[10227] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, May 19, 2014
daemon@ATHENA.MIT.EDU (Monique Buchanan)
Mon May 19 14:51:49 2014
Resent-From: ist-security-fyi@MIT.EDU
From: Monique Buchanan <myeaton@MIT.EDU>
To: ist-security-fyi <ist-security-fyi@MIT.EDU>
Date: Mon, 19 May 2014 18:50:27 +0000
Message-ID: <297FC18E-2C77-4A9A-A13B-541B3D7A814D@mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0588748551=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============0588748551==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_297FC18E2C774A9AA13B541B3D7A814Dmitedu_"
--_000_297FC18E2C774A9AA13B541B3D7A814Dmitedu_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Increase in Spam Attacks at MIT this Weekend
2. Who=92s Still Vulnerable to Heartbleed?
3. US Retailers Launch Cyber Intelligence Sharing Center
------------------------------------------------------------------
1. Increase in Spam Attacks at MIT this Weekend
------------------------------------------------------------------
Over the weekend, two MIT Kerberos accounts were compromised, leading to a =
spike in spam<http://ist.mit.edu/security/spam_phishing> in our email inbox=
es. The emails were not sent by anyone at MIT, but were sent using the comp=
romised users=92 accounts, to make it look like they came from MIT.
When spam comes from a compromised email account at MIT, the spam filters a=
t MIT are less likely to block them than if they come from an account outsi=
de of MIT. The only action MIT can take is to notify the user and temporari=
ly suspend the account, preventing it from sending further emails. The user=
must change their account password before it is reactivated by MIT.
To prevent your MIT account from compromise, it is important to have a stro=
ng password<http://kb.mit.edu/confluence/x/3wNt> and to protect it appropri=
ately<http://ist.mit.edu/security/passwords>. Do not use your Kerberos pass=
word for other accounts. Do not use your password on an insecure network. W=
hen off-campus, be sure to use an encrypted wireless network or use VPN<htt=
p://ist.mit.edu/security/connections>.
-----------------------------------------------------
2. Who=92s Still Vulnerable to Heartbleed?
-----------------------------------------------------
Is the Internet safer since the discovery of Heartbleed? To an extent.
Many websites responded promptly to the bug by patching OpenSSL, replacing =
their SSL certificates and revoking the old certificates. However, 7% of th=
ese sites made a mistake: they reissued certificates without changing the e=
ncryption key that may have been leaked via Heartbleed.
It is critical to keep the private keys of certificates secret. If an attac=
ker steals the private key, he can impersonate the secure website, decrypt =
sensitive information, or perform a man-in-the-middle attack. By reusing th=
e same private key, a site that was affected by Heartbleed still faces exac=
tly the same risks as those who have not yet replaced their SSL certificate=
s.
So, it is STILL VERY IMPORTANT to check first before visiting sites to see =
if they remain affected by Heartbleed. You can check these sites by using s=
everal online tools, including:
* https://filippo.io/Heartbleed/
* https://lastpass.com/heartbleed/
* https://www.ssllabs.com/ssltest/
Read the full story in the news<http://news.netcraft.com/archives/2014/05/0=
9/keys-left-unchanged-in-many-heartbleed-replacement-certificates.html>.
---------------------------------------------------------------------------=
--
3. US Retailers Launch Cyber Intelligence Sharing Center
---------------------------------------------------------------------------=
--
Major US retailers have come together to launch the Retail Cyber Intelligen=
ce Sharing Center (R-CISC) in an effort to prevent incidents like the Targe=
t attack. The organization, which counts among its members Target, The Gap,=
Walgreens, and J.C. Penney, will share real-time threat information with e=
ach other and with US agencies, including the Secret Service, the FBI, and =
the Department of Homeland Security (DHS), as well as with other public and=
private stakeholders.
