[IS&T Security-FYI] SFYI Newsletter, March 21, 2011

[Monique Yeaton]

In this issue:

1. Adobe Releasing Out-of-Band Patch This Week
2. Wireless Security, or Not?


----------------------------------------------------------------
1. Adobe Releasing Out-of-Band Patch This Week
----------------------------------------------------------------

Adobe says it will release emergency fixes for a critical flaw in Flash and Reader that is being actively exploited in targeted attacks to plant malware on vulnerable computers.  The patches will be available the week of March 21, according to Adobe, and will address the problem in Adobe Flash player 10 and Adobe Reader versions 9, 10 and X, with the exception of Reader X for Windows.  That version of Reader ships with a sandbox feature that has blocked the attack thus far.  The attackers are using specially-crafted Microsoft Excel documents to exploit the flaw.

Read the full Adobe Security Advisory: <http://www.adobe.com/support/security/advisories/apsa11-01.html>

[Source: SANS.org]


------------------------------------
2. Wireless Security, or Not?
------------------------------------

Computer users on MIT's campus can access the Internet in more than one way: via an ethernet cable or via the wireless network that provides a list of options. If you prefer the wireless option, before you connect to the network, you have five choices: MIT, MIT Secure, MIT Guest, MIT N and MIT Secure N. What do all these options mean? 

Hermes has the answer in an article that explains the difference between the various MIT wireless networks; see: <http://kb.mit.edu/confluence/x/gYV2>.

IS&T recommends using one of the secure wireless connections, and lucky for us we have that choice at MIT. This is not always the case in the rest of the world. 

As an About.com article entitled "4 Secrets Wireless Hackers Don't Want You to Know" explains, wireless access points don't all have the same security built in. For example, WEP encryption is useless for protecting a wireless network. It is easily cracked and provides a false sense of security. If you have a router that currently uses WEP, updating it to use the stronger WPA2 encryption is a fairly simple process. 

Learn more about what wireless hackers don't want you to know about your wireless network: <http://netsecurity.about.com/od/secureyourwifinetwork/a/4-Secrets-Wireless-Hackers-Do-Not-Want-You-To-Know.htm>.

Ignorance of wireless security is a wide-spread problem. A recent news article posted findings of a survey done in the UK, revealing that 40% of wireless home internet users have no knowledge of wifi security and 50% of systems installed at home never have their passwords changed. Read that full story: <http://www.scmagazineuk.com/wifi-security-settings-confuse-home-users/article/198474/>


===========================================================================================

To read all current and archived articles online, visit the Security-FYI Blog at <http://securityfyi.wordpress.com/>



Monique Yeaton
IT Security Awareness Consultant
Information Services & Technology, MIT
http://ist.mit.edu/security