Adobe Flash Vulnerability Affecting Apple Snow Leopard

Original release date: September 4, 2009 at 2:58 pm Last revised: September 4, 2009 at 2:58 pm

US-CERT is aware that Apple’s recently released version of Mac OS X, Snow Leopard, includes a version of the Flash Player that contains previously addressed vulnerabilities.

US-CERT encourages users and administrators to upgrade to the latest version of Flash Player. Users and administrators can determine their version of Flash using the Version test for Adobe Flash Player.

Relevant Url(s):

<http://kb2.adobe.com/cps/155/tn_15507.html>

<http://get.adobe.com/flashplayer/>

US-CERT Current Activity

Microsoft Internet Information Services (IIS) FTP Service Vulnerability

Original release date: August 31, 2009 at 4:27 pm Last revised: August 31, 2009 at 4:27 pm

Microsoft Internet Information Services (IIS) FTP Service Vulnerability

US-CERT is aware of a public report of a vulnerability affecting the Microsoft Internet Information Services (IIS) FTP service. This vulnerability may allow a remote attacker to execute arbitrary code.

US-CERT encourages administrators to disable anonymous write access to the FTP server to help mitigate the vulnerability, although a proper impact analysis should be performed prior to taking defensive measures.

US-CERT will provide additional information as it becomes available.

====

This entry is available at

http://www.us-cert.gov/current/index.html#microsoft_internet_information_services_iis1

US-CERT Current Activity

 

Autonomy KeyView SDK Vulnerability

 

Original release date: August 26, 2009 at 9:47 am Last revised: August 26, 2009 at 9:47 am

 

 

US-CERT is aware of reports of a vulnerability in the way the Autonomy KeyView SDK parses Excel files. The Autonomy KeyView SDK is used by certain products, including Lotus Notes and Symantec Mail Security, to support the handling of a number of different file formats. By supplying a specially crafted Excel spreadsheet to an application using the affected Autonomy KeyView SDK library, a remote attacker may be able to execute arbitrary code in the context of that application.

 

US-CERT encourages users and administrators to do the following to help mitigate the risks:

  * IBM Lotus Notes users should review the IBM Flash Alert and

    implement the listed fixes or workarounds.

  * Symantec users should review Symantec Security Advisory SYM09-010

    and implement the listed fixes or workarounds.

  * The original reporters of the vulnerability state that users of

    other applications that use an affected version of the Autonomy

    KeyView SDK may wish to remove the xlssr.dll filter module or

    comment out the reference to xlssr.dll in the KeyView.ini file

    distributed with the affected application.

 

Relevant Url(s):

<http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21396492>

 

<http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090825_00>

 

====

This entry is available at

http://www.us-cert.gov/current/index.html#autonomy_keyview_sdk_vulnerability1

Cyber Security Tip ST04-007

                                Reducing Spam

 

   Spam is a common, and often frustrating, side effect to having an email

   account. Although you will probably not be able to eliminate it, there are

   ways to reduce it.

 

What is spam?

 

   Spam is the electronic version of “junk mail.” The term spam refers to

   unsolicited, often unwanted, email messages. Spam does not necessarily

   contain viruses—valid messages from legitimate sources could fall into this

   category.

 

How can you reduce the amount of spam?

 

   There are some steps you can take to significantly reduce the amount of spam

   you receive:

     * Don’t give your email address out arbitrarily – Email addresses have

       become so common that a space for them is often included on any form

       that asks for your address—even comment cards at restaurants. It seems

       harmless,  so many people write them in the space provided without

       realizing what could happen to that information. For example, companies

       often enter the addresses into a database so that they can keep track of

       their customers and the customers’ preferences. Sometimes these lists

       are  sold  to or shared with other companies, and suddenly you are

       receiving email that you didn’t request.

     * Check privacy policies – Before submitting your email address online,

       look for a privacy policy. Most reputable sites will have a link to

       their privacy policy from any form where you’re asked to submit personal

       data. You should read this policy before submitting your email address

       or any other personal information so that you know what the owners of

       the site plan to do with the information (see Protecting Your Privacy

       for more information).

     * Be aware of options selected by default – When you sign up for some

       online accounts or services, there may be a section that provides you

       with the option to receive email about other products and services.

       Sometimes  there are options selected by default, so if you do not

       deselect them, you could begin to receive email from lists those lists

       as well.

     * Use filters – Many email programs offer filtering capabilities that

       allow  you  to block certain addresses or to only allow email from

       addresses  on your contact list. Some ISPs offer spam “tagging” or

       filtering services, but legitimate messages misclassified as spam might

       be dropped before reaching your inbox. However, many ISPs that offer

       filtering services also provide options for tagging suspected spam

       messages so the end user can more easily identify them. This can be

       useful in conjunction with filtering capabilities provided by many email

       programs.

