Achived Security Information 2005 -- 2007

Microsoft Internet Explorer 7 Phishing E-mail March 30, 2007
Several states reported receiving e-mails asking users to download Internet Explorer 7 by clicking on a link embedded in the e-mail. If the user follows the instructions, their computer will be infected with malware. This information Bulletin discusses the characteristics of the e-mail in more detail. Bulletin: The e-mail appears to originate from admin@microsoft.com asking users to download Internet Explorer 7 contains a graphic of IE 7 and links to various URLs. Clicking on the picture results in a file, IE7.0.exe, being downloaded to the user's machine. Note that currently this file does not auto-execute so at this point the users computer is not yet compromised.
Security presentation
If you could not attend the security presentation by Mr. Willoughby on March 9’th, the PowerPoint slides are available here. Mr. Willoughby has conducted security workshops in six foreign countries and more than 30 states. Professionally, he holds certifications as a Microsoft Certified Systems Engineer (MCSE), a Certified Information Systems Security Professional (CISSP), a Certified Information Security Manager (CISM), and Certified Ethical Hacker (CEH). Willoughby served in the US Intelligence Community and the Department of Defense for more than 30 years. Presentation Abstract: "Hackers and criminal elements have ramped up their malware-generating machine in the past few years, honing methods to create powerful malicious code. Indeed, the small trickles of advanced malware that we have seen in recent months are indicative of a tumultuous future. This presentation will address trends expected to emerge on the malware front."
BOT Program
Recently a new BOT program identified as W32.Spybot.ACYR by Symantec, has compromised a small number of systems at various universities, including about 30 systems at the University of Arkansas and another 150 systems at the University of New South Wales in Australia. Both Microsoft and Symantec have released patches that resolve this vulnerability. For prevention, please make sure your Windows system is patched by selecting "Start", then "All Programs", then "Windows Update" to ensure your system is patched to the latest release. To manually update Symantec Antivirus, click the yellow shield in your task bar and select "Live Update" then follow the prompts to download and install the latest updates. Link for details: http://www.securityfocus.com/news/11426/1
Microsoft security bulletin (MS06-055)
Microsoft has released a new security bulletin (MS06-055) that supplies a patch which addresses the VML vulnerability affecting Microsoft Internet Explorer and Office. We recommend that these patches be installed immediately on all affected systems after appropriate testing. To immediately check if your system requires these patches, select "Windows Update" from the start menu on windows systems. Patches are for Windows 2000, Windows 2003 and Windows XP. Also, check that your settings are configured to download and install windows updates daily. Instructions to configure automatic updates can be found on the itsecurity.olemiss.edu web site in the left column, second entry, "Configuring Windows for Automatic Updates".
Security Awareness Training
Aug. 30, 2006 The Office of Information Technology (IT) is offering security awareness training sessions for employees authorized to access, store, and maintain confidential data. Sessions will be held in the Union Ballroom Tuesday, September 5 from 9:00 a.m. till 11:00 a.m. Wednesday,September 6 from 1:00 p.m. till 3:00 p.m. Employees who wish to participate in these sessions should indicate this by contacting the SAP Support Desk (x5556 or sap@olemiss.edu). Many UM departments necessarily access and accumulate information about faculty, staff, students and external entities for the purposes of daily business. Departments and individuals that manage electronic information are responsible for safeguarding this information from improper access or disclosure. Accordingly, the security awareness training sessions will focus on helping employees understand their security-related responsibilities and providing practical strategies for safeguarding systems and data.
National Cyber Alert System
Aug. 08, 2006 Technical Cyber Security Alert TA06-220A Microsoft Windows, Office, and Internet Explorer Vulnerabilities Source: US-CERT Systems Affected: * Microsoft Windows * Microsoft Office (Windows and Mac) * Microsoft Internet Explorer Overview Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Office, and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Note that one of the updates released today addresses a critical vulnerability in the Microsoft Server Service (MS06-040). We have received reports that this vulnerability is actively being exploited. The most recent version of this document can be found at: http://www.us-cert.gov/cas/techalerts/TA06-220A.html Click HERE for more important info.
Security Awareness Training
The security awareness training slides and talking points offered are now available online. Please click on the links below to view. The Slide Show requires a Powerpoint viewer. If you do not have powerpoint installed, click here to download a viewer. Security Awareness Training Slide Show Security Awareness Training Handout
Worries increase over WMF flaw
01-02-2006 The New Year has brought a new exploit for the Windows Meta File flaw and more attacks. Many security experts believe that the situation poses such a danger that they have recommended that users install an unofficial patch. The flaw occurs in Microsoft Windows' Graphics Rendering Engine. A specially crafted image file can take advantage of the flaw to compromise a Windows system that opens the image. Applications that use the vulnerable Windows operating system code include Internet Explorer, Windows Explorer, and the image viewing capability of Lotus Notes. Viewing a maliciously created image in those applications will run any embedded code. In a blog entry, a member of the Microsoft Security Response Center said that the team is investigating solutions for the security issue. http://www.securityfocus.com/brief/92
SANS Flash Report
25 January, 2006 SANS Internet Storm Center has found that more than 500,000 personal computers have been infected by the 'Grew' worm (it goes by a number of different names, e.g. 'Nyxem'). On February 3rd, it will delete all documents (Word, Excel and a number of others). Make sure your mom and your kids (and everyone else who may call you when they lose data) to update their AV signatures and run a full scan. "Update now or all your files may get lost." A special Storm Center website on the problem: http://isc.sans.org/blackworm This site will be updated, more information is discovered.
Browser Security Tip:
12-02-2005 Any time you access information that requires verification via a username and password, you should always receive a prompt that requires you to enter this information. Most Web browsers have the capability to store login name and passwords locally for easy access to information you have authorization to view. While this feature can save time it is a potential security threat to your data. Setting your Web browser to not save this login information is a good security practice that all users should perform. Also, clearing your browser cache should be performed by anyone who uses a browser to access confidential data. The following steps outline the procedures users should perform to turn off the password caching utility and the steps necessary to clear their browser cache. To disable the password caching feature visit the following link: Configuring Browser Password security
What is Phishing and Pharming
Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials. Social-engineering schemes use 'spoofed' e-mails to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers. Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond. Technical subterfuge schemes plant crimewareonto PCs to steal credentials directly, often using Trojan keylogger spywarePharming crimeware misdirects users to fraudulent sites or proxy servers, typically through DNS hijacking or poisoning. Anti-Phishing Work Group Web Site
Increase Your Browsing and E-Mail Safety
Malicious hackers and virus writers can take advantage of low security settings in your e-mail and Web browsing software to infect your computer. They can do this by sending you a malicious e-mail message or by enticing you to visit a malicious Web site. By increasing your security settings in Microsoft Internet Explorer, Microsoft Outlook, and Microsoft Outlook Express, you can help limit your chances of being attacked. There are four things you can do right now to increase your security.