[1535] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, January 30, 2009
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Fri Jan 30 13:34:10 2009
Message-Id: <35733D7C-6797-43F0-8734-682A82E2B102@mit.edu>
From: Monique Yeaton <myeaton@mit.edu>
To: ist-security-fyi@mit.edu
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Fri, 30 Jan 2009 13:28:08 -0500
Cc: itss@mit.edu
Content-Type: multipart/mixed; boundary="===============1946291341=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============1946291341==
Content-Type: multipart/alternative; boundary=Apple-Mail-4--517665303
--Apple-Mail-4--517665303
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
In this issue:
1. Two Big Computer Attacks Making the Rounds
2. New Security Standards Adopted by Massachusetts
3. Heartland Security Breach
4. Spam Levels Expected to Rise Soon
5. White House Posts Network Security Agenda
--------------------------------------------------------------
1. Two Big Computer Attacks Making the Rounds
--------------------------------------------------------------
--Sophisticated Windows Worm Conficker--
The Conficker worm, also known as Downadup and Kido, is troubling
computer systems around the globe. This Windows worm, known by
different monikers due to the various anti-virus and anti-malware
companies out there, was first seen in Oct. 2008. Microsoft released a
patch to solve the problem but the past week has seen the worm take
hold once again due to a new strain, dubbed Conficker.B, causing more
problems this month than the older version, Conficker.A, did at the
end of last year. Officials put the total number of computers infected
up to 3 million.
Read more here:
<http://tech.blorge.com/Structure:%20/2009/01/17/beware-the-windows-worm-conficker-downadup-kido-rampant/
>
<http://news.bbc.co.uk/2/hi/technology/7832652.stm>
--Pirated Copies of iWork 09 Contain Trojan--
Illegal copies of Apple's iWork 09 and Adobe's Photoshop CS4 have been
appearing on file sharing websites. The pirated software is believed
to contain a Trojan horse program known as iServices.A. The Trojan has
root access to infected computers. Once in place, it connects to a
remote server and downloads additional software that makes the
infected computer part of a botnet. The Trojan has already been
inadvertently downloaded by an estimated 20,000 users. This should
send a warning to would-be downloaders of pirated software.
Read more and learn how to remove the Trojan here:
<http://kb.mit.edu/confluence/x/HRZB>
--------------------------------------------------------------------
2. New Security Standards Adopted by Massachusetts
--------------------------------------------------------------------
Article by: Janine Hiller, Professor of Business Law, Virginia Tech:
"New Security Standards Adopted by Massachusetts"
Massachusetts security regulations adopted in 2008 are so
controversial that the deadline for compliance has already been
extended, and comments about possible amendments were heard January
16th, 2009. The requirements, intended to prevent identity theft,
incorporate a good deal of the standard FTC security provisions; a
comprehensive security program, identification of internal and
external risks, employee security policies, and the like. Furthermore,
the regulations list specific security actions that must be
implemented. Several highly debated provisions include mandatory
encryption of personal information of Massachusetts residents held in
a laptop or portable device, contractually requiring third party
service providers to comply with security protections, and a written
certificate of compliance from those providers.
The January 1, 2009 deadline was extended to May 1, 2009 for
contractual compliance and general provisions of the regulation, and
January 1, 2010 for encryption and certification. These seem to be the
most specific and strongest security regulations to date. The
importance of one state's specific security requirements for the
protection of residents' personal information can not be
overemphasized; as the Data Breach Notification laws showed, one
state's laws can affect other residents, and can spur action by other
states.
Standards are found here:
<http://www.mass.gov/?pageID=ocaterminal&L=3&L0=Home&L1=Consumer&L2=Identity+Theft&sid=Eoca&b=terminalcontent&f=idtheft_201cmr17&csid=Eoca
>
See Massachusetts Office of Consumer Affairs and Business and Business
Regulation for further information.
-------------------------------------
3. Heartland Security Breach
-------------------------------------
Princeton, NJ-based Heartland Payment Systems has acknowledged a data
security breach that may affect tens of millions of payment card
accounts. The breach apparently occurred in 2008, and Heartland says
the only data affected by that breach were the names and/or number
associated with payment cards; no merchant data, Social Security
numbers (SSNs), addresses or phone numbers were compromised. Heartland
discovered the breach after MasterCard and Visa contacted the company
regarding suspicious activity associated with certain accounts.
Investigators found malware lurking on Heartland's network.
Heartland's system processes 100 million transactions a month and were
regarded PCI certified. Many of the transactions using the Heartland
Payment System are not over the Internet, but are done in retail
stores and restaurants. If you think your credit card has been
compromised, contact the financial institution that issued the card.
