[10246] in Security FYI
[IS&T Security-FYI] Security FYI Newsletter, November 4, 2014
daemon@ATHENA.MIT.EDU (Monique Buchanan)
Tue Nov 4 10:15:31 2014
Resent-From: ist-security-fyi@mit.edu
From: Monique Buchanan <myeaton@mit.edu>
To: ist-security-fyi <ist-security-fyi@mit.edu>
Date: Tue, 4 Nov 2014 15:14:12 +0000
Message-ID: <FD444DBC-C539-4EDC-844B-368725B71F43@mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0804975806=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============0804975806==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_FD444DBCC5394EDC844B368725B71F43mitedu_"
--_000_FD444DBCC5394EDC844B368725B71F43mitedu_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. NCSAM at MIT Wrapped Up
2. Apple Issues iCloud Security Advisory
3. Program in Applied Cyber Security at MIT
4. Malicious Ebola-Themed Emails
-----------------------------------------------------
1. NCSAM at MIT Wrapped Up
-----------------------------------------------------
NCSAM 2014 is officially over.
Thank you to all who participated in the events hosted by MIT, including th=
e desk in the Student Center, the talk by Nathan Freitas on Tor going mobil=
e, and the Shred IT effort in the Stata Center lobby. Special thanks to the=
IS&T Site Team, DITR, Facilities, Cintas Document Management, and The Tor =
Project for their efforts and time.
How did we do?
* We had about 150 visitors to the student desk.
* The talk on Tor was attended by 50 people.
* At the shredding event we collected nine large bins of paper and at l=
east 2 full pallets of hard drives and floppy disks.
Several people have asked when we will repeat the shredding event. It is po=
ssible this may become an annual or bi-annual event; we will be sure to let=
the community know when the next one is happening.
Due to busy schedules, we are also considering video-taping the security ta=
lks, which are schedule to happen every two months. A schedule of upcoming =
talks will be shared when it becomes available.
Photos of the Tor talk and the shredding event are posted online<http://sec=
urityfyi.wordpress.com/2014/11/04/ncsam-at-mit-wrapped-up/>.
-----------------------------------------------------
2. Apple Issues iCloud Security Advisory
-----------------------------------------------------
Last week Apple issued a security warning about attacks attempting to steal=
information from iCloud users with fraudulent certificates. An Apple suppo=
rt page warns users to heed invalid certificate warnings while visiting iCl=
oud, saying they should never enter login information into websites that pr=
esent certificate warnings.
Verify that your browser is securely connected to iCloud.com<http://support=
.apple.com/en-us/HT6550>
----------------------------------------------------------
3. Program in Applied Cyber Security at MIT
----------------------------------------------------------
Have you ever considered taking advantage of the amazing educational opport=
unities at MIT?
MIT Professional Education is organized under the School of Engineering, an=
d provides continuing education courses and lifelong learning opportunities=
for science and engineering professionals at all levels. MIT faculty teach=
all Professional Education offerings.
I was poking around their site last week and wouldn=92t you know it: a cour=
se in Applied Cyber Security is being offered in 2015<http://web.mit.edu/pr=
ofessional/short-programs/courses/applied_cyber_security.html>. According t=
he course description, =93experts from academia, the military, and industry=
share their knowledge to give participants the principles, the state of th=
e practice, and strategies for the future.=94
Learn more<http://web.mit.edu/professional/short-programs/courses/applied_c=
yber_security.html>.
----------------------------------------------
4. Malicious Ebola-Themed Emails
----------------------------------------------
Fake emails that purport to be from the World Health Organization are invit=
ing people to download an attachment or click a link for more information a=
bout the Ebola virus.
Last week US-CERT, a division of the Department of Homeland Security, issue=
d an advisory<https://www.us-cert.gov/ncas/current-activity/2014/10/16/Ebol=
a-Phishing-Scams-and-Malware-Campaigns> warning users about spam campaigns =
that use the Ebola virus to bait users into inadvertently downloading malwa=
re. Once the malware program is on the victim=92s machine, it can grab shot=
s off the webcam, take control of the machine remotely, or steal passwords.
