[10238] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, September 23, 2014
daemon@ATHENA.MIT.EDU (Monique Buchanan)
Tue Sep 23 09:50:12 2014
Resent-From: ist-security-fyi@mit.edu
From: Monique Buchanan <myeaton@mit.edu>
To: ist-security-fyi <ist-security-fyi@mit.edu>
Date: Tue, 23 Sep 2014 13:48:51 +0000
Message-ID: <8A146D12-3605-4958-A52F-7C24A6F338D1@mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1140083589=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============1140083589==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_8A146D1236054958A52F7C24A6F338D1mitedu_"
--_000_8A146D1236054958A52F7C24A6F338D1mitedu_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Cyber Security Awareness Events Coming in October
2. Bug Fixed in Sophos Anti-Virus for Mac OS X
3. Risks to Information When Traveling
---------------------------------------------------------------------------
1. Cyber Security Awareness Events Coming in October
---------------------------------------------------------------------------
It=92s that time of year again!
October is National Cyber Security Awareness Month (NCSAM)<https://owa.exch=
ange.mit.edu/owa/redir.aspx?C=3DoF0s8gculU-PHKq61iPCEhJ08crzqdEIOWakrXxTOCW=
vNAacpibgmzCfZGYd0CYk3EIa-YOBHM0.&URL=3Dhttp%3a%2f%2fwww.staysafeonline.org=
%2fncsam> dedicated to the improvement of your safety when using the Intern=
et.
Here are 3 ways you can participate:
How savvy are you with your knowledge of cyber security risks?
Discover your threat level by attending the =93Keep IT Safe=94 table in W20=
. Stop by and receive free coffee and donuts.
Tuesday, October 7, 9am - 11am, W20 Lobby
Hear about Tor!
Andrew Lewman, Executive Director of The Tor Project, is coming to MIT. Tor=
was designed to protect government communications and is used today by man=
y types of people for a wide variety of purposes to improve their privacy a=
nd security on the Internet.
Thursday, October 23, 12pm - 1:30pm, 37-252 (Marlar Lounge), RSVP required<=
https://owa.exchange.mit.edu/owa/redir.aspx?C=3DoF0s8gculU-PHKq61iPCEhJ08cr=
zqdEIOWakrXxTOCWvNAacpibgmzCfZGYd0CYk3EIa-YOBHM0.&URL=3Dmailto%3amyeaton%40=
mit.edu> (email myeaton@mit.edu<https://owa.exchange.mit.edu/owa/redir.aspx=
?C=3DoF0s8gculU-PHKq61iPCEhJ08crzqdEIOWakrXxTOCWvNAacpibgmzCfZGYd0CYk3EIa-Y=
OBHM0.&URL=3Dmailto%3amyeaton%40mit.edu>) to attend and receive a free lunc=
h
Shred IT!
Are you a pack rat? Can=92t seem to find the time to get rid of those old h=
ard drives, thumb drives, CDs or digital tapes? Have mountains of old docum=
ents that might contain sensitive data but which aren=92t needed anymore? D=
rop them off at the =93Shred IT=94 table in the Stata Center. Paper will be=
shredded by Cintas, a professional document management company. Electronic=
media will be collected and disposed of securely with coordination by Dist=
ributed IT Resources (DITR).
Friday, October 24, 10am - 2pm, Stata Center Lobby (Building 32)
Spread the word about NCSAM and these events, and we look forward to seeing=
you there.
----------------------------------------------------------------
2. Bug Fixed in Sophos Anti-Virus for Mac OS X
----------------------------------------------------------------
If you were experiencing some issues with your Sophos client on the Mac<htt=
p://www.sophos.com/en-us/support/knowledgebase/121324.aspx>, it should now =
be fixed with the release of Sophos Anti-Virus for Mac OS X 9.1.7. The upda=
te was issued to users at MIT running version 9.1.6. and they should be exp=
eriencing no more problems.
If, for whatever reason, you did not receive the update or are still experi=
encing the issues described in the article linked above, please contact the=
Help Desk: http://ist.mit.edu/help.
----------------------------------------------------
3. Risks to Information When Traveling
----------------------------------------------------
This recent NY Times article<http://www.nytimes.com/2014/09/09/business/kee=
p-your-data-yours-while-traveling.html> outlines the ways your data can fal=
l into the hands of snoops and thieves if you=92re not careful when traveli=
ng. The tips the article lists include some great security best practices.
1. Take only what you need. If you can, take a loaner laptop or one that co=
ntains only what you need for the trip and nothing more. Alternatively, if =
you must take sensitive data, carry it on a memory stick.
