[10230] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, June 17, 2014
daemon@ATHENA.MIT.EDU (Monique Buchanan)
Tue Jun 17 08:48:16 2014
Resent-From: ist-security-fyi@MIT.EDU
From: Monique Buchanan <myeaton@MIT.EDU>
To: ist-security-fyi <ist-security-fyi@MIT.EDU>
Date: Tue, 17 Jun 2014 12:46:27 +0000
Message-ID: <D23D5F74-FC80-422E-BB77-E3D010B44E08@mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0778688164=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============0778688164==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_D23D5F74FC80422EBB77E3D010B44E08mitedu_"
--_000_D23D5F74FC80422EBB77E3D010B44E08mitedu_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. IT Partners Conference Security Topics
2. Laptop Tagging & Registration Today
3. GameOver Zeus P2P Malware
-------------------------------------------------------
1. IT Partners Conference Security Topics
-------------------------------------------------------
Come join us today, Tuesday, June 17, at the IT Partners Conference in Stat=
a. The security topics this year are:
* Security Operations: How Can We Help You? This has been a year of cha=
nge for the Security Operations group. We invite you to come meet the new m=
embers of the team, talk about new initiatives and services and provide fee=
dback on community wants and needs from a security perspective.
* FileMaker Server and Security Reconnaissance, Recommendations, Rumina=
tions In the first half of this session we will address questions of FileMa=
ker and the greatest security risks associated with its usage on campus. =
In the second half of the session, we will talk about some of the post Hear=
tbleed Bug heartache we've experienced trying to set up a stable FileMaker =
13 Server. If you manage a FileMaker server and/or support users of stand-=
alone FileMaker files, we invite you to come learn from our own trials and =
tribulations.
* Emergency Communications The presentation will cover various aspects =
of emergency preparedness including violent intruder protective actions, em=
ergency evacuation/accountability, and continuity of operations. We will al=
so provide an overview of the emergency management structure at MIT.
* Quick Steps to Security Don=92t wait! In this session we will guide y=
ou through implementing some of the quick things you can do to be more secu=
re right now. You will leave having the tools and instructions you need to =
get going on these today.
* Operations & Infrastructure Projects This talk will cover the Operati=
ons & Infrastructure projects and services for the upcoming fiscal year in =
the networking, systems administration and security areas. Additional topi=
cs include: the overall effort to move IS&T towards a platform-based servic=
e delivery model; upcoming summer pilot projects; and experiments in the pl=
atform area for Operations & Infrastructure.
See more information on the IT Partners Conference<http://kb.mit.edu/conflu=
ence/x/jmAYCQ>.
-----------------------------------------------------
2. Laptop Tagging & Registration Today
-----------------------------------------------------
Where: In Stata, student street
When: Tuesday, June 17 (today) from 11:00 am - 1:00 pm
Cost: $10 cash (no cards) or MIT Cash Object
Bring your laptop to Stata today to get it tagged and registered. Just as y=
ou might register a bike with the police, you can also register your laptop=
. Information Systems & Technology partners with MIT Police to provide STOP=
(Security Tracking of Office Property) tags for laptops. The tag is affixe=
d to the device, has a unique number, and is registered with a world-wide d=
atabase.
Sgt. Cheryl Vossmer of the MIT Police says that although a STOP tag is not =
software that can track a device via GPS or other means, it has been very e=
ffective at providing a way for lost or stolen laptops to be returned to th=
eir rightful owners.
Read laptop recovery stories here<https://www.stoptheft.com/>.
Learn more about laptop registration at MIT<http://kb.mit.edu/confluence/di=
splay/istcontrib/MIT+Police+Laptop+Tagging+and+Registration>.
--------------------------------------------
3. GameOver Zeus P2P Malware
--------------------------------------------
GameOver Zeus (GOZ), a peer-to-peer variant of the Zeus family of bank cred=
ential-stealing malware identified in September 2011=AD, uses a decentraliz=
ed network infrastructure of compromised personal computers and web servers=
to execute command-and-control.
The malware was used by criminals to infect victims with ransomware such as=
Cryptolocker<http://nakedsecurity.sophos.com/2013/10/18/cryptolocker-ranso=
mware-see-how-it-works-learn-about-prevention-cleanup-and-recovery/>. Altho=
ugh the government has taken control of GameOver=92s servers, preventing fu=
rther infection of Cryptolocker, there are many, perhaps hundreds of thousa=
nds of computers still infected.