Read full story here:
<http://www.msnbc.msn.com/id/28758856/>
Response from Heartland:
<http://2008breach.com/>
[Article source: SANS]
-------------------------------------------------
4. Spam Levels Expected to Rise Soon
-------------------------------------------------
Although spam levels dropped sharply after the hosting company McColo
was taken offline by its upstream providers two months ago, new
botnets and several resilient older ones are once again building the
volume of spam. Levels are expected to reach pre-takedown levels in
about one month, if the recent trend continues. McColo was
disconnected from the Internet by its upstream provider after the
provider received information indicating the hosting company had
numerous customers involved in cybercrime. McColo's takedown all but
demolished the Srizbi botnet and crippled several others, including
Rustock. However, no arrests were made and new botnets have taken
their places, including one called Ozdok or Mega-D that takes
screenshots of activity on infected machines and sends them back to a
remote server.
Read more here:
<http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9126793&source=rss_topic17
>
[Article source: SANS]
------------------------------------------------------------
5. White House Posts Network Security Agenda
------------------------------------------------------------
In its recently posted Homeland Security Agenda, the Obama
administration has outlined its six major information network
protection goals:
- strengthen federal leadership on cyber security;
- initiate a safe computing R&D effort and harden our nation's cyber
infrastructure;
- protect the IT infrastructure that keeps America's economy safe;
- prevent corporate cyber espionage;
- develop a cyber crime strategy to minimize the opportunities for
criminal profit;
- and mandate standards for securing personal data and require
companies to disclose personal information data breaches.
Notable under the first item is that the administration plans to
"establish the position of national cyber advisor who will report
directly to the president and will be responsible for coordinating
federal agency efforts and development of national cyber security
policy."
Read more here:
<http://www.whitehouse.gov/agenda/homeland_security/>
<http://www.scmagazineus.com/President-Obamas-cybersecurity-plan-released/article/126252/
>
=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security
---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you
for your password.
--Apple-Mail-4--517665303
Content-Type: text/html;
charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">In =
this issue:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">1. =
Two Big Computer Attacks Making the Rounds</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; ">2. New Security Standards =
Adopted by Massachusetts</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">3. Heartland Security =
Breach</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">4. Spam Levels Expected to Rise Soon</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">5. =
White House Posts Network Security Agenda</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; min-height: 17px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">--------------------------------------------------------------</div><div=
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">1. =
Two Big Computer Attacks Making the Rounds</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; =
">--------------------------------------------------------------</div><div=
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">--Sophisticated Windows Worm =
Conficker--</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">The Conficker worm, also known as Downadup and =
Kido, is troubling computer systems around the globe. This Windows =
worm, known by different monikers due to the various anti-virus and =
anti-malware companies out there, was first seen in Oct. 2008. Microsoft =
released a patch to solve the problem but the past week has seen the =
worm take hold once again due to a new strain, dubbed Conficker.B, =
causing more problems this month than the older version, Conficker.A, =
did at the end of last year. Officials put the total number of computers =
infected up to 3 million. </div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Read more here:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; "><<a =
href=3D"http://tech.blorge.com/Structure:%20/2009/01/17/beware-the-windows=
-worm-conficker-downadup-kido-rampant/">http://tech.blorge.com/Structure:%=
20/2009/01/17/beware-the-windows-worm-conficker-downadup-kido-rampant/</a>=
></div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
"><<a =
href=3D"http://news.bbc.co.uk/2/hi/technology/7832652.stm">http://news.bbc=
.co.uk/2/hi/technology/7832652.stm</a>></div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; min-height: 17px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">--Pirated Copies of iWork 09 Contain =
Trojan--</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">Illegal copies of Apple's iWork 09 and Adobe's =
Photoshop CS4 have been appearing on file sharing websites. The =
pirated software is believed to contain a Trojan horse program known as =
iServices.A. The Trojan has root access to infected computers. =
Once in place, it connects to a remote server and downloads =
additional software that makes the infected computer part of a botnet. =
The Trojan has already been inadvertently downloaded by an estimated =
20,000 users. This should send a warning to would-be downloaders of =
pirated software.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Read more and learn how to remove the Trojan here:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
"><<a =
href=3D"http://kb.mit.edu/confluence/x/HRZB">http://kb.mit.edu/confluence/=
x/HRZB</a>></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; =
">--------------------------------------------------------------------</di=
v><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">2. =
New Security Standards Adopted by Massachusetts</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">--------------------------------------------------------------------</di=
v><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Article by: Janine Hiller, =
Professor of Business Law, Virginia Tech: "New Security Standards =
Adopted by Massachusetts"</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Massachusetts security regulations adopted in 2008 are so =
controversial that the deadline for compliance has already been =
extended, and comments about possible amendments were heard January =
