Friday, July 31, 2009

Security Updates Available for Adobe Flash Player

On July 30, 2009 Adobe released a Security advisory called Security updates available for Adobe Flash Player that announced the availability of an update to their Flash Player 10 software. The advisory states in part:

Summary
Critical vulnerabilities have been identified in the current versions of Adobe Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

Affected software versions
Adobe Flash Player 9.0.159.0 and 10.0.22.87 and earlier 9.x and 10.x versions

Severity rating
Adobe categorizes these as
critical issues and recommends affected users patch their installations.

Action Required: Ag IT recommends that you update the Adobe Flash Player on your Enterprise machine to mitigate the effects of malicious SWF (Shockwave Flash) files that you might view in your web browser.

For steps, see our How To Install Updates to Adobe Flash Player, http://it.cas.psu.edu/1590.htm.

Note: If you use multiple browsers, perform the check for each browser you have installed on your computer.

Thursday, July 23, 2009

ITS updates Adobe Connect server - Action Required

Attention: Adobe Connect users – Action Required

This morning (Thursday, July 23, 2009) Penn State’s ITS installed the Adobe Connect Pro 7 Service Pack 3.

Along with this SP3 install, there is an updated add-in (version 9.1.314.0) which addresses VOIP and Audio enhancements listed below.
We encourage users to download this latest add-in by doing these steps:

• Go to the Adobe Connect Community Check List at http://meeting.psu.edu/checklist
• Run the "test your computer and Internet connection" option by clicking on the link listed in Step 3
• Click Yes if you receive a Security Warning

Issues resolved with Service Pack 3

Meeting Rooms:
[0127905] Meeting: The first item in the Q&A Pod list is selected by default now which does not make it appear as though longer questions cannot be displayed in full anymore. All selected question text shows in the details panel. In the case in which a very long question is asked and therefore truncated in the preview pane, all text will be visible in the details pane. This capability is now more discoverable by the user.

[2302406] Meeting: The same presentation (PPT or PPTX) can now be loaded into two share
pods in the same meeting at the same time without causing any intermittent upload errors.

[1920524] Meeting, Mac only: Sharing Full Screen on certain Mac versions, in certain Safari and Firefox browsers caused user to be ejected from the meeting room, and browser to crash. This issue has been resolved.

[1920869] Meeting, Recording: Recording playback sometimes shows black or gray screen when paused or seeking. This issue now has been resolved.

[1922961/1880973] Meeting, Recording: Recordings now play the events that occurred within the meeting, as they occurred, including changes in layouts.

[1913089] Meeting, Recording: Recordings now do not show a black screen or cut out
Intermittently.

[1910223] Meeting, Recording: Forced Recordings do start now when enabled and applied to systems with specific license keys. They are now working properly with valid license keys.

[1913261] Meeting, Whiteboard/Recording: Playback scale adjustments have been applied
to recording so that all whiteboard content is displayed now even when using certain screen resolutions.

[1930490] Meeting, Poll Pod: A scroll bar is displayed in the meeting poll pod so that all options are now visible to the user even when many options are provided in Poll questions.

Wednesday, July 22, 2009

Adobe Presenter updates available

There are currently 2 important updates to Adobe Presenter Version 7.0. They include audio enhancements and fixes, better performance with PowerPoint .pptx files and quizzing features.

Action Required for Adobe Presenter v7 users:
To properly install the updates they must be installed in the correct order. First install the Adobe Presenter 7.0.1 update, then the Adobe Presenter 7.0.2 update. Licensed Adobe Presenter users can install the updates from the following URL.
http://tinyurl.com/PresenterUpdate

If you are in a county office with a server, check out this path to install from your server.
Computer Resources > IT Camp Software > Adobe Presenter folder
- Double-click adobe_presenter_patch_v701.exe to install the first update
- Double-click adobe_presenter_patch_v702.exe to install the next update

Use the following links to review a full description of each update.
Important issues resolved in Adobe Presenter 7.0.1 update
http://kb2.adobe.com/cps/404/kb404919.html

Important issues resolved in Adobe Presenter 7.0.2 update
http://kb2.adobe.com/cps/407/kb407169.html

Friday, July 10, 2009

Phishing Attempts Aimed at Penn State Faculty and Staff

Faculty and staff are reminded that the college and university will *NEVER* request account/password information via E-mail.

You should never reply to a message asking for account information, nor should you ever click a link from a message that asks for account information. Penn State and the College of Ag Sciences will never ask for your account/password in this method.

If you receive messages of this type, simply delete the message.
Normally, Ag IT will not send alerts warning employees of individual phishing scams. These scams are too numerous to regularly keep on top of, so please remember legitimate entities do not request information in this manner.

However, in the past week we have seen new examples of phishing aimed at our employees. We are taking this opportunity to refresh in everyone's mind that these messages should be deleted if they make it past the college and university's spam filters.

Sample 1 below is a general attempt to have you click on the link. In this case, the link doesn't appear to show you a form. Instead the page attempts to download and install malware on your computer. If you receive messages of this type, simply delete the message.

Sample 1

Subject: Your Webmail Quota Has Exceeded The Set Quota/Limit

Your Webmail Quota Has Exceeded The Set Quota/Limit Which Is 20GB.
You Are Currently Running On 23GB Due To Hidden Files And Folder On Your Mailbox.

Please Click the Link Below To Validate Your Mailbox And Increase Your Quota.

w w w.jotform.com/form/9999999999
[number changed and link removed]
Failure To Click This Link And Validate Your Quota May Result In Loss Of Important Information In Your Mailbox/Or Cause Limited Access To It.

Sample 2 below is an example of a "spear-phishing" message. These messages are attacks aimed directly at a company, government agency, organization, or group. Spear phishers send E-mail that appear genuine to all the employees or members of these groups

You can read the sample E-mail below. It is a well crafted note! We've removed the actual link below. But if you were to receive an E-mail like this, you can hover (hold the mouse over the link without clicking) to see the destination address.

In the actual E-mail the address started with "http://psu.edu" but then added "ec-uk.org" as the actual destination. This will usually confirm what you knew anyway. So, simply delete the message.

Sample 2

From: PSU Help Desk [mailto:it_dept@psu.edu]
Subject: Mandatory Security Update: July 2009

The Pennsylvania State UniversityInformation Technology ServicesThe ITS Help Desk

URGENT SECURITY UPDATE - JULY 2009

Due to the recent increase in spam emails, we have upgraded to an advanced server for your premium security to prevent spam from getting to your inbox. As a result of this, it is important that you login to your email using the link below, to make sure that your account information is up-to-date.

Click Here to Protect Your Account [link removed]

This email has been sent to all PSU Webmail users and it is mandatory to follow.

Thank you for your cooperation.

IT DepartmentCopyright © 2009 The Pennsylvania State University


Sample 2 Image

If you had clicked the link, you would be taken to a page that mimicked the real Penn State WebAccess login window. But again, the actual address is fake.



The ITS Alerts site has a listing of E-mail (spam, phishing) alerts which gives you an idea of how prevalent these activities are.