[IS&T Security-FYI] SFYI Newsletter, September 26, 2011

[Monique Yeaton]

In this issue:

1. Adobe Fixes Flash Player Vulnerability
2. One-Third of Massachusetts Residents Have Data Compromised

----------------------------------------------------
1. Adobe Fixes Flash Player Vulnerability
----------------------------------------------------

Last week Adobe published an unscheduled emergency patch for Flash Player to address many critical security issues.

Systems affected:

 *   Flash Player versions up to and including 10.3.183.7 for Windows, Mac OS X, Linux and Solaris
 *   Versions 10.3.186.6 and earlier for Android

The Flash Player updates are the company’s response to a recently discovered universal cross-site scripting (XSS) hole. According to Adobe, the vulnerability is already being actively exploited by attackers to bypass the same origin policy, allowing them to, for example, take actions on a user’s behalf on any Web site, or steal a victim’s cookies. For an attack to be successful, a victim must click on a malicious link.

Read the full story:
< http://www.h-online.com/security/news/item/Adobe-publishes-emergency-patch-to-fix-critical-Flash-vulnerabilities-1348193.html >

Get latest Adobe Flash Player:
< http://get.adobe.com/flashplayer/ >

--------------------------------------------------------------------------------------
2. One-Third of Massachusetts Residents Have Data Compromised
--------------------------------------------------------------------------------------

As posted in an article in Network World (networkworld.com), personal information on about one-third of Massachusetts residents has been compromised. This number comes from the state’s attorney general (AG), Martha Coakley, citing statistics gleaned from the tough data breach reporting law. About 2.1 million of the state’s roughly 6.6 million residents had some form of personal data put at risk in 1,166 reported theft incidents the AG said, according to a report in the Boston Globe.

Coakley was citing numbers gathered from the start of 2010 through August 2011. She said she is reviewing the data to see whether the law, which imposes heavy fines for non-compliance by entities entrusted with this information, is cutting back on breaches that lead to compromises.

The cause? The AG said a combination of hacking, errors by employees, and a growing body of personal data stored electronically by businesses will put that data at more risk over time. The largest breach in the time period the AG is reviewing involved information on about 800,000 people that was lost by a vendor hired to destroy it.

Read the full story:
< http://www.networkworld.com/news/2011/092111-massachusetts-data-compromised-251099.html >

Try the data breach quiz to test your awareness of the problem:

< http://www.networkworld.com/slideshows/2011/062211-data-breach.html >


===================================================================================

Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.

===================================================================================


Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20110926/041c1636/attachment.htm