: rgb(33, 81, 170); "><span style="color: #000000"><</span><span style="text-decoration: underline"><a href="http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx">http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx</a></span><span style="color: #000000">></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; "> ---- Adobe ----</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Systems affected:</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div>
<ul style="list-style-type: disc">
<li style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Adobe Reader</li>
<li style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Adobe Acrobat 9.1.3</li>
</ul><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Adobe is warning that attackers are exploiting an unpatched flaw in Reader and Acrobat 9.1.3 that could allow them to take control of vulnerable computers. Adobe plans to issue a fix for the vulnerability on Tuesday, October 13. Attackers can exploit the flaw by tricking users into opening maliciously crafted PDF files. The limited targeted attacks affect users running the vulnerable programs on Windows machines.</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">For details:</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; color: rgb(33, 81, 170); "><span style="color: #000000"><</span><span style="text-decoration: underline"><a href="http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html">http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html</a></span><span style="color: #000000">></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">-----------------------------------------------</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">2. FBI Rounds Up Phishing Criminals</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">-----------------------------------------------</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">In one of the biggest international cybercrime cases, known as Operation Phish Phry, the FBI and Egyptian authorities managed to net 100 suspects involved in online banking fraud. Defendants are from California, Nevada and North Carolina, as well as Egypt. They face a maximum of 20 years in prison for bank fraud, aggravated identity theft, conspiracy to commit computer fraud, and domestic and international money laundering.</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">The phishing scheme used by the criminals siphoned at least $1.5 million from thousands of accounts belonging to Bank of America and Wells Fargo customers. </div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">The case reflects the disturbing growing trend of international crime groups recruiting skilled computer hackers with a common greed and willingness to victimize unsuspecting people. What makes the job of preventing these crimes difficult is the number of criminals who can get away with it and the amount of money they can make doing it. Hopefully the FBI and other international investigative groups will continue to successfully close in on these criminals and shut them down, but they still have a lot of work ahead of them.</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Read the full story:</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; "><<a href="http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=220301571">http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=220301571</a>></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">---------------------------------------------------------</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">3. Microsoft Blocks Hacked Hotmail Accounts</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">---------------------------------------------------------</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Microsoft has blocked access to all the Hotmail accounts that were recently compromised. Usernames and passwords for several thousand accounts were posted to the Internet last week. </div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Microsoft has indicated it believes the data were obtained through a phishing attack, but a researcher says that because the attack also affected Gmail, Yahoo mail, and other accounts, and because so many accounts were compromised overall, it bears characteristics suggesting the data were stolen through surreptitiously installed keystroke logging programs. </div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">It was also found that many of the accounts had weak passwords. The most popular password was "123456" for example.</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Read the full story:</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; "><<a href="http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=220301340">http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=220301340</a>></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; "><<a href="http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=220301344">http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=220301344</a>></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">----------------------------------------</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">4. Is Phishing Really Declining?</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">----------------------------------------</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">The two stories above seem to be a clear indication that phishing attacks are still happening in full force.</div><p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"> <br class="webkit-block-placeholder"></p><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Recent reports by IBM and Symantec claimed phishing attacks are decreasing. But according to the CEO of PacketFocus, Joshua Perrymon, "Phishing attacks are not on the decline. Phishing attacks are definitely on the rise and will continue to be a problem. One issue is that people don't know that they are being phished, so most of the reports will not reflect all the attacks."</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Can you recognize a phishing attack? Test your skills with these 2 games:</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; "><<a href="http://www.onguardonline.gov/games/phishing-scams.aspx">http://www.onguardonline.gov/games/phishing-scams.aspx</a>> (this link goes to an auto-play enabled embedded video)</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; "><<a href="http://cups.cs.cmu.edu/antiphishing_phil/new/index.html">http://cups.cs.cmu.edu/antiphishing_phil/new/index.html</a>></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Or with this quiz:</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; "><<a href="http://www.sonicwall.com/phishing/">http://www.sonicwall.com/phishing/</a>></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">===========================================================================</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Find current and older issues of Security FYI Newsletter: <<a href="http://kb.mit.edu/confluence/x/ehBB"><span style="text-decoration: underline ; color: #2151aa">http://kb.mit.edu/confluence/x/ehBB</span></a>></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; "><br></div><div apple-content-edited="true"><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Calibri; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Calibri; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><span class="Apple-style-span" style="font-size: 14px; "><div>Monique Yeaton</div><div>IT Security Awareness Consultant</div><div>MIT Information Services & Technology (IS&T)</div><div>(617) 253-2715</div><div><a href="http://ist.mit.edu/security">http://ist.mit.edu/security</a></div><div>===============================</div></span></div><div><br></div><div><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px; "><font class="Apple-style-span" color="#FF3C1B">October is National Cybersecurity Awareness Month. </font></span></font></div><div><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px; "><font class="Apple-style-span" color="#FF3C1B">Stay Safe Online! </font></span></font></div><div><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px; "><font class="Apple-style-span" color="#FF3C1B">Visit</font></span></font><span class="Apple-converted-space"><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px; "><font class="Apple-style-span" color="#FF3C1B"> </font></span></font></span><a class="external" title="Link leaves federal government web domain." href="http://www.staysafeoneline.org" a="a"><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px; "><font class="Apple-style-span" color="#FF3C1B">http://www.staysafeoneline.org</font></span></font></a><span class="Apple-converted-space"><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px; "><font class="Apple-style-span" color="#FF3C1B"> </font></span></font></span><font class="Apple-style-span" size="4"><span class="Apple-style-span" style="font-size: 14px; "><font class="Apple-style-span" color="#FF3C1B">for the latest cybersecurity tips.</font></span></font></div></div></span></div></span> </div><br></body></html>