[IS&T Security-FYI] Security FYI Newsletter, February 24, 2015

Tue Feb 24 13:53:42 EST 2015

In this issue:

1. Superfish Adware Put Lenovo Users at Risk
2. Microsoft Security Updates for February
3. Safety While Traveling

--------------------------------------------------------------
1. Superfish Adware Put Lenovo Users at Risk
--------------------------------------------------------------

Per an article by ArsTechnica<http://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/> last week, Lenovo is selling computers with adware preinstalled that hijacks encrypted web sessions, making users vulnerable to HTTPS man-in-the-middle attacks.

The adware comes from a company called Superfish, designed to inject ads into web pages. But it is more nefarious than that. The software literally acts as a middle man, standing between you and the sites you visit. It does this by installing a self-signed root certificate authority (CA) into your browser that can intercept traffic for every HTTPS website you visit, allowing an attacker to spoof websites you log into.

According to a statement by Lenovo<http://arstechnica.com/security/2015/02/lenovo-honestly-thought-youd-enjoy-that-superfish-https-spyware/>, the software was only installed on machines that shipped between September and December of last year and was removed in January. The statement also mentions that Superfish has disabled server side interaction since January, so that the product is no longer active.

This issue with Superfish was overlooked until last week. This week, Microsoft updated Windows to remove the Superfish software (learn more in the article below: “Microsoft Security Updates for February”). Lenovo has also issued a tool<http://support.lenovo.com/us/en/product_security/superfish_uninstall> that removes the software.

This test<https://filippo.io/Badfish/> will tell you if you have a problem with Superfish.

Read the Superfish story in the news<http://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/>.

Read the US-CERT alert<https://www.us-cert.gov/ncas/alerts/TA15-051A>.

--------------------------------------------------------
2. Microsoft Security Updates for February
--------------------------------------------------------

As mentioned in the previous article, Microsoft has updated Windows to detect the Superfish software that comes preinstalled on Lenovo computers. Windows Defender is now actively removing the software and will reset any SSL certificates that were circumvented by Superfish, restoring the system to proper working order. Users should update their version of Windows Defender and scan as soon as possible. Learn more<http://www.theverge.com/2015/2/20/8077033/superfish-fix-microsoft-windows-defender>.

Microsoft released nine bulletins for February<https://technet.microsoft.com/en-us/library/security/ms15-feb.aspx> on Patch Tuesday (MS15-009 through MS15-017). Systems affected are Microsoft Windows, Office, Internet Explorer and Server Software.

The security update for Internet Explorer patches 41 vulnerabilities. Be sure to accept the updates as they occur, or go to the Windows Update site<http://windowsupdate.microsoft.com/>.

---------------------------------
3. Safety While Traveling
---------------------------------

“Staying Secure on the Road<http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201502_en.pdf>” (.pdf) is the topic for this month’s OUCH! newsletter. In this issue, you can learn how to securely connect to the Internet and get things done while Traveling. Written by Steve Armstrong, Technical Director of CyberCPR at Logically Secure.

Feel free to share this issue with colleagues who are or will be traveling this year. View a copy here (.pdf)<http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201502_en.pdf>

MIT also provides a list of great tips for those traveling with technology in the KB article Technology Tips for Travelers<http://kb.mit.edu/confluence/x/ODIYCQ>.

=======================================================================================
Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
=======================================================================================

Monique Buchanan
IT Security Communications Coordinator
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20150224/8026aa41/attachment.htm