Welcome to the Network Security website at the IAS

This website is intended to bring you the latest news, how to's, tools and resources in Information Security.  Security Awareness of our Faculty, Members and Staff is key in creating a safer computing environment.

The three major Principles of Information Security, Availability, Integrity and Confidentiality, will be covered throughout the security awareness program at the Institute.  For a description of these principles, please see our About section.

In keeping with the spirit of the Institute, I encourage questions and open discussions about security.  And if you discover anything out of the ordinary, please feel free to bring it to my attention so that we can work together to create a more productive, safer environment.

Thanks,
Brian Epstein <security@ias.edu>
twitter: @epepepep


Two Adobe Reader 0-day vulnerabilities

http://isc.sans.org/diary.html?storyid=6286&rss

It appears that two new vulnerabilities in Adobe Reader 9.1, 8.1.4 and
7.1.1 are being used today. These are more buffer overflows in the
Javascript interpreter that could lead to remote code execution by
reading malicious PDF files.

The exploit currently being seen targets Linux computers running Adobe's
software, but other platforms are susceptible to the same vulnerability.

Two Adobe Reader 0-day vulnerabilities

http://isc.sans.org/diary.html?storyid=6286&rss

It appears that two new vulnerabilities in Adobe Reader 9.1, 8.1.4 and
7.1.1 are being used today. These are more buffer overflows in the
Javascript interpreter that could lead to remote code execution by
reading malicious PDF files.

The exploit currently being seen targets Linux computers running Adobe's
software, but other platforms are susceptible to the same vulnerability.

How do I erase my private information before donating/recycling my mobile phone?

http://www.recellular.com/recycling/data_eraser/default.asp

Just like donating or recycling a computer, it is best to remove your personal data from your mobile phone before giving it up.  Depending on your phone manufacturer, there are different ways and methods to do this.

Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution 969136

http://www.microsoft.com/technet/security/advisory/969136.mspx

Microsoft Security Advisory (969136)

"An attacker who successfully exploited this vulnerability could gain
the same user rights as the local user. Users whose accounts are
configured to have fewer user rights on the system could be less
affected than users who operate with administrative user rights."

Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution 969136

http://www.microsoft.com/technet/security/advisory/969136.mspx

Microsoft Security Advisory (969136)

"An attacker who successfully exploited this vulnerability could gain
the same user rights as the local user. Users whose accounts are
configured to have fewer user rights on the system could be less
affected than users who operate with administrative user rights."

Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution 969136

http://www.microsoft.com/technet/security/advisory/969136.mspx

Microsoft Security Advisory (969136)

"An attacker who successfully exploited this vulnerability could gain
the same user rights as the local user. Users whose accounts are
configured to have fewer user rights on the system could be less
affected than users who operate with administrative user rights."

Oracle Java SE Critical Patch Update (CPU) Advisory

Oracle released a CPU advisory addressing 17 security
vulnerabilities in Java SE. Nine of the vulnerabilities were rated at
10.0 on the CVSS scale (10.0 being the most severe scoring). Only one of
the remaining vulnerabilities was rated below 5.0.

Java users are recommended to upgrade to Java 6 Update 26 (v1.6.0.26)
as soon as possible.

Adobe Reader 7, 8 and 9 code execution through buffer overflow

http://www.adobe.com/support/security/advisories/apsa09-01.html

A buffer overflow in Adobe Reader allows for code execution when a user
opens a malicious PDF file.

Adobe will be releasing updates to v9 on March 11, 2009. Version 8 and
7 patches will follow soon after.

The exploit is currently active and uses Javascript embedded in the PDF
file to inject its payload into the heap.

Pages