2. Use encryption. Encryption can be added to MIT laptops, mobile devices a=
nd memory sticks. To learn more about how to use and enable encryption, see=
: http://ist.mit.edu/encryption
3. Install a virtual private network (VPN). The VPN that MIT provides gives=
users an encrypted network connection, even when accessing the Internet vi=
a public or open wifi (such as at a hotel or cafe). This prevents anyone on=
the same public wifi from accessing your communications. Install the VPN c=
lient from the IS&T website: http://ist.mit.edu/vpn
4. Protect using a password. If you must take a phone, laptop or tablet wit=
h you on your trip, make sure it has a code or password on it. Some smartph=
ones<http://kb.mit.edu/confluence/x/XQdS> now have fingerprint sensors for =
locking/unlocking. Choose a strong password for your laptops (learn how<htt=
p://kb.mit.edu/confluence/x/3wNt>). Create strong passwords for the mobile =
apps or websites you use for accessing sensitive information, and don=92t l=
eave passwords written down and stored near the devices you use them for.
5. Use layered protection. This means, for example, having extra copies of =
files safely stored elsewhere (not on your computer=92s hard drive), or hav=
ing your files backed up within the cloud. MIT offers CrashPlan<http://ist.=
mit.edu/crashplan>, the new backup service that replaces TSM. Mobile device=
s can also use CrashPlan via CrashPlan apps<http://kb.mit.edu/confluence/x/=
cWoYCQ>.
Note: while having files in Dropbox can be convenient for sharing files wit=
h other colleagues, if you have installed Dropbox on your computer, the fil=
es are accessible to a thief who has stolen your computer. A recommendation=
would be to remove the DropBox folder from the computer prior to traveling=
and to access your Dropbox files via the Dropbox website. On mobile device=
s, the folder can be password protected within the Dropbox app. See these s=
ecurity tips for Dropbox users<http://kb.mit.edu/confluence/x/o34YCQ>.
Find more tips for MIT Travelers in this KB article<http://kb.mit.edu/confl=
uence/x/ODIYCQ>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Read all archived Security FYI Newsletter articles and submit comments onli=
ne at http://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Monique Buchanan
IT Security Communications Coordinator
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715
--_000_8A146D1236054958A52F7C24A6F338D1mitedu_
Content-Type: text/html; charset="Windows-1252"
Content-ID: <BD574719D598D542A7346E637E0F36BF@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space;">
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;">In th=
is issue:</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">1. Cyber Security Aware=
ness Events Coming in October</div>
<div style=3D"margin: 0px; font-family: Helvetica;">2. Bug Fixed in Sophos =
Anti-Virus for Mac OS X </div>
<div style=3D"margin: 0px; font-family: Helvetica;">3. Risks to Information=
When Traveling</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
----------------------------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica;">1. Cyber Security Aware=
ness Events Coming in October</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
----------------------------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">It=92s that time of yea=
r again! </div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">October is <a href=
=3D"https://owa.exchange.mit.edu/owa/redir.aspx?C=3DoF0s8gculU-PHKq61iPCEhJ=
08crzqdEIOWakrXxTOCWvNAacpibgmzCfZGYd0CYk3EIa-YOBHM0.&URL=3Dhttp%3a%2f%=
2fwww.staysafeonline.org%2fncsam">National Cyber
Security Awareness Month (NCSAM)</a> dedicated to the improvement of =
your safety when using the Internet. </div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Here are 3 ways you can=
participate:</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;"><b>How savvy are you wi=
th your knowledge of cyber security risks? </b></div>
<div style=3D"margin: 0px; font-family: Helvetica;">Discover your threat le=
vel by attending the =93Keep IT Safe=94 table in W20. Stop by and receive f=
ree coffee and donuts.</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Tuesday, October 7, 9am=
- 11am, W20 Lobby</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;"><b>Hear about Tor! =
;</b></div>
<div style=3D"margin: 0px; font-family: Helvetica;">Andrew Lewman, Executiv=
e Director of The Tor Project, is coming to MIT. Tor was designed to protec=
t government communications and is used today by many types of people for a=
wide variety of purposes to improve
their privacy and security on the Internet.</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Thursday, October 23, 1=
2pm - 1:30pm, 37-252 (Marlar Lounge),
<a href=3D"https://owa.exchange.mit.edu/owa/redir.aspx?C=3DoF0s8gculU-PHKq6=
1iPCEhJ08crzqdEIOWakrXxTOCWvNAacpibgmzCfZGYd0CYk3EIa-YOBHM0.&URL=3Dmail=
to%3amyeaton%40mit.edu">
RSVP required</a> (email <a href=3D"https://owa.exchange.mit.edu/owa/r=
edir.aspx?C=3DoF0s8gculU-PHKq61iPCEhJ08crzqdEIOWakrXxTOCWvNAacpibgmzCfZGYd0=
CYk3EIa-YOBHM0.&URL=3Dmailto%3amyeaton%40mit.edu">
myeaton@mit.edu</a>) to attend and receive a free lunch</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;"><b>Shred IT! </b><=
/div>
<div style=3D"margin: 0px; font-family: Helvetica;">Are you a pack rat? Can=
=92t seem to find the time to get rid of those old hard drives, thumb drive=
s, CDs or digital tapes? Have mountains of old documents that might contain=
sensitive data but which aren=92t needed
anymore? Drop them off at the =93Shred IT=94 table in the Stata Center. Pa=
per will be shredded by Cintas, a professional document management company.=