Systems at risk:
* Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
* Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012
The US government recently released this technical advisory<https://www.us-=
cert.gov/ncas/alerts/TA14-150A> on GOZ to provide further information. A sy=
stem infected with GOZ may be employed to send spam, participate in DDoS at=
tacks, and harvest users' credentials for online services, including bankin=
g services.
One of the solutions provided in the advisory is to use and maintain anti-v=
irus software. The software supplied by Information Systems & Technology at=
MIT, Sophos Anti-Virus<http://ist.mit.edu/sophos>, protects against this m=
alware. To clean up a computer already infected, Sophos also offers a separ=
ate, free Virus Removal Tool<http://www.sophos.com/en-us/products/free-tool=
s/virus-removal-tool.aspx>.
Read more at Sophos online<http://blogs.sophos.com/2014/06/02/heres-how-you=
-can-help-stop-gameoverzeus-and-cryptolocker/>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Read all archived Security FYI Newsletter articles and submit comments onli=
ne at http://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Monique Buchanan
IT Security Communications Coordinator
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715
--_000_D23D5F74FC80422EBB77E3D010B44E08mitedu_
Content-Type: text/html; charset="Windows-1252"
Content-ID: <A426FE822FF4964ABF359130ED8B5E80@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space;">
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;">In this i=
ssue:</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">1. IT Partners Conference S=
ecurity Topics</div>
<div style=3D"margin: 0px; font-family: Arial;">2. Laptop Tagging & Reg=
istration Today</div>
<div style=3D"margin: 0px; font-family: Arial;">3. GameOver Zeus P2P Malwar=
e</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
----------------------------</div>
<div style=3D"margin: 0px; font-family: Arial;">1. IT Partners Conference S=
ecurity Topics</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
----------------------------</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<p style=3D"margin: 0px 0px 12px; font-family: Arial;">Come join us today, =
Tuesday, June 17, at the IT Partners Conference in Stata. The security topi=
cs this year are:</p>
<ul>
<li style=3D"margin: 0px 0px 12px; font-family: Arial;"><b>Security Operati=
ons: How Can We Help You?</b> This has been a year of change for the Securi=
ty Operations group. We invite you to come meet the new members of the team=
, talk about new initiatives and services
and provide feedback on community wants and needs from a security perspect=
ive. </li><li style=3D"margin: 0px 0px 12px; font-family: Arial;"><b>FileMa=
ker Server and Security Reconnaissance, Recommendations, Ruminations</b> In=
the first half of this session we will address questions of FileMaker and =
the greatest security risks associated with
its usage on campus. In the second half of the session, we wil=
l talk about some of the post Heartbleed Bug heartache we've experienced tr=
ying to set up a stable FileMaker 13 Server. If you manage a FileMake=
r server and/or support users of stand-alone FileMaker
files, we invite you to come learn from our own trials and tribulations. <=
/li><li style=3D"margin: 0px 0px 12px; font-family: Arial;"><b>Emergency Co=
mmunications</b> The presentation will cover various aspects of emergency p=
reparedness including violent intruder protective actions, emergency evacua=
tion/accountability, and continuity of
operations. We will also provide an overview of the emergency management s=
tructure at MIT.
</li><li style=3D"margin: 0px 0px 12px; font-family: Arial;"><b>Quick Steps=
to Security</b> Don=92t wait! In this session we will guide you through im=
plementing some of the quick things you can do to be more secure right now.=
You will leave having the tools and instructions
you need to get going on these today. </li><li style=3D"margin: 0px 0px 12=
px; font-family: Arial;"><b>Operations & Infrastructure Projects</b> Th=
is talk will cover the Operations & Infrastructure projects and service=
s for the upcoming fiscal year in the networking, systems administration an=
d security
areas. Additional topics include: the overall effort to move IS&=
T towards a platform-based service delivery model; upcoming summer pilot pr=
ojects; and experiments in the platform area for Operations & Infrastru=
cture.
