ep's blog

Security Awareness on Social Media

http://www.educause.edu/blogs/lspitzner/security-awareness-social-media

Lance Spitzner from SANS is writing about Security Awareness on Social Media this month.  This blog entry specifically reviews privacy and social media, two polar opposites in today's world of online media.  It also reviews how to spot potential scams and finally, why to keep work and your personal life separate when posting online.

This is a great read to start off CyberSecurity Awareness Month.

Canadian Privacy Commissioner Unveils New Tools to Help Young Internet Users Protect Their Privacy


http://www.priv.gc.ca/media/nr-c/2012/nr-c_120124_e.cfm#contenttop


I think that the materials that the Privacy Commissioner of Canada is promoting are great.  Everyone should follow the advice they present to teach their families about online privacy.  Here are the links to three great tools they have launched on their www.youthprivacy.ca website.

APPLE-SA-2011-04-18-1 iTunes 10.2.2 for Windows

http://support.apple.com/kb/HT4609

"iTunes 10.2.2

WebKit

Available for: Windows 7, Vista, XP SP2 or later

Impact: A man-in-the-middle attack may lead to an unexpected
application termination or arbitrary code execution

Description: Multiple memory corruption issues exist in WebKit. A
man-in-the-middle attack while browsing the iTunes Store via iTunes may
lead to an unexpected application termination or arbitrary code execution.

CVE-ID

Leaked version of Skype for Android leaks sensitive data

http://nakedsecurity.sophos.com/2011/04/17/skype-for-android-leaks-sensi...

Leaked copies of Skype for Android with video-conferencing capabilities
have been floating around. Before using, note that there is no security
of any kind on your personal & login information. It is literally stored
in text files with world-readable permissions. However, PCI DSS was
followed, so Credit Card information is safe.

Adobe to Patch Flash Zero Day on Windows, Mac on Friday, April 15, 2011

https://threatpost.com/en_us/blogs/adobe-patch-flash-zero-day-windows-ma...

Thanks to Kevin for the heads up.

"Adobe is planning to patch the recently disclosed Flash Player
vulnerability on Friday for users on Windows, Mac OS X and Linux. The
vulnerability is being used in targeted attacks right now that use
malicious Word documents.

Horde IMP Webmail 'fetchmailprefs.php' HTML Injection Vulnerability

http://www.securityfocus.com/bid/43515/info

"Horde IMP Webmail is prone to an HTML-injection vulnerability because
it fails to sufficiently sanitize user-supplied data before it is used
in dynamic content.

Attacker-supplied HTML or JavaScript code could run in the context of
the affected site, potentially allowing the attacker to steal
cookie-based authentication credentials and to control how the site is
rendered to the user; other attacks are also possible.

Pages