Welcome to the Network Security website at the IAS

This website is intended to bring you the latest news, how to's, tools and resources in Information Security.  Security Awareness of our Faculty, Members and Staff is key in creating a safer computing environment.

The three major Principles of Information Security, Availability, Integrity and Confidentiality, will be covered throughout the security awareness program at the Institute.  For a description of these principles, please see our About section.

In keeping with the spirit of the Institute, I encourage questions and open discussions about security.  And if you discover anything out of the ordinary, please feel free to bring it to my attention so that we can work together to create a more productive, safer environment.

Thanks,
Brian Epstein <security@ias.edu>
twitter: @epepepep


Opera Web Browser Prior to 11.00 Multiple Security Vulnerabilities

http://www.securityfocus.com/bid/45461

"The Opera web browser is prone to a vulnerability that may aid in
convincing a victim to download malicious content, an
information-disclosure vulnerability, and multiple unspecified
vulnerabilities with high severity.

An attacker can exploit these issues to trick users into downloading
malicious content or to gain potentially sensitive information; other
attacker are also possible.

Opera versions prior to 11.00 are vulnerable. "

OpenOffice.org Multiple Memory Corruption Vulnerabilities

http://www.vsecurity.com/resources/advisory/20110126-1/

"Vulnerability Overview

On August 20th, VSR identified multiple memory corruption
vulnerabilities in OpenOffice.org. By convincing a victim to open a
maliciously crafted RTF or Word document, arbitrary code may be executed
on the victim's machine. "

"Recommendation

Users should install updates provided by downstream distributions or
upgrade to version 3.3. "

Thanks,
ep

Google Chrome prior to 8.0.552.215 Multiple Security Vulnerabilities

http://www.securityfocus.com/bid/45170

"Google Chrome is prone to multiple vulnerabilities.

Attackers can exploit these issues to execute arbitrary code in the
context of the browser, cause denial-of-service conditions, gain access
to sensitive information, and bypass intended security restrictions;
other attacks are also possible.

Versions prior to Chrome 8.0.552.215 are vulnerable. "

It is recommended that Google Chrome users upgrade to the latest
available version.

Opera Web Browser Prior to 11.00 Multiple Security Vulnerabilities

http://www.securityfocus.com/bid/45461

"The Opera web browser is prone to a vulnerability that may aid in
convincing a victim to download malicious content, an
information-disclosure vulnerability, and multiple unspecified
vulnerabilities with high severity.

An attacker can exploit these issues to trick users into downloading
malicious content or to gain potentially sensitive information; other
attacker are also possible.

Opera versions prior to 11.00 are vulnerable. "

OpenOffice.org Multiple Memory Corruption Vulnerabilities

http://www.vsecurity.com/resources/advisory/20110126-1/

"Vulnerability Overview

On August 20th, VSR identified multiple memory corruption
vulnerabilities in OpenOffice.org. By convincing a victim to open a
maliciously crafted RTF or Word document, arbitrary code may be executed
on the victim's machine. "

"Recommendation

Users should install updates provided by downstream distributions or
upgrade to version 3.3. "

Thanks,
ep

PHP 5.3.5 / 5.2.17: Floating-Point bug fixed (32bit versions only)

http://www.h-online.com/security/news/item/PHP-5-3-5-5-2-17-Floating-Poi...

There is a vulnerability in previous versions of PHP which affects 32bit
machines. If exploited, it could result in a DoS attack by crashing Apache.

It is recommended that updates be applied when available. A test script
to see if you are vulnerable can be found here.

PHP 5.3.5 / 5.2.17: Floating-Point bug fixed (32bit versions only)

http://www.h-online.com/security/news/item/PHP-5-3-5-5-2-17-Floating-Poi...

There is a vulnerability in previous versions of PHP which affects 32bit
machines. If exploited, it could result in a DoS attack by crashing Apache.

It is recommended that updates be applied when available. A test script
to see if you are vulnerable can be found here.

Pages