Welcome to the Network Security website at the IAS

This website is intended to bring you the latest news, how to's, tools and resources in Information Security.  Security Awareness of our Faculty, Members and Staff is key in creating a safer computing environment.

The three major Principles of Information Security, Availability, Integrity and Confidentiality, will be covered throughout the security awareness program at the Institute.  For a description of these principles, please see our About section.

In keeping with the spirit of the Institute, I encourage questions and open discussions about security.  And if you discover anything out of the ordinary, please feel free to bring it to my attention so that we can work together to create a more productive, safer environment.

Thanks,
Brian Epstein <security@ias.edu>
twitter: @epepepep


What should I do about illegal activity in an email?

Sometimes you might receive a fraudulent email asking you for personal information that could be used for illegal activities.  A lot of people just delete the email and move on.  But, what if you want to notify someone?  What if the scam is very convincing and you want someone to look into it?

Here are some tips on what to do in this situation.

APPLE-SA-2010-02-02-1 iPhone OS arbitrary code execution and passcode bypass

http://support.apple.com/kb/HT1222

An email from apple describes an update for the iPhone and iPod Touch
that covers arbitrary code execution and passcode bypass vulnerabilities.

"iPhone OS 3.1.3 and iPhone OS 3.1.3 for iPod touch is now available
and addresses the following:

GNU Gzip Dynamic Huffman Decompression Remote Code Execution Vulnerability

http://www.securityfocus.com/bid/37888/info

A vulnerability in Gzip could lead to remote code execution. This is
especially critical for services that automatically gunzip files as part
of vulnerability scanning.

Multiple OS versions are affected.

It is recommended that the latest available version of gzip be applied
to systems which use Gzip.

Thanks,
Brian

GNU Gzip Dynamic Huffman Decompression Remote Code Execution Vulnerability

http://www.securityfocus.com/bid/37888/info

A vulnerability in Gzip could lead to remote code execution. This is
especially critical for services that automatically gunzip files as part
of vulnerability scanning.

Multiple OS versions are affected.

It is recommended that the latest available version of gzip be applied
to systems which use Gzip.

Thanks,
Brian

Microsoft Internet Explorer (CVE-2010-0247) Uninitialized Memory Remote Code Execution Vulnerability (IE5 and IE6)

http://www.securityfocus.com/bid/37893

This remote code execution vulnerability only affects IE5 and IE6.
Please see the link above for more information.

It is recommended that users of IE5 or IE6 patch to the latest version,
upgrade to IE8 or use an alternative browser to mitigate this risk.

Thanks,
Brian

Microsoft Internet Explorer (CVE-2010-0247) Uninitialized Memory Remote Code Execution Vulnerability (IE5 and IE6)

http://www.securityfocus.com/bid/37893

This remote code execution vulnerability only affects IE5 and IE6.
Please see the link above for more information.

It is recommended that users of IE5 or IE6 patch to the latest version,
upgrade to IE8 or use an alternative browser to mitigate this risk.

Thanks,
Brian

UPDATED VMSA-2009-0016.2 VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.

http://lists.vmware.com/pipermail/security-announce/2010/000079.html

In addition to [NET #1667] VMSA-2010-0002, VMware announced an update to
VMSA-2009-0016.2. This announcement covers 93 CVE vulnerabilities (31
duplicated from VMSA-2010-0002).

Affected Products:

UPDATED VMSA-2009-0016.2 VMware vCenter and ESX update release and vMA patch release address multiple security issues in third p

http://lists.vmware.com/pipermail/security-announce/2010/000079.html

In addition to [NET #1667] VMSA-2010-0002, VMware announced an update to
VMSA-2009-0016.2. This announcement covers 93 CVE vulnerabilities (31
duplicated from VMSA-2010-0002).

Affected Products:

Pages