<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif; "><div><div><div style="font-family: Calibri, sans-serif; font-size: 14px; "><span style="font-family: Arial; ">In this issue:</span></div><div style="font-family: Calibri, sans-serif; font-size: 14px; "><span style="font-family: Arial; "><br></span></div><div><span style="font-family: Arial; ">1. Adobe Fixes Flash Player Vulnerability</span></div><div><span class="Apple-style-span" style="font-size: medium; font-family: Arial; ">2. One-Third of Massachusetts Residents Have Data Compromised</span></div><div><span style="font-family: Arial; "><br></span></div><div><span style="font-family: Arial; ">----------------------------------------------------</span></div><div><span style="font-family: Arial; ">1. Adobe Fixes Flash Player Vulnerability</span></div><div><span style="font-family: Arial; ">----------------------------------------------------</span></div><div style="font-family: Calibri, sans-serif; font-size: 14px; "><span style="font-family: Arial; "><br></span></div><div style="font-family: Calibri, sans-serif; font-size: 14px; "><span class="Apple-style-span" style="font-size: medium; font-family: Arial; ">Last week Adobe published an unscheduled emergency patch for Flash Player to address many critical security issues. </span></div><div style="font-family: Calibri, sans-serif; font-size: 14px; "><span class="Apple-style-span" style="font-size: medium; font-family: Arial; "><br></span></div><div style="font-family: Calibri, sans-serif; font-size: 14px; "><span class="Apple-style-span" style="font-size: medium; font-family: Arial; ">Systems affected:</span></div><ul style="font-family: Calibri, sans-serif; font-size: 14px; "><li><span class="Apple-style-span" style="font-size: medium; font-family: Arial; ">Flash Player versions up to and including 10.3.183.7 for Windows, Mac OS X, Linux and Solaris</span></li><li><span style="color: rgb(0, 0, 0); font-size: 14px; font-style: normal; font-weight: normal; text-decoration: none; font-family: Arial; ">Versions 10.3.186.6 and earlier for Android</span></li></ul><div style="font-family: Calibri, sans-serif; font-size: 14px; "><span class="Apple-style-span" style="font-size: medium; font-family: Arial; ">The Flash Player updates are the company’s response to a recently discovered universal cross-site scripting (XSS) hole. According to Adobe, the vulnerability is already being actively exploited by attackers to bypass the same origin policy, allowing them to, for example, take actions on a user’s behalf on any Web site, or steal a victim’s cookies. For an attack to be successful, a victim must click on a malicious link. </span></div><div><span style="font-family: Arial; "><br></span></div><div><span style="font-family: Arial; ">Read the full story:</span></div><div><span style="font-family: Arial; "><</span><span class="Apple-style-span" style="font-size: medium; font-family: Arial; "> </span><a href="http://www.h-online.com/security/news/item/Adobe-publishes-emergency-patch-to-fix-critical-Flash-vulnerabilities-1348193.html"><span style="font-family: Arial; ">http://www.h-online.com/security/news/item/Adobe-publishes-emergency-patch-to-fix-critical-Flash-vulnerabilities-1348193.html</span></a><span style="font-family: Arial; "> ></span></div><div><span style="font-family: Arial; "><br></span></div><div><span style="font-family: Arial; ">Get latest Adobe Flash Player:</span></div><div><span style="font-family: Arial; ">< <a href="http://get.adobe.com/flashplayer">http://get.adobe.com/flashplayer</a>/ ></span></div><div><span style="font-family: Arial; "><br></span></div><div><span class="Apple-style-span" style="font-family: Calibri; font-size: medium; "><span class="Apple-style-span" style="font-size: 14px; font-family: Arial; ">--------------------------------------------------------</span></span><span style="font-family: Arial; ">------------------------------</span></div><div><span class="Apple-style-span" style="font-size: medium; font-family: Arial; ">2. One-Third of Massachusetts Residents Have Data Compromised</span></div><div><span class="Apple-style-span" style="font-family: Calibri; font-size: medium; "><span class="Apple-style-span" style="font-size: 14px; font-family: Arial; ">--------------------------------------------------------</span></span><span style="font-family: Arial; ">------------------------------</span></div><div><span class="Apple-style-span" style="font-size: medium; font-family: Arial; "><br></span></div><div><span class="Apple-style-span" style="font-size: medium; font-family: Arial; ">As posted in an article in Network World (networkworld.com), personal information on about one-third of Massachusetts residents has been compromised. This number comes from the state’s attorney general (AG), Martha Coakley, citing statistics gleaned from the tough data breach reporting law. About 2.1 million of the state’s roughly 6.6 million residents had some form of personal data put at risk in 1,166 reported theft incidents the AG said, according to a report in the Boston Globe. </span></div><div><span class="Apple-style-span" style="font-size: medium; font-family: Arial; "><br></span></div><div><span class="Apple-style-span" style="font-size: medium; font-family: Arial; ">Coakley was citing numbers gathered from the start of 2010 through August 2011. She said she is reviewing the data to see whether the law, which imposes heavy fines for non-compliance by entities entrusted with this information, is cutting back on breaches that lead to compromises. </span></div><div><span class="Apple-style-span" style="font-size: medium; font-family: Arial; "><br></span></div><div><span class="Apple-style-span" style="font-size: medium; font-family: Arial; ">The cause? The AG said a combination of hacking, errors by employees, and a growing body of personal data stored electronically by businesses will put that data at more risk over time. The largest breach in the time period the AG is reviewing involved information on about 800,000 people that was lost by a vendor hired to destroy it. </span></div><div><span class="Apple-style-span" style="font-size: medium; font-family: Arial; "><br></span></div><div><span style="font-family: Arial; ">Read the full story:</span></div><div><span style="font-family: Arial; ">< </span><a href="http://www.networkworld.com/news/2011/092111-massachusetts-data-compromised-251099.html"><span style="font-family: Arial; ">http://www.networkworld.com/news/2011/092111-massachusetts-data-compromised-251099.html</span></a><span style="font-family: Arial; "> ></span></div><div><span style="font-family: Arial; "><br></span></div><div><span style="font-family: Arial; ">Try the data breach quiz to test your awareness of the problem:</span></div><div><span style="font-family: Arial; "><br></span></div><div><span style="font-family: Arial; ">< </span><a href="http://www.networkworld.com/slideshows/2011/062211-data-breach.html"><span style="font-family: Arial; ">http://www.networkworld.com/slideshows/2011/062211-data-breach.html</span></a><span style="font-family: Arial; "> ></span></div><div><span style="font-family: Arial; "><br></span></div><div><p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">===================================================================================</p><span style="font-family: Arial; ">
</span><p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.</p><span style="font-family: Arial; ">
</span><p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">===================================================================================</p></div><div><br></div><div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; font-family: Helvetica; "><span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><div style="font-size: 12px; "><br></div><div style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; ">Monique Yeaton</span></span></span></span></span></span></div><div style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; ">IT Security Communications Consultant</span></span></span></span></span></span></div><div style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; ">MIT Information Services & Technology (IS&T)</span></span></span></span></span></span></div><div style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; ">(617) 253-2715</span></span></span></span></span></span></div><div style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; ">http://ist.mit.edu/security</span></span></span></span></span></span></div><div style="font-size: 12px; "><br class="khtml-block-placeholder"></div><br class="Apple-interchange-newline"></span></span></span></span></span></div></div></div></div></body></html>