[10231] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, June 23, 2014
daemon@ATHENA.MIT.EDU (Monique Buchanan)
Tue Jun 24 07:09:54 2014
Resent-From: ist-security-fyi@mit.edu
From: Monique Buchanan <myeaton@mit.edu>
To: ist-security-fyi <ist-security-fyi@mit.edu>
Date: Tue, 24 Jun 2014 11:08:51 +0000
Message-ID: <FCC7F17A-90B5-45D1-9997-AFAA7FCAD226@mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0850282501=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============0850282501==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_FCC7F17A90B545D19997AFAA7FCAD226mitedu_"
--_000_FCC7F17A90B545D19997AFAA7FCAD226mitedu_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. WEBCAST: Authentication Security and Why It Matters
2. Secret Keys Stashed in Google Play Apps
3. Ten Ideas for Improving Cyber Security
4. Security SIG=92s First Lunch Meeting, July 16th
---------------------------------------------------------------------------=
--
1. WEBCAST: Authentication Security and Why It Matters
---------------------------------------------------------------------------=
--
Join a free webcast provided by SANS.org<http://SANS.org> this Tuesday.
What: Looking Beyond Layers: Why Authentication Security Matters Most
When: Tuesday, June 24 at 12:30 PM EDT
Featuring: Dave Shackelford and Brian Kelly
https://www.sans.org/webcasts/layers-authentication-security-matters-98480
Sponsored By: Duo Security https://www.duosecurity.com/
Description: Traditional, "tried-and-true" security wisdom tells us that to=
ugh perimeter controls, defense-in-depth, threat intelligence feeds, and al=
l manner of security point products are the solutions to all our problems. =
However, as we've seen time and time again, breaches still happen, credenti=
als still get lifted, and chaos ensues. Yet there's still hope -- authentic=
ation security is a viable avenue for making a huge impact against an attac=
ker's sphere of influence and lateral movement capabilities.
Presenters will highlight some examples where two-factor authentication pro=
vided the key defense for disrupting attacks.
Duo Security is a vendor that IS&T is considering working with for two-fact=
or authentication. If you miss this webcast, it will be archived on the SAN=
S website here<https://www.sans.org/webcasts/archive/2014>.
See additional upcoming webcasts from SANS<https://www.sans.org/webcasts/up=
coming>.
-----------------------------------------------------------
2. Secret Keys Stashed in Google Play Apps
-----------------------------------------------------------
Researchers at Columbia University have found that many Android app develop=
ers hide secret authentication keys in their code. The keys could be used t=
o access private cloud accounts or social media profiles.
Read the story in the news.<http://arstechnica.com/security/2014/06/secret-=
keys-stashed-in-google-play-apps-pose-risk-to-android-users-developers/>
-------------------------------------------------------
3. Ten Ideas for Improving Cyber Security
-------------------------------------------------------
Forbes asked ten cyber experts' best ideas for thwarting digital security t=
hreats include changing the way we think about security and being proactive=
about protecting sensitive data; encouraging transparency from cloud servi=
ces about data handling; making better use of encryption; developing system=
s that present smaller attack surfaces; developing a new secure network for=
critical infrastructure; and establishing privacy and data security regula=
tion and enforcement for companies. Most acknowledged that there are no eas=
y and quick fixes.
Read the story in the news<http://www.forbes.com/sites/kashmirhill/2014/06/=
18/10-ways-to-fix-cybersecurity/>.
---------------------------------------------------------------
4. Security SIG=92s First Lunch Meeting, July 16th
----------------------------------------------------------------
Security SIG is holding its first luncheon on Wednesday, July 16th, 12:00 -=
1:00 pm. If you haven=92t yet signed up for Security SIG<https://mailman.m=
it.edu:444/mailman/listinfo/security_sig>, please do so.
Main topic: "The Biggest Threats to Security Today.=94 If you have any sugg=
estions on what to cover for this topic, please let us know.
Lunch will be provided.
Location to be determined.
We got a great response rate (30% of the list) for the poll, so thanks to t=
hose who replied. Some of you also offered additional topics you=B9re inter=
ested in, which is great to know for future events.
