Welcome to the Network Security website at the IAS

This website is intended to bring you the latest news, how to's, tools and resources in Information Security.  Security Awareness of our Faculty, Members and Staff is key in creating a safer computing environment.

The three major Principles of Information Security, Availability, Integrity and Confidentiality, will be covered throughout the security awareness program at the Institute.  For a description of these principles, please see our About section.

In keeping with the spirit of the Institute, I encourage questions and open discussions about security.  And if you discover anything out of the ordinary, please feel free to bring it to my attention so that we can work together to create a more productive, safer environment.

Thanks,
Brian Epstein <security@ias.edu>
twitter: @epepepep


Multiple Symantec Products Intel Common Base Agent Remote Command Execution Vulnerability

http://www.securityfocus.com/bid/34671/info

An exploit concerning various versions of SAV is in the wild. It allows
for remote exploitation of machines with SYSTEM privileges.

Symantec has released updates and patches to fix the issue.

Please read their release notes for further information.

Multiple Symantec Products Intel Common Base Agent Remote Command Execution Vulnerability

http://www.securityfocus.com/bid/34671/info

An exploit concerning various versions of SAV is in the wild. It allows
for remote exploitation of machines with SYSTEM privileges.

Symantec has released updates and patches to fix the issue.

Please read their release notes for further information.

Two Adobe Reader 0-day vulnerabilities

http://isc.sans.org/diary.html?storyid=6286&rss

It appears that two new vulnerabilities in Adobe Reader 9.1, 8.1.4 and
7.1.1 are being used today. These are more buffer overflows in the
Javascript interpreter that could lead to remote code execution by
reading malicious PDF files.

The exploit currently being seen targets Linux computers running Adobe's
software, but other platforms are susceptible to the same vulnerability.

Two Adobe Reader 0-day vulnerabilities

http://isc.sans.org/diary.html?storyid=6286&rss

It appears that two new vulnerabilities in Adobe Reader 9.1, 8.1.4 and
7.1.1 are being used today. These are more buffer overflows in the
Javascript interpreter that could lead to remote code execution by
reading malicious PDF files.

The exploit currently being seen targets Linux computers running Adobe's
software, but other platforms are susceptible to the same vulnerability.

Two Adobe Reader 0-day vulnerabilities

http://isc.sans.org/diary.html?storyid=6286&rss

It appears that two new vulnerabilities in Adobe Reader 9.1, 8.1.4 and
7.1.1 are being used today. These are more buffer overflows in the
Javascript interpreter that could lead to remote code execution by
reading malicious PDF files.

The exploit currently being seen targets Linux computers running Adobe's
software, but other platforms are susceptible to the same vulnerability.

How do I erase my private information before donating/recycling my mobile phone?

http://www.recellular.com/recycling/data_eraser/default.asp

Just like donating or recycling a computer, it is best to remove your personal data from your mobile phone before giving it up.  Depending on your phone manufacturer, there are different ways and methods to do this.

Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution 969136

http://www.microsoft.com/technet/security/advisory/969136.mspx

Microsoft Security Advisory (969136)

"An attacker who successfully exploited this vulnerability could gain
the same user rights as the local user. Users whose accounts are
configured to have fewer user rights on the system could be less
affected than users who operate with administrative user rights."

Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution 969136

http://www.microsoft.com/technet/security/advisory/969136.mspx

Microsoft Security Advisory (969136)

"An attacker who successfully exploited this vulnerability could gain
the same user rights as the local user. Users whose accounts are
configured to have fewer user rights on the system could be less
affected than users who operate with administrative user rights."

Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution 969136

http://www.microsoft.com/technet/security/advisory/969136.mspx

Microsoft Security Advisory (969136)

"An attacker who successfully exploited this vulnerability could gain
the same user rights as the local user. Users whose accounts are
configured to have fewer user rights on the system could be less
affected than users who operate with administrative user rights."

Oracle Java SE Critical Patch Update (CPU) Advisory

Oracle released a CPU advisory addressing 17 security
vulnerabilities in Java SE. Nine of the vulnerabilities were rated at
10.0 on the CVSS scale (10.0 being the most severe scoring). Only one of
the remaining vulnerabilities was rated below 5.0.

Java users are recommended to upgrade to Java 6 Update 26 (v1.6.0.26)
as soon as possible.

Pages