[IS&T Security-FYI] Security FYI Newsletter, December 16, 2015

Tue Dec 16 11:36:03 EST 2014

In this issue:

1. Security SIG Lunch on Dec. 18th
2. SANS Holiday Hack Challenge
3. Security Update Released for Adobe Flash Player
4. Microsoft Enables Removal of SSL 3.0 Fallback in IE

------------------------------------------------
1. Security SIG Lunch on Dec. 18th
------------------------------------------------

There’s still time to sign up for this week’s Security SIG Lunch. The topic is “OS Hardening Best Practices” and for this talk we’ll be hearing from several people at MIT regarding their experiences.

Where: W92-Back Bay
When: Thursday, December 18, 12:00 - 1:30

Please RSVP at security_sig_events at mit.edu<mailto:security_sig_events at mit.edu> by Wednesday Dec. 17 at noon, if you plan on eating lunch with us.

---------------------------------------------
2. SANS Holiday Hack Challenge
---------------------------------------------

Help save old Ebenezer Scrooge from certain doom! This year’s Holiday Hack Challenge from SANS is designed to help build your information security skills and have some holiday fun in the process. This year, match wits with an Artificially Intelligent agent, exploit a target machine, and do some detailed packet capture and file analysis, all with the goal of unraveling the mysteries of the Ghosts of Hacking Past, Present and Future.

Everyone is invited to participate. Compete for some really cool prizes:
http://pen-testing.sans.org/holiday-challenge/2014

----------------------------------------------------------------------
3. Security Update Released for Adobe Flash Player
----------------------------------------------------------------------

Last week, Adobe released a security update for Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the following affected systems:

  *   Adobe Flash Player 15.0.0.242 and earlier versions
  *   Adobe Flash Player 13.0.0.258 and earlier 13.x versions
  *   Adobe Flash Player 11.2.202.424 and earlier versions for Linux

The recommendation by Adobe is for users to update their software with version 16.0.0.235 (Windows and Macintosh) and version 11.2.202.425 (for Linux). Instructions can be found in the Adobe Security Bulletin.<http://helpx.adobe.com/security/products/flash-player/apsb14-27.html>

--------------------------------------------------------------------------
4. Microsoft Enables Removal of SSL 3.0 Fallback in IE
--------------------------------------------------------------------------

Last week, in addition to patching 14 vulnerabilities in Internet Explorer (IE), Microsoft gave Windows admins the ability to disable SSL 3.0 in IE 11 for Protected Mode sites. Doing so eliminates exposure to SSL attacks (also known as POODLE)<http://kb.mit.edu/confluence/x/GIEwCQ>.

This change to IE 11 turns off the disabling of SSL 3.0 by default, but it will be turned on by default on February 10, 2015. This is Microsoft’s first step toward disabling SSL 3.0 by default in all of its online services.

Read the full story in the news<http://threatpost.com/microsoft-enables-removal-of-ssl-3-0-fallback-in-ie/109821>.

See the status of disabling SSL 3.0 in the most popular browsers here<http://kb.mit.edu/confluence/x/5IEwCQ>.

=======================================================================================
Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
=======================================================================================

Monique Buchanan
IT Security Communications Coordinator
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20141216/ac5eb3ff/attachment.htm