We need to still book a room, so stay tuned. Because we are serving lunch w=
e will need you to RSVP. Please send your attendance confirmation to me, at=
myeaton@mit.edu<https://owa.exchange.mit.edu/owa/redir.aspx?C=3DwYhOL6XkkE=
CJ0obiudR8BMpYm3vWYtEIixtMz7SxvupOHbZQb3xmBbC7tj5ze56wA8HGf75Qr5o.&URL=3Dma=
ilto%3amyeaton%40mit.edu>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Read all archived Security FYI Newsletter articles and submit comments onli=
ne at http://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Monique Buchanan
IT Security Communications Coordinator
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715
--_000_FCC7F17A90B545D19997AFAA7FCAD226mitedu_
Content-Type: text/html; charset="Windows-1252"
Content-ID: <9F5F138C8E64D44BBD32B71DD963B8F9@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space;">
<div style=3D"margin: 0px; font-family: Arial;">In this issue:</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">1. WEBCAST: Authentication =
Security and Why It Matters</div>
<div style=3D"margin: 0px; font-family: Arial;">2. Secret Keys Stashed in G=
oogle Play Apps</div>
<div style=3D"margin: 0px; font-family: Arial;">3. Ten Ideas for Improving =
Cyber Security</div>
<div style=3D"margin: 0px; font-family: Arial;">4. Security SIG=92s First L=
unch Meeting, July 16th</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
--------------------------------------------------</div>
<div style=3D"margin: 0px; font-family: Arial;">1. WEBCAST: Authentication =
Security and Why It Matters</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
--------------------------------------------------</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Join a free webcast provide=
d by <a href=3D"http://SANS.org">
SANS.org</a> this Tuesday.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">What: Looking Beyond Layers=
: Why Authentication Security Matters Most</div>
<div style=3D"margin: 0px; font-family: Arial;">When: Tuesday, June 24 at 1=
2:30 PM EDT </div>
<div style=3D"margin: 0px; font-family: Arial;">Featuring: Dave Shackelford=
and Brian Kelly</div>
<div style=3D"margin: 0px; font-family: Arial; color: rgb(71, 135, 255);"><=
span style=3D"text-decoration: underline"><a href=3D"https://www.sans.org/w=
ebcasts/layers-authentication-security-matters-98480">https://www.sans.org/=
webcasts/layers-authentication-security-matters-98480</a></span></div>
<div style=3D"margin: 0px; font-family: Arial;">Sponsored By: Duo Security =
<a href=3D"https://www.duosecurity.com/">
https://www.duosecurity.com/</a> </div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Description: Traditional, &=
quot;tried-and-true" security wisdom tells us that tough perimeter con=
trols, defense-in-depth, threat intelligence feeds, and all manner of secur=
ity point products are the solutions to all
our problems. However, as we've seen time and time again, breaches still h=
appen, credentials still get lifted, and chaos ensues. Yet there's still ho=
pe -- authentication security is a viable avenue for making a huge impact a=
gainst an attacker's sphere of influence
and lateral movement capabilities.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Presenters will highlight s=
ome examples where two-factor authentication provided the key defense for d=
isrupting attacks.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Duo Security is a vendor th=
at IS&T is considering working with for two-factor authentication. If y=
ou miss this webcast, it will be archived on the SANS website
<a href=3D"https://www.sans.org/webcasts/archive/2014">here</a>.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;"><a href=3D"https://www.sans=
.org/webcasts/upcoming">See additional upcoming webcasts from SANS</a>.</di=
v>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
--------------------------------</div>
<div style=3D"margin: 0px; font-family: Arial;">2. Secret Keys Stashed in G=
oogle Play Apps</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
--------------------------------</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Researchers at Columbia Uni=
versity have found that many Android app developers hide secret authenticat=
ion keys in their code. The keys could be used to access private cloud acco=
unts or social media profiles.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;"><a href=3D"http://arstechni=
ca.com/security/2014/06/secret-keys-stashed-in-google-play-apps-pose-risk-t=
o-android-users-developers/">Read the story in the news.</a></div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
----------------------------</div>
<div style=3D"margin: 0px; font-family: Arial;">3. Ten Ideas for Improving =
Cyber Security</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
---------------------------- </div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Forbes asked ten cyber expe=
rts' best ideas for thwarting digital security threats include changing the=
way we think about security and being proactive about protecting sensitive=
data; encouraging transparency from
cloud services about data handling; making better use of encryption; devel=
oping systems that present smaller attack surfaces; developing a new secure=
network for critical infrastructure; and establishing privacy and data sec=
urity regulation and enforcement
for companies. Most acknowledged that there are no easy and quick fixes.</=
div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;"><a href=3D"http://www.forbe=
s.com/sites/kashmirhill/2014/06/18/10-ways-to-fix-cybersecurity/">Read the =
story in the news</a>.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
------------------------------------</div>
<div style=3D"margin: 0px; font-family: Arial;">4. Security SIG=92s First L=
unch Meeting, July 16th</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
-------------------------------------</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Security SIG is holding its=
first luncheon on Wednesday, July 16th, 12:00 - 1:00 pm. If you haven=92t =
yet
<a href=3D"https://mailman.mit.edu:444/mailman/listinfo/security_sig">signe=
d up for Security SIG</a>, please do so.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Main topic: "The Bigge=
st Threats to Security Today.=94 If you have any suggestions on what to cov=
er for this topic, please let us know.</div>
<div style=3D"margin: 0px; font-family: Arial;">Lunch will be provided.&nbs=
p;</div>
<div style=3D"margin: 0px; font-family: Arial;">Location to be determined.<=
/div>
<p style=3D"margin: 0px; font-family: Arial;"> </p>
<div style=3D"margin: 0px; font-family: Arial;">We got a great response rat=
e (30% of the list) for the poll, so thanks to those who replied. Some of y=
ou also offered additional topics you=B9re interested in, which is great to=
know for future events.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">We need to still book a roo=
m, so stay tuned. Because we are serving lunch we will need you to RSVP. Pl=
ease send your attendance confirmation to me, at
<a href=3D"https://owa.exchange.mit.edu/owa/redir.aspx?C=3DwYhOL6XkkECJ0obi=
udR8BMpYm3vWYtEIixtMz7SxvupOHbZQb3xmBbC7tj5ze56wA8HGf75Qr5o.&URL=3Dmail=
to%3amyeaton%40mit.edu">
<span style=3D"color: rgb(4, 46, 238);">myeaton@mit.edu</span></a>.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-size: 12px; font-family: Helvetica; min-hei=
ght: 14px;">
<br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Read all archived Secur=
ity FYI Newsletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"color: rgb(4, =
46, 238);">http://securityfyi.wordpress.com/</span></a>.</div>
<div style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</div>
<div apple-content-edited=3D"true">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<br>
Monique Buchanan<br>
IT Security Communications Coordinator<br>
Information Systems & Technology (IS&T)<br>
Massachusetts Institute of Technology<br>
<a href=3D"http://ist.mit.edu/secure">http://ist.mit.edu/secure</a><br>
tel: 617.253.2715<br>
<br>
<br>
</div>
</div>
</div>
</div>
<br>
</body>
</html>
--_000_FCC7F17A90B545D19997AFAA7FCAD226mitedu_--
--===============0850282501==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0850282501==--