R-CISC will provide training, education, and research resources to its memb=
ers to help fight =93increasingly sophisticated methods of attack.=94
Read the full story in the news<http://www.scmagazine.com/retailers-join-fo=
rces-to-share-threat-intelligence/article/347215/>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Read all archived Security FYI Newsletter articles and submit comments onli=
ne at http://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Monique Buchanan
IT Security Communications Coordinator
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715
--_000_297FC18E2C774A9AA13B541B3D7A814Dmitedu_
Content-Type: text/html; charset="Windows-1252"
Content-ID: <F3B3FB4C77BE1E4695E5C69FFEB1F462@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space;">
<div style=3D"margin: 0px; font-family: Arial;">In this issue:</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">1. Increase in Spam Attacks=
at MIT this Weekend</div>
<div style=3D"margin: 0px; font-family: Arial;">2. Who=92s Still Vulnerable=
to Heartbleed?</div>
<div style=3D"margin: 0px; font-family: Arial;">3. US Retailers Launch Cybe=
r Intelligence Sharing Center </div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
---------------------------------------</div>
<div style=3D"margin: 0px; font-family: Arial;">1. Increase in Spam Attacks=
at MIT this Weekend</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
---------------------------------------</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Over the weekend, two MIT K=
erberos accounts were compromised, leading to a spike in
<a href=3D"http://ist.mit.edu/security/spam_phishing">spam</a> in our email=
inboxes. The emails were not sent by anyone at MIT, but were sent using th=
e compromised users=92 accounts, to make it look like they came from MIT.</=
div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">When spam comes from a comp=
romised email account at MIT, the spam filters at MIT are less likely to bl=
ock them than if they come from an account outside of MIT. The only action =
MIT can take is to notify the user
and temporarily suspend the account, preventing it from sending further em=
ails. The user must change their account password before it is reactivated =
by MIT.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">To prevent your MIT account=
from compromise, it is important to have a
<a href=3D"http://kb.mit.edu/confluence/x/3wNt">strong password</a> and to =
<a href=3D"http://ist.mit.edu/security/passwords">
protect it appropriately</a>. Do not use your Kerberos password for other a=
ccounts. Do not use your password on an insecure network. When off-campus, =
be sure to use an encrypted wireless network or use
<a href=3D"http://ist.mit.edu/security/connections">VPN</a>.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
--------------------------</div>
<div style=3D"margin: 0px; font-family: Arial;">2. Who=92s Still Vulnerable=
to Heartbleed?</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
--------------------------</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Is the Internet safer since=
the discovery of Heartbleed? To an extent. </div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Many websites responded pro=
mptly to the bug by patching OpenSSL, replacing their SSL certificates and =
revoking the old certificates. However, 7% of these sites made a mistake: t=
hey reissued certificates without
changing the encryption key that may have been leaked via Heartbleed.</div=
>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">It is critical to keep the =
private keys of certificates secret. If an attacker steals the private key,=
he can impersonate the secure website, decrypt sensitive information, or p=
erform a man-in-the-middle attack.
By reusing the same private key, a site that was affected by Heartbleed st=
ill faces exactly the same risks as those who have not yet replaced their S=
SL certificates. </div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">So, it is STILL VERY IMPORT=
ANT to check first before visiting sites to see if they remain affected by =
Heartbleed. You can check these sites by using several online tools, includ=
ing:</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<ul>
<li style=3D"margin: 0px; font-family: Arial;"><a href=3D"https://filippo.i=
o/Heartbleed/">https://filippo.io/Heartbleed/</a>
</li><li style=3D"margin: 0px; font-family: Arial;"><a href=3D"https://last=
pass.com/heartbleed/">https://lastpass.com/heartbleed/</a>
</li><li style=3D"margin: 0px; font-family: Arial;"><a href=3D"https://www.=
ssllabs.com/ssltest/">https://www.ssllabs.com/ssltest/</a>
</li></ul>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><a href=
=3D"http://news.netcraft.com/archives/2014/05/09/keys-left-unchanged-in-man=
y-heartbleed-replacement-certificates.html">Read the full story in the news=
</a>.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
--------------------------------------------------</div>
<div style=3D"margin: 0px; font-family: Arial;">3. US Retailers Launch Cybe=
r Intelligence Sharing Center </div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
--------------------------------------------------</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Major US retailers have com=
e together to launch the Retail Cyber Intelligence Sharing Center (R-CISC) =
in an effort to prevent incidents like the Target attack. The organization,=
which counts among its members Target,
The Gap, Walgreens, and J.C. Penney, will share real-time threat informati=
on with each other and with US agencies, including the Secret Service, the =
FBI, and the Department of Homeland Security (DHS), as well as with other p=
ublic and private stakeholders. </div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">R-CISC will provide trainin=
g, education, and research resources to its members to help fight =93increa=
singly sophisticated methods of attack.=94</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;"><a href=3D"http://www.scmag=
azine.com/retailers-join-forces-to-share-threat-intelligence/article/347215=
/">Read the full story in the news</a>.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Read all archived Secur=
ity FYI Newsletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"color: rgb(4, =
46, 238);">http://securityfyi.wordpress.com/</span></a>.</div>
<div style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</div>
<div apple-content-edited=3D"true">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<br>
Monique Buchanan<br>
IT Security Communications Coordinator<br>
Information Systems & Technology (IS&T)<br>
Massachusetts Institute of Technology<br>
<a href=3D"http://ist.mit.edu/secure">http://ist.mit.edu/secure</a><br>
tel: 617.253.2715<br>
<br>
<br>
</div>
</div>
</div>
</div>
<br>
</body>
</html>
--_000_297FC18E2C774A9AA13B541B3D7A814Dmitedu_--
--===============0588748551==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0588748551==--