Read the full story online<http://bits.blogs.nytimes.com/2014/10/24/malicio=
us-ebola-themed-emails-are-on-the-rise/>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Read all archived Security FYI Newsletter articles and submit comments onli=
ne at http://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Monique Buchanan
IT Security Communications Coordinator
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715
--_000_FD444DBCC5394EDC844B368725B71F43mitedu_
Content-Type: text/html; charset="Windows-1252"
Content-ID: <F7ACAACC3FB2CB46863633B9B58B3110@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space;">
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;">In this i=
ssue:</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">1. NCSAM at MIT Wrapped Up<=
/div>
<div style=3D"margin: 0px; font-family: Arial;">2. Apple Issues iCloud Secu=
rity Advisory</div>
<div style=3D"margin: 0px; font-family: Arial;">3. Program in Applied Cyber=
Security at MIT</div>
<div style=3D"margin: 0px; font-family: Arial;">4. Malicious Ebola-Themed E=
mails</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
--------------------------</div>
<div style=3D"margin: 0px; font-family: Arial;">1. NCSAM at MIT Wrapped Up<=
/div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
--------------------------</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">NCSAM 2014 is officially ov=
er. </div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Thank you to all who partic=
ipated in the events hosted by MIT, including the desk in the Student Cente=
r, the talk by Nathan Freitas on Tor going mobile, and the Shred IT effort =
in the Stata Center lobby. Special
thanks to the IS&T Site Team, DITR, Facilities, Cintas Document Manage=
ment, and The Tor Project for their efforts and time.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">How did we do?</div>
<ul>
<li style=3D"margin: 0px; font-family: Arial;">We had about 150 visitors to=
the student desk.
</li><li style=3D"margin: 0px; font-family: Arial;">The talk on Tor was att=
ended by 50 people.
</li><li style=3D"margin: 0px; font-family: Arial;">At the shredding event =
we collected nine large bins of paper and at least 2 full pallets of hard d=
rives and floppy disks.
</li></ul>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Several people have asked w=
hen we will repeat the shredding event. It is possible this may become an a=
nnual or bi-annual event; we will be sure to let the community know when th=
e next one is happening.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Due to busy schedules, we a=
re also considering video-taping the security talks, which are schedule to =
happen every two months. A schedule of upcoming talks will be shared when i=
t becomes available.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;"><a href=3D"http://securityf=
yi.wordpress.com/2014/11/04/ncsam-at-mit-wrapped-up/">Photos of the Tor tal=
k and the shredding event are posted online</a>.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
--------------------------</div>
<div style=3D"margin: 0px; font-family: Arial;">2. Apple Issues iCloud Secu=
rity Advisory</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
--------------------------</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Last week Apple issued a se=
curity warning about attacks attempting to steal information from iCloud us=
ers with fraudulent certificates. An Apple support page warns users to heed=
invalid certificate warnings while
visiting iCloud, saying they should never enter login information into web=
sites that present certificate warnings.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;"><a href=3D"http://support.a=
pple.com/en-us/HT6550">Verify that your browser is securely connected to iC=
loud.com</a></div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
-------------------------------</div>
<div style=3D"margin: 0px; font-family: Arial;">3. Program in Applied Cyber=
Security at MIT</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
-------------------------------</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Have you ever considered ta=
king advantage of the amazing educational opportunities at MIT?</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">MIT Professional Education =
is organized under the School of Engineering, and provides continuing educa=
tion courses and lifelong learning opportunities for science and engineerin=
g professionals at all levels. MIT
