[10242] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, October 6, 2014
daemon@ATHENA.MIT.EDU (Monique Buchanan)
Mon Oct 6 16:01:42 2014
Resent-From: ist-security-fyi@mit.edu
From: Monique Buchanan <myeaton@mit.edu>
To: ist-security-fyi <ist-security-fyi@mit.edu>
Date: Mon, 6 Oct 2014 20:00:07 +0000
Message-ID: <F3AC31A0-886B-4868-9D13-1A1DD81E9F85@mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0058442440=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============0058442440==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_F3AC31A0886B48689D131A1DD81E9F85mitedu_"
--_000_F3AC31A0886B48689D131A1DD81E9F85mitedu_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. MIT Event: Keep IT Safe Table in W20 Lobby
2. What Happened in the JP Morgan Chase Breach?
3. Is Windows Safe from Shellshock?
---------------------------------------------------------------
1. MIT Event: Keep IT Safe Table in W20 Lobby
---------------------------------------------------------------
On Tuesday, October 7, 9:00 to 11:00 am, IS&T is hosting the Keep IT Safe t=
able in W20, a new initiative aimed at supporting the MIT community with th=
eir secure computing and data protection needs.
Encourage your staff, students and colleagues (and yourself) to come by and=
grab a free cup of coffee and a donut while perhaps taking away something =
you didn=92t know yet about cyber security.
This event kicks off a series of events to promote National Cyber Security =
Awareness Month (NCSAM).
Learn more here<http://kb.mit.edu/confluence/x/WR4YCQ>.
---------------------------------------------------------------------
2. What Happened in the JP Morgan Chase Breach?
---------------------------------------------------------------------
According to news released last Thursday, 76 million household accounts and=
7 million small businesses were affected by a breach that occurred earlier=
this year. JP Morgan Chase is one of the oldest, best-known and largest fi=
nancial institutions in the world. The cyber attack leaked names, addresses=
, phone numbers and email addresses. There is no evidence yet of passwords,=
sensitive personal information, or account information being stolen.
The bank discovered the intrusion on its servers in mid-August and believes=
the breach may have begun as early as June, a spokesperson for the bank ha=
s said. They have =93identified and closed all known access paths.=94 It is=
possible the original access point came by getting a password from an empl=
oyee.
In a post on their website, they told customers there=92s no need to change=
their password or account information. No cards will be reissued.
Because email addresses were accessed by the hackers, beware of any phishin=
g emails; don=92t click on links from email addresses you don=92t know or l=
inks inside messages that look like they might come from Chase or another t=
rusted source, and were received unexpectedly.
Read the full story in the news<http://www.eweek.com/security/why-jpmorgan-=
chase-data-breach-may-have-financial-fallout.html>.
--------------------------------------------------
3. Is Windows Safe from Shellshock?
--------------------------------------------------
It appears as time goes on since the Bash vulnerability was first discovere=
d, that Windows users are not necessarily immune to this Linux-targeted bug=
. According to a security company in Belgium, they discovered a command inj=
ection vulnerability for Windows command-line shells that takes advantage o=
f environment variables in a similar fashion to Bash exploits.
According to the information, Windows clients are not able to be exploited =
remotely (via the Internet). The exploit would have to occur locally, or sp=
ecifically on Windows Server deployments. Microsoft is not planning to issu=
e a security bulletin, as it does not consider this a security vulnerabilit=
y.
Read the full story in the news<http://threatpost.com/shellshock-like-weakn=
ess-may-affect-windows/108696>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Read all archived Security FYI Newsletter articles and submit comments onli=
ne at http://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Monique Buchanan
IT Security Communications Coordinator
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715
--_000_F3AC31A0886B48689D131A1DD81E9F85mitedu_
Content-Type: text/html; charset="Windows-1252"
Content-ID: <B12F2084B11A0A4096027FB8D64A6681@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space;">
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">In this issue:</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">1. MIT Event: Keep IT S=
afe Table in W20 Lobby</div>
<div style=3D"margin: 0px; font-family: Helvetica;">2. What Happened in the=
JP Morgan Chase Breach?</div>
<div style=3D"margin: 0px; font-family: Helvetica;">3. Is Windows Safe from=
Shellshock?</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
----------------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica;">1. MIT Event: Keep IT S=
afe Table in W20 Lobby</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
----------------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">On Tuesday, October 7, =
9:00 to 11:00 am, IS&T is hosting the Keep IT Safe table in W20, a new =
initiative aimed at supporting the MIT community with their secure computin=
g and data protection needs. </div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Encourage your staff, s=
tudents and colleagues (and yourself) to come by and
<b>grab a free cup of coffee and a donut</b> while perhaps taking away some=
thing you didn=92t know yet about cyber security.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">This event kicks off a =
series of events to promote National Cyber Security Awareness Month (NCSAM)=
. </div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"http://kb.mi=
t.edu/confluence/x/WR4YCQ">Learn more here</a>.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
----------------------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica;">2. What Happened in the=
JP Morgan Chase Breach?</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
----------------------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">According to news relea=
sed last Thursday, 76 million household accounts and 7 million small busine=
sses were affected by a breach that occurred earlier this year. JP Morgan C=
hase is one of the oldest, best-known
and largest financial institutions in the world. The cyber attack leaked n=
ames, addresses, phone numbers and email addresses. There is no evidence ye=
t of passwords, sensitive personal information, or account information bein=
g stolen.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">The bank discovered the=
intrusion on its servers in mid-August and believes the breach may have be=
gun as early as June, a spokesperson for the bank has said. They have =93id=
entified and closed all known access
paths.=94 It is possible the original access point came by getting a passw=
ord from an employee.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">In a post on their webs=
ite, they told customers there=92s no need to change their password or acco=
unt information. No cards will be reissued.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Because email addresses=
were accessed by the hackers, beware of any phishing emails; don=92t click=
on links from email addresses you don=92t know or links inside messages th=
at look like they might come from Chase
or another trusted source, and were received unexpectedly.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"http://www.e=
week.com/security/why-jpmorgan-chase-data-breach-may-have-financial-fallout=
.html">Read the full story in the news</a>.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
---------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica;">3. Is Windows Safe from=
Shellshock?</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
---------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">It appears as time goes=
on since the Bash vulnerability was first discovered, that Windows users a=
re not necessarily immune to this Linux-targeted bug. According to a securi=
ty company in Belgium, they discovered
a command injection vulnerability for Windows command-line shells that tak=
es advantage of environment variables in a similar fashion to Bash exploits=
. </div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">According to the inform=
ation, Windows clients are not able to be exploited remotely (via the Inter=
net). The exploit would have to occur locally, or specifically on Windows S=
erver deployments. Microsoft is not
planning to issue a security bulletin, as it does not consider this a secu=
rity vulnerability.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"http://threa=
tpost.com/shellshock-like-weakness-may-affect-windows/108696">Read the full=
story in the news</a>.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Read all archived Secur=
ity FYI Newsletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"color: rgb(4, =
46, 238);">http://securityfyi.wordpress.com/</span></a>.</div>
<div style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</div>
<div apple-content-edited=3D"true">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<br>
</div>
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<br>
Monique Buchanan<br>
IT Security Communications Coordinator<br>
Information Systems & Technology (IS&T)<br>
Massachusetts Institute of Technology<br>
<a href=3D"http://ist.mit.edu/secure">http://ist.mit.edu/secure</a><br>
tel: 617.253.2715<br>
<br>
<br>
</div>
</div>
</div>
</div>
<br>
</body>
</html>
--_000_F3AC31A0886B48689D131A1DD81E9F85mitedu_--
--===============0058442440==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0058442440==--