</li></ul>
<p style=3D"margin: 0px 0px 12px; font-family: Arial;"><a href=3D"http://kb=
.mit.edu/confluence/x/jmAYCQ">See more information on the IT Partners Confe=
rence</a>.</p>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
--------------------------</div>
<div style=3D"margin: 0px; font-family: Arial;">2. Laptop Tagging & Reg=
istration Today</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
--------------------------</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Where: In Stata, student st=
reet</div>
<div style=3D"margin: 0px; font-family: Arial;">When: Tuesday, June 17 (tod=
ay) from 11:00 am - 1:00 pm</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Cost: $10 cash (no cards) o=
r MIT Cash Object</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Bring your laptop to Stata =
today to get it tagged and registered. Just as you might register a bike wi=
th the police, you can also register your laptop. Information Systems &=
Technology partners with MIT Police to
provide STOP (Security Tracking of Office Property) tags for laptops. The =
tag is affixed to the device, has a unique number, and is registered with a=
world-wide database.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Sgt. Cheryl Vossmer of the =
MIT Police says that although a STOP tag is not software that can track a d=
evice via GPS or other means, it has been very effective at providing a way=
for lost or stolen laptops to be
returned to their rightful owners.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Read <a href=3D"https://www=
.stoptheft.com/">
laptop recovery stories here</a>.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;"><a href=3D"http://kb.mit.ed=
u/confluence/display/istcontrib/MIT+Police+Laptop+Tagging+a=
nd+Registration">Learn more about laptop registration at MIT</a>.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
-----------------</div>
<div style=3D"margin: 0px; font-family: Arial;">3. GameOver Zeus P2P Malwar=
e</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
-----------------</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">GameOver Zeus (GOZ), a peer=
-to-peer variant of the Zeus family of bank credential-stealing malware ide=
ntified in September 2011=AD, uses a decentralized network infrastructure o=
f compromised personal computers and
web servers to execute command-and-control. </div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">The malware was used by cri=
minals to infect victims with ransomware such as
<a href=3D"http://nakedsecurity.sophos.com/2013/10/18/cryptolocker-ransomwa=
re-see-how-it-works-learn-about-prevention-cleanup-and-recovery/">
Cryptolocker</a>. Although the government has taken control of GameOver=92s=
servers, preventing further infection of Cryptolocker, there are many, per=
haps hundreds of thousands of computers still infected.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Systems at risk:</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<ul>
<li style=3D"margin: 0px; font-family: Arial;">Microsoft Windows 95, 98, Me=
, 2000, XP, Vista, 7, and 8
</li><li style=3D"margin: 0px; font-family: Arial;">Microsoft Server 2003, =
Server 2008, Server 2008 R2, and Server 2012
</li></ul>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">The US government recently =
released
<a href=3D"https://www.us-cert.gov/ncas/alerts/TA14-150A">this technical ad=
visory</a> on GOZ to provide further information. A system infected with GO=
Z may be employed to send spam, participate in DDoS attacks, and harvest us=
ers' credentials for online services,
including banking services. </div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">One of the solutions provid=
ed in the advisory is to use and maintain anti-virus software. The software=
supplied by Information Systems & Technology at MIT,
<a href=3D"http://ist.mit.edu/sophos">Sophos Anti-Virus</a>, protects again=
st this malware. To clean up a computer already infected, Sophos also offer=
s a separate,
<a href=3D"http://www.sophos.com/en-us/products/free-tools/virus-removal-to=
ol.aspx">
free Virus Removal Tool</a>. </div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;"><a href=3D"http://blogs.sop=
hos.com/2014/06/02/heres-how-you-can-help-stop-gameoverzeus-and-cryptolocke=
r/">Read more at Sophos online</a>.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Read all archived Secur=
ity FYI Newsletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"color: rgb(4, =
46, 238);">http://securityfyi.wordpress.com/</span></a>.</div>
<div style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</div>
<div apple-content-edited=3D"true">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<br>
Monique Buchanan<br>
IT Security Communications Coordinator<br>
Information Systems & Technology (IS&T)<br>
Massachusetts Institute of Technology<br>
<a href=3D"http://ist.mit.edu/secure">http://ist.mit.edu/secure</a><br>
tel: 617.253.2715<br>
<br>
<br>
</div>
</div>
</div>
</div>
<br>
</body>
</html>
--_000_D23D5F74FC80422EBB77E3D010B44E08mitedu_--
--===============0778688164==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0778688164==--
