Welcome to the Network Security website at the IAS

This website is intended to bring you the latest news, how to's, tools and resources in Information Security.  Security Awareness of our Faculty, Members and Staff is key in creating a safer computing environment.

The three major Principles of Information Security, Availability, Integrity and Confidentiality, will be covered throughout the security awareness program at the Institute.  For a description of these principles, please see our About section.

In keeping with the spirit of the Institute, I encourage questions and open discussions about security.  And if you discover anything out of the ordinary, please feel free to bring it to my attention so that we can work together to create a more productive, safer environment.

Thanks,
Brian Epstein <security@ias.edu>
twitter: @epepepep


Pidgin's libpurple vulnerable to multiple denial of service attacks.

http://www.securityfocus.com/bid/36277/info

Successful exploits of a libpurple vulnerability will lead to crashes in
Pidgin.

"Pidgin Libpurple 2.6.1 and prior versions are affected."

This affects the IRC, XMPP and MSN chat clients which use libpurple. It
is recommended that users upgrade their Pidgin/libpurple installations
to a newer, fixed version.

WordPress worm leads to site defacement

http://www.securityfocus.com/brief/1008?ref=rss

WordPress is warning its users of a new worm that is currently
spreading. If you have not installed one of the last two updates,
released on August 3 and August 12, you are vulnerable to the worm.

This worm posts spam as an admin user.

It is recommended that all WordPress sites update to the latest version.

This is a Severity 1, Priority 1 issue.

WordPress worm leads to site defacement

http://www.securityfocus.com/brief/1008?ref=rss

WordPress is warning its users of a new worm that is currently
spreading. If you have not installed one of the last two updates,
released on August 3 and August 12, you are vulnerable to the worm.

This worm posts spam as an admin user.

It is recommended that all WordPress sites update to the latest version.

This is a Severity 1, Priority 1 issue.

WordPress worm leads to site defacement

http://www.securityfocus.com/brief/1008?ref=rss

WordPress is warning its users of a new worm that is currently
spreading. If you have not installed one of the last two updates,
released on August 3 and August 12, you are vulnerable to the worm.

This worm posts spam as an admin user.

It is recommended that all WordPress sites update to the latest version.

This is a Severity 1, Priority 1 issue.

Java for Mac OS X 10.5 Update 5

http://support.apple.com/kb/HT3851

A major java update for Mac OS X 10.5 was released yesterday by Apple.
It addresses 17 unique Common Vulnerabilities and Exposures (CVE) in
Java ranging from privilege escalation, arbitrary code execution and
unexpected application termination (DoS).

It is recommended that all Macintosh OS X 10.5 users update their
version of Java and ensure that all older versions of Java have been
removed.

Java for Mac OS X 10.5 Update 5

http://support.apple.com/kb/HT3851

A major java update for Mac OS X 10.5 was released yesterday by Apple.
It addresses 17 unique Common Vulnerabilities and Exposures (CVE) in
Java ranging from privilege escalation, arbitrary code execution and
unexpected application termination (DoS).

It is recommended that all Macintosh OS X 10.5 users update their
version of Java and ensure that all older versions of Java have been
removed.

Pages