     * Report messages as spam – Most email clients offer an option to report a

       message as spam or junk. If your has that option, take advantage of it.

       Reporting messages as spam or junk helps to train the mail filter so

       that the messages aren’t delivered to your inbox. However, check your

       junk or spam folders occasionally to look for legitimate messages that

       were incorrectly classified as spam.

     * Don’t follow links in spam messages – Some spam relies on generators

       that try variations of email addresses at certain domains. If you click

       a link within an email message or reply to a certain address, you are

       just confirming that your email address is valid. Unwanted messages that

       offer an “unsubscribe” option are particularly tempting, but this is

       often just a method for collecting valid addresses that are then sent

       other spam.

     * Disable  the automatic downloading of graphics in HTML mail – Many

       spammers send HTML mail with a linked graphic file that is then used to

       track who opens the mail message—when your mail client downloads the

       graphic from their web server, they know you’ve opened the message.

       Disabling HTML mail entirely and viewing messages in plain text also

       prevents this problem.

     * Consider opening an additional email account – Many domains offer free

       email accounts. If you frequently submit your email address (for online

       shopping, signing up for services, or including it on something like a

       comment card), you may want to have a secondary email account to protect

       your primary email account from any spam that could be generated. You

       could also use this secondary account when posting to public mailing

       lists, social networking sites, blogs, and web forums. If the account

       start to fill up with spam, you can get rid of it and open a different

       one.

     * Use privacy settings on social networking sites – Social networking

       sites typically allow you to choose who has access to see your email

       address. Consider hiding your email account or changing the settings so

       that only a small group of people that you trust are able to see your

       address (see Staying Safe on Social Network Sites for more information).

       Also, when you use applications on these sites, you may be granting

       permission for them to access your personal information. Be cautious

       about which applications you choose to use.

     * Don’t spam other people – Be a responsible and considerate user. Some

       people consider email forwards a type of spam, so be selective with the

       messages you redistribute. Don’t forward every message to everyone in

       your address book, and if someone asks that you not forward messages to

       them, respect their request.

     _________________________________________________________________

 

     Authors: Mindi McDowell, Allen Householder

     _________________________________________________________________

 

     Produced 2004 by US-CERT, a government organization.

 

     Last updated July 29, 2009

 

     Note: This tip was previously published and is being re-distributed to

     increase awareness.

 

     Terms of use

 

     http//www.us-cert.gov/legal.html

 

     This document can also be found at

 

     http//www.us-cert.gov/cas/tips/ST04-007.html

 

 

Vulnerability Summary for the Week of July 20, 2009

This bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) the week of July 20, 2009. It is available here:

    http://www.us-cert.gov/cas/bulletins/SB09-208.html

National Cyber Alert System
Cyber Security Bulletin SB09-208

US-CERT Current Activity

 

Cisco Releases Security Advisory for Vulnerabilities in Cisco Wireless LAN Controllers

 

Original release date: July 27, 2009 at 2:59 pm Last revised: July 27, 2009 at 2:59 pm

 

 

Cisco has released a security advisory to address multiple vulnerabilities in Wireless LAN Controllers. The advisory addresses the following:

  * Malformed HTTP or HTTPS authentication response denial-of-service

    vulnerability.

  * SSH connections denial-of-service vulnerability.

  * Crafted HTTP or HTTPS request denial-of-service vulnerability.

  * Crafted HTTP or HTTPS request unauthorized configuration

    modification vulnerability.

 

Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition or gain full control over the Wireless LAN Controller.

 

US-CERT encourages users and administrators to review Cisco Security Advisory cisco-sa-20090727-wlc and apply any necessary updates or workarounds to help mitigate the risks.

 

Relevant Url(s):

<http://www.cisco.com/en/US/products/products_security_advisory09186a0080adb3d7.shtml>

 

====

This entry is available at

http://www.us-cert.gov/current/index.html#cisco_releases_security_advisory_for11

US-CERT Current Activity

 

Microsoft Releases Advance Notification for July Security Bulletin

 

Original release date: July 9, 2009 at 1:58 pm Last revised: July 9, 2009 at 1:58 pm

 

 

Microsoft has issued a Security Bulletin Advance Notification indicating that the July release cycle will contain six bulletins, three of which will have a severity rating of critical. The notification states that these critical bulletins are for Microsoft Windows. There will also be three important bulletins for Microsoft Office, Virtual PC and Virtual Server, and ISA Server. Release of these bulletins is scheduled for Tuesday, July 14.

 

US-CERT will provide additional information as it becomes available.