Electronic media will be collected and disposed of securely with coordinat=
ion by Distributed IT Resources (DITR).</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Friday, October 24, 10a=
m - 2pm, Stata Center Lobby (Building 32)</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Spread the word about N=
CSAM and these events, and we look forward to seeing you there.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
-----------------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica;">2. Bug Fixed in Sophos =
Anti-Virus for Mac OS X </div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
-----------------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">If you were experiencin=
g some <a href=3D"http://www.sophos.com/en-us/support/knowledgebase/121324.=
aspx">
issues with your Sophos client on the Mac</a>, it should now be fixed with =
the release of Sophos Anti-Virus for Mac OS X 9.1.7. The update was issued =
to users at MIT running version 9.1.6. and they should be experiencing no m=
ore problems.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">If, for whatever reason=
, you did not receive the update or are still experiencing the issues descr=
ibed in the article linked above, please contact the Help Desk:
<a href=3D"http://ist.mit.edu/help">http://ist.mit.edu/help</a>.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
-----------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica;">3. Risks to Information=
When Traveling</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
-----------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"http://www.n=
ytimes.com/2014/09/09/business/keep-your-data-yours-while-traveling.html">T=
his recent NY Times article</a> outlines the ways your data can fall into t=
he hands of snoops and thieves if you=92re
not careful when traveling. The tips the article lists include some great =
security best practices. </div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">1. <b>Take only what yo=
u need</b>. If you can, take a loaner laptop or one that contains only what=
you need for the trip and nothing more. Alternatively, if you must take se=
nsitive data, carry it on a memory
stick.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">2. <b>Use encryption</b=
>. Encryption can be added to MIT laptops, mobile devices and memory sticks=
. To learn more about how to use and enable encryption, see:
<a href=3D"http://ist.mit.edu/encryption">http://ist.mit.edu/encryption</a>=
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">3. <b>Install a virtual=
private network (VPN)</b>. The VPN that MIT provides gives users an encryp=
ted network connection, even when accessing the Internet via public or open=
wifi (such as at a hotel or cafe).
This prevents anyone on the same public wifi from accessing your communica=
tions. Install the VPN client from the IS&T website:
<a href=3D"http://ist.mit.edu/vpn">http://ist.mit.edu/vpn</a></div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">4. <b>Protect using a p=
assword</b>. If you must take a phone, laptop or tablet with you on your tr=
ip, make sure it has a code or password on it. Some
<a href=3D"http://kb.mit.edu/confluence/x/XQdS">smartphones</a> now have fi=
ngerprint sensors for locking/unlocking. Choose a strong password for your =
laptops (<a href=3D"http://kb.mit.edu/confluence/x/3wNt">learn how</a>). Cr=
eate strong passwords for the mobile
apps or websites you use for accessing sensitive information, and don=92t =
leave passwords written down and stored near the devices you use them for.<=
/div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">5. <b>Use layered prote=
ction</b>. This means, for example, having extra copies of files safely sto=
red elsewhere (not on your computer=92s hard drive), or having your files b=
acked up within the cloud.
<a href=3D"http://ist.mit.edu/crashplan">MIT offers CrashPlan</a>, the new =
backup service that replaces TSM. Mobile devices can also use CrashPlan via
<a href=3D"http://kb.mit.edu/confluence/x/cWoYCQ">CrashPlan apps</a>. =
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Note: while having file=
s in Dropbox can be convenient for sharing files with other colleagues, if =
you have installed Dropbox on your computer, the files are accessible to a =
thief who has stolen your computer.
A recommendation would be to remove the DropBox folder from the computer p=
rior to traveling and to access your Dropbox files via the Dropbox website.=
On mobile devices, the folder can be password protected within the Dropbox=
app.
<a href=3D"http://kb.mit.edu/confluence/x/o34YCQ">See these security tips f=
or Dropbox users</a>.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"http://kb.mi=
t.edu/confluence/x/ODIYCQ">Find more tips for MIT Travelers in this KB arti=
cle</a>.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Read all archived Secur=
ity FYI Newsletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"color: rgb(4, =
46, 238);">http://securityfyi.wordpress.com/</span></a>.</div>
<div style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</div>
<div style=3D"margin: 0px; font-family: Helvetica;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;"><br>
</div>
<div apple-content-edited=3D"true">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
Monique Buchanan<br>
IT Security Communications Coordinator<br>
Information Systems & Technology (IS&T)<br>
Massachusetts Institute of Technology<br>
<a href=3D"http://ist.mit.edu/secure">http://ist.mit.edu/secure</a><br>
tel: 617.253.2715<br>
<br>
<br>
</div>
</div>
</div>
</div>
<br>
</body>
</html>
--_000_8A146D1236054958A52F7C24A6F338D1mitedu_--
--===============1140083589==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1140083589==--
