<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif; "><div><div><div><p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">In this issue:</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">1. Adobe Fixes 42 Flaws in Reader and Flash</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">2. Security Update for Chrome 9</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">3. Facebook Goes to HTTPS</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">4. The Gawker Hack and Lessons Learned</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------------------------------------------------------</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">1. Adobe Fixes 42 Flaws in Reader and Flash</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------------------------------------------------------</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Adobe's quarterly security update includes fixes for 29 flaws in Reader and 13 in Flash. The release marks the first update for Reader X, an upgraded version of the PDF Reader that includes a sandboxing feature in the Windows version to protect users' systems from some attacks. </p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">In computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers and untrusted users (Source: Wikipedia).</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Most of the flaws in Reader are rated critical and two could allow cross-site scripting (XSS) attacks. The updates bring Reader to versions 8.2.6, 9.4.2 and 10.0.1 for Windows and Mac OS X. An update for Linux is expected to be available on February 28. Flash is now at version 10.2.152.26 for Windows, Mac OS X, Linux and Solaris.</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Users can download the recent versions from <http://www.adobe.com/downloads> or through the software update tools in Reader or Flash.</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Read the Adobe security bulletin: <http://www.adobe.com/support/security/bulletins/apsb11-03.html></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Learn about Adobe's Security Sandboxing feature: </p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial"><http://blogs.adobe.com/accessibility/2010/11/reader-x-accessibility-and-security-sandboxing.html></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">-----------------------------------------</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">2. Security Update for Chrome 9</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">-----------------------------------------</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Google has issued a security update for version 9 of its Chrome browser just days after Chrome 9 was released in its stable version. The fix addresses five vulnerabilities, three of which are rated high priority. Chrome 9.0.597.94 also includes an updated version of Adobe Flash.</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Download the most recent version for Windows, Mac OS X and Linux at <http://www.google.com/chrome>. Users who already have Chrome installed can use the built-in update function.</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Read the story in the news: </p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial"><http://www.h-online.com/security/news/item/Google-releases-Chrome-9-security-update-1186749.html></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">-------------------------------------</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">3. Facebook Goes to HTTPS</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">--------------------------------------</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Facebook is getting a little more serious about security after the CEO's fan page got hacked. Facebook wrote on their blog that they are rolling out the option for users to access Facebook via a secure SSL (https) connection. According to the blog article, users need to go to their account settings and choose "secure browsing" from the account security section of the page. </p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">This change is being rolled out over the next few weeks so not everyone will see the new option right away. The blog post does warn that the browsing experience may be slower (due to the encryption overhead) and that not all 3rd party applications are compatible with secure SSL at this time.</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Read the full story in the news: </p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial"><http://news.cnet.com/8301-13880_3-20030725-68.html></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">-------------------------------------------------------</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">4. The Gawker Hack and Lessons Learned</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">-------------------------------------------------------</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">The December 2010 Gawker Media hack was successful due in part to poor password construction. The passwords were reportedly hash-encrypted. The main purpose of password hashing encryption is to obscure your password from being sent as clear text over the network. But hash-encrypting does not prevent a hacker from using brute-force cracking tools. If your password is only 8-9 characters in length, or contains a dictionary word, then it can be hacked in a matter of seconds using an offline password cracking tool. </p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial"><b>Is your password strong enough to not get cracked?</b> Find out how to create a strong password by applying the tips in this Hermes article: <http://kb.mit.edu/confluence/x/3wNt></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Read the Gawker Media hack story in the news:</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial"><http://www.pcworld.com/article/213438/gawker_media_hack_everything_you_need_to_know.html></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">========================================================================================</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">To read all current and archived articles online, visit the Security-FYI Blog at <<a href="http://securityfyi.wordpress.com/"><span style="text-decoration: underline ; color: #3369b5">http://securityfyi.wordpress.com/</span></a>></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br></p></div><div><div><br></div><div><font class="Apple-style-span" color="rgb(0, 0, 0)"><font class="Apple-style-span" face="Calibri"><br></font></font></div><div><font class="Apple-style-span" color="rgb(0, 0, 0)"><font class="Apple-style-span" face="Calibri"><span class="Apple-style-span" style="font-size: 14px;"><span class="Apple-style-span" style="font-size: 12px; font-family: Helvetica; "><div style="font-size: 12px; "><br></div><div style="font-size: 12px; ">Monique Yeaton</div><div style="font-size: 12px; ">IT Security Awareness Consultant</div><div style="font-size: 12px; ">MIT Information Services & Technology (IS&T)</div><div style="font-size: 12px; ">(617) 253-2715</div><div style="font-size: 12px; "><a href="http://ist.mit.edu/security">http://ist.mit.edu/security</a></div><div style="font-size: 12px; "><br></div><div style="font-size: 12px; "><font class="Apple-style-span" color="#FC2218">The IT Security Team moved on 2/11/11: </font>Come see us in our new location at W92-236. </div></span></span></font></font></div></div></div></div></body></html>