faculty teach all Professional Education offerings.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">I was poking around their s=
ite last week and wouldn=92t you know it:
<a href=3D"http://web.mit.edu/professional/short-programs/courses/applied_c=
yber_security.html">
a course in Applied Cyber Security is being offered in 2015</a>. According =
the course description, =93experts from academia, the military, and industr=
y share their knowledge to give participants the principles, the state of t=
he practice, and strategies for the
future.=94</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;"><a href=3D"http://web.mit.e=
du/professional/short-programs/courses/applied_cyber_security.html">Learn m=
ore</a>.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
-------------------</div>
<div style=3D"margin: 0px; font-family: Arial;">4. Malicious Ebola-Themed E=
mails</div>
<div style=3D"margin: 0px; font-family: Arial;">---------------------------=
-------------------</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Fake emails that purport to=
be from the World Health Organization are inviting people to download an a=
ttachment or click a link for more information about the Ebola virus.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;">Last week US-CERT, a divisi=
on of the Department of Homeland Security,
<a href=3D"https://www.us-cert.gov/ncas/current-activity/2014/10/16/Ebola-P=
hishing-Scams-and-Malware-Campaigns">
issued an advisory</a> warning users about spam campaigns that use the Ebol=
a virus to bait users into inadvertently downloading malware. Once the malw=
are program is on the victim=92s machine, it can grab shots off the webcam,=
take control of the machine remotely,
or steal passwords.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial;"><a href=3D"http://bits.blog=
s.nytimes.com/2014/10/24/malicious-ebola-themed-emails-are-on-the-rise/">Re=
ad the full story online</a>.</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Read all archived Secur=
ity FYI Newsletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"color: rgb(4, =
46, 238);">http://securityfyi.wordpress.com/</span></a>.</div>
<div style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</div>
<div apple-content-edited=3D"true">
<div style=3D"color: rgb(0, 0, 0); font-family: Avenir; font-size: 14px; fo=
nt-style: normal; font-variant: normal; font-weight: normal; letter-spacing=
: normal; line-height: normal; orphans: auto; text-align: start; text-inden=
t: 0px; text-transform: none; white-space: normal; widows: auto; word-spaci=
ng: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbs=
p-mode: space; -webkit-line-break: after-white-space;">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<div style=3D"color: rgb(0, 0, 0); font-family: Avenir; font-size: 14px; fo=
nt-style: normal; font-variant: normal; font-weight: normal; letter-spacing=
: normal; line-height: normal; orphans: auto; text-align: start; text-inden=
t: 0px; text-transform: none; white-space: normal; widows: auto; word-spaci=
ng: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbs=
p-mode: space; -webkit-line-break: after-white-space;">
<br>
</div>
<div style=3D"color: rgb(0, 0, 0); font-family: Avenir; font-size: 14px; fo=
nt-style: normal; font-variant: normal; font-weight: normal; letter-spacing=
: normal; line-height: normal; orphans: auto; text-align: start; text-inden=
t: 0px; text-transform: none; white-space: normal; widows: auto; word-spaci=
ng: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbs=
p-mode: space; -webkit-line-break: after-white-space;">
<br>
Monique Buchanan<br>
IT Security Communications Coordinator<br>
Information Systems & Technology (IS&T)<br>
Massachusetts Institute of Technology<br>
<a href=3D"http://ist.mit.edu/secure">http://ist.mit.edu/secure</a><br>
tel: 617.253.2715</div>
<div style=3D"color: rgb(0, 0, 0); font-family: Avenir; font-size: 14px; fo=
nt-style: normal; font-variant: normal; font-weight: normal; letter-spacing=
: normal; line-height: normal; orphans: auto; text-align: start; text-inden=
t: 0px; text-transform: none; white-space: normal; widows: auto; word-spaci=
ng: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbs=
p-mode: space; -webkit-line-break: after-white-space;">
<br>
</div>
<br class=3D"Apple-interchange-newline">
</div>
</div>
</div>
<br>
</div>
</body>
</html>
--_000_FD444DBCC5394EDC844B368725B71F43mitedu_--
--===============0804975806==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0804975806==--
