[1098] in Security FYI
[IS&T Security-FYI] Newsletter, May 9, 2008
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Fri May 9 12:15:06 2008
Message-Id: <BE695C62-3E9C-4A5A-B907-284F7F9374FE@mit.edu>
From: Monique Yeaton <myeaton@MIT.EDU>
To: ist-security-fyi@MIT.EDU
Mime-Version: 1.0 (Apple Message framework v919.2)
Date: Fri, 9 May 2008 12:06:56 -0400
Content-Type: text/plain; charset="windows-1252"
Errors-To: ist-security-fyi-bounces@MIT.EDU
Content-Transfer-Encoding: 8bit
In this issue:
1. 2008 Internet Security Trends
2. Safeguards for SSNs
-----------------------------------------
1. 2008 Internet Security Trends
-----------------------------------------
Ironport Systems compiles a report each year on Internet Security
Trends. This year's report, covering the year 2007, is now available.
Specific observations include:
-- Email threats increased 100 percent, to more than 120 billion spam
messages daily. That’s about 20 spam messages per day for every person
on the planet.
-- Email threats have become more dangerous. Past spam attacks were
primarily selling some type of product. In 2007, more than 83 percent
of spam contained a URL. In accordance with a trend towards the
blending of different malware techniques, URL-based viruses increased
256 percent.
-- The "self defending bot network" was introduced. The Storm trojan
is perhaps one of the most sophisticated botnets ever observed. The
quality and technical sophistication show that these threats are being
developed by professional engineers.
-- Viruses no longer make headlines, because virus writers have
evolved from previous mass distribution attacks. Viruses are much more
polymorphic and typically associated with the proliferation of very
sophisticated botnets such as Feebs (Feebs is the research name for a
self-propagating email worm that gives attackers remote access to
infected computers for the purposes of stealing personal information)
and Storm.
You can download the report from www.ironport.com/securitytrends/.
Note: On the page to download the 2008 report there's a required
registration form to fill out. I've already downloaded the file, so if
you'd like a copy of the PDF and don't want to register, let me know
and I can email it to you.
------------------------------
2. Safeguards for SSNs
------------------------------
Last December, MIT launched a program to protect personally
identifying information (PII) in response to concerns about identity
theft. The initial focus of the program is to identify all the places
at MIT where Social Security numbers (SSNs) have been collected or
recorded - computer systems as well as paper files.
In parallel, the program is working to reduce MIT's risks by limiting
the number of places where SSNs are collected, reducing the number of
people with access to SSNs, and ensuring that SSNs needed for business
purposes are effectively protected.
Since the data collection effort encompasses the whole campus, members
of the PII Team are available to talk with groups or individuals about
different protection methods, from using cross-cut shredders to
replacing SSNs with MIT ID numbers on forms.
The PII Team is interested in hearing from community members. If you
encounter SSNs, especially in unexpected places, or want to request a
presentation, contact the team at pii-protect@mit.edu. To learn more
about MIT initiatives to protect sensitive information, visit https://web.mit.edu/infoprotect/initiatives/initiatives.html
(certificate required).
=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