 

Relevant Url(s):

<http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx>

 

====

This entry is available at

http://www.us-cert.gov/current/index.html#microsoft_releases_advance_notification_for23

 

Apple Releases iPhone OS 3.0

Original release date: June 18, 2009 at 8:09 am Last revised: June 18, 2009 at 8:09 am

Apple has released iPhone OS 3.0 to address multiple vulnerabilities across many packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, bypass security restrictions, or conduct cross-site scripting attacks.

US-CERT encourages users to review Apple article HT3639 and upgrade to iPhone OS 3.0 to help mitigate the risks.

Relevant Url(s):

<http://support.apple.com/kb/HT3639>

====

This entry is available at

http://www.us-cert.gov/current/index.html#apple_releases_iphone_os_3

                          Understanding Firewalls

   When anyone or anything can access your computer at any time, your computer

   is more susceptible to being attacked. You can restrict outside access to

   your computer and the information on it with a firewall.

What do firewalls do?

   Firewalls provide protection against outside attackers by shielding your

   computer  or  network  from malicious or unnecessary Internet traffic.

   Firewalls can be configured to block data from certain locations while

   allowing  the  relevant  and necessary data through (see Understanding

   Denial-of-Service Attacks and Understanding Hidden Threats: Rootkits and

   Botnets for more information). They are especially important for users who

   rely on “always on” connections such as cable or DSL modems.

What type of firewall is best?

   Firewalls  are  offered in two forms: hardware (external) and software

   (internal). While both have their advantages and disadvantages, the decision

   to use a firewall is far more important than deciding which type you use.

     * Hardware – Typically called network firewalls, these external devices

       are positioned between your computer or network and your cable or DSL

       modem. Many vendors and some Internet service providers (ISPs) offer

       devices  called  “routers”  that  also  include firewall features.

       Hardware-based firewalls are particularly useful for protecting multiple

       computers  but also offer a high degree of protection for a single

       computer. If you only have one computer behind the firewall, or if you

       are certain that all of the other computers on the network are up to

       date on patches and are free from viruses, worms, or other malicious

       code, you may not need the extra protection of a software firewall.

       Hardware-based firewalls have the advantage of being separate devices

       running their own operating systems, so they provide an additional line

       of defense against attacks. Their major drawback is cost, but many

       products are available for less than $100 (and there are even some for

       less than $50).

     * Software – Some operating systems include a built-in firewall; if yours

       does, consider enabling it to add another layer of protection even if

       you have an external firewall. If you don’t have a built-in firewall,

       you can obtain a software firewall for relatively little or no cost from

       your local computer store, software vendors, or ISP. Because of the

       risks associated with downloading software from the Internet onto an

       unprotected computer, it is best to install the firewall from a CD or

       DVD. If you do download software from the Internet, make sure it is a

       reputable, secure website (see Understanding Web Site Certificates for

       more information). Although relying on a software firewall alone does

       provide some protection, realize that having the firewall on the same

       computer as the information you’re trying to protect may hinder the

       firewall’s ability to catch malicious traffic before it enters your

       system.

How do you know what configuration settings to apply?

   Most  commercially  available  firewall  products,  both hardware- and

   software-based, come configured in a manner that is acceptably secure for

   most  users. Since each firewall is different, you’ll need to read and

   understand the documentation that comes with it to determine whether or not

   the  default  settings on your firewall are sufficient for your needs.

   Additional assistance may be available from your firewall vendor or your ISP

   (either from tech support or a website). Also, alerts about current viruses

   or  worms  (such as US-CERT’s Cyber Security Alerts) sometimes include

   information about restrictions you can implement through your firewall.

   Unfortunately, while properly configured firewalls may be effective at

   blocking some attacks, don’t be lulled into a false sense of security.

   Although they do offer a certain amount of protection, firewalls do not

   guarantee that your computer will not be attacked. In particular, a firewall

   offers little to no protection against viruses that work by having you run

   the infected program on your computer, as many email-borne viruses do.

   However, using a firewall in conjunction with other protective measures

   (such as anti-virus software and “safe” computing practices) will strengthen

   your resistance to attacks (see Understanding Anti-Virus Software and other

   security tips for more information).

     _________________________________________________________________

     Both the National Cyber Security Alliance and US-CERT have identified this

     topic as one of the top tips for home users.

     _________________________________________________________________

     Authors: Mindi McDowell, Allen Householder

     _________________________________________________________________

     Produced 2004 by US-CERT, a government organization.

     Note: This tip was previously published and is being re-distributed

     to increase awareness.

     Terms of use

     <http://www.us-cert.gov/legal.html>

     This document can also be found at

     <http://www.us-cert.gov/cas/tips/ST04-004.html>