16th, 2009. The requirements, intended to prevent identity theft, =
incorporate a good deal of the standard FTC security provisions; a =
comprehensive security program, identification of internal and external =
risks, employee security policies, and the like. Furthermore, the =
regulations list specific security actions that must be implemented. =
Several highly debated provisions include mandatory encryption of =
personal information of Massachusetts residents held in a laptop or =
portable device, contractually requiring third party service providers =
to comply with security protections, and a written certificate of =
compliance from those providers. </div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; min-height: 17px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">The January 1, 2009 deadline was extended to =
May 1, 2009 for contractual compliance and general provisions of the =
regulation, and January 1, 2010 for encryption and certification. These =
seem to be the most specific and strongest security regulations to date. =
The importance of one state's specific security requirements for the =
protection of residents' personal information can not be overemphasized; =
as the Data Breach Notification laws showed, one state's laws can affect =
other residents, and can spur action by other states.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Standards are found =
here:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; "><<a =
href=3D"http://www.mass.gov/?pageID=3Docaterminal&L=3D3&L0=3DHome&=
amp;L1=3DConsumer&L2=3DIdentity+Theft&sid=3DEoca&b=3Dterminalc=
ontent&f=3Didtheft_201cmr17&csid=3DEoca">http://www.mass.gov/?page=
ID=3Docaterminal&L=3D3&L0=3DHome&L1=3DConsumer&L2=3DIdenti=
ty+Theft&sid=3DEoca&b=3Dterminalcontent&f=3Didtheft_201cmr17&a=
mp;csid=3DEoca</a>></div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">See Massachusetts Office of Consumer Affairs =
and Business and Business Regulation for further information.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">-------------------------------------</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; ">3. Heartland Security =
Breach</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">-------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Princeton, NJ-based Heartland =
Payment Systems has acknowledged a data security breach that may affect =
tens of millions of payment card accounts. The breach apparently =
occurred in 2008, and Heartland says the only data affected by that =
breach were the names and/or number associated with payment cards; no =
merchant data, Social Security numbers (SSNs), addresses or phone =
numbers were compromised. Heartland discovered the breach after =
MasterCard and Visa contacted the company regarding suspicious activity =
associated with certain accounts. Investigators found malware lurking on =
Heartland's network. </div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Heartland's system processes 100 million transactions a month and were =
regarded PCI certified. Many of the transactions using the Heartland =
Payment System are not over the Internet, but are done in retail stores =
and restaurants. If you think your credit card has been compromised, =
contact the financial institution that issued the card.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Read full story here:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
"><<a =
href=3D"http://www.msnbc.msn.com/id/28758856/">http://www.msnbc.msn.com/id=
/28758856/</a>></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Response from Heartland:</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; "><<a =
href=3D"http://2008breach.com/">http://2008breach.com/</a>></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">[Article source: SANS]</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">-------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">4. =
Spam Levels Expected to Rise Soon</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; =
">-------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Although spam levels dropped =
sharply after the hosting company McColo was taken offline by its =
upstream providers two months ago, new botnets and several resilient =
older ones are once again building the volume of spam. Levels are =
expected to reach pre-takedown levels in about one month, if the recent =
trend continues. McColo was disconnected from the Internet by its =
upstream provider after the provider received information indicating the =
hosting company had numerous customers involved in cybercrime. =
McColo's takedown all but demolished the Srizbi botnet and =
crippled several others, including Rustock. However, no arrests =
were made and new botnets have taken their places, including one called =
Ozdok or Mega-D that takes screenshots of activity on infected machines =
and sends them back to a remote server.</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; min-height: 17px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">Read more here:</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; "><<a =
href=3D"http://www.computerworld.com/action/article.do?command=3DviewArtic=
leBasic&articleId=3D9126793&source=3Drss_topic17">http://www.compu=
terworld.com/action/article.do?command=3DviewArticleBasic&articleId=3D=
9126793&source=3Drss_topic17</a>></div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; min-height: 17px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">[Article source: SANS]</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">------------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">5. =
White House Posts Network Security Agenda</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; =
">------------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">In its recently posted Homeland =
Security Agenda, the Obama administration has outlined its six major =
information network protection goals: </div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; min-height: 17px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; "> - strengthen federal leadership on cyber =
security; </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; "> - initiate a safe computing R&D =
effort and harden our nation's cyber infrastructure; </div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
"> - protect the IT infrastructure that keeps America's economy =
safe; </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; "> - prevent corporate cyber =
espionage; </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; "> - develop a cyber crime strategy to =
minimize the opportunities for criminal profit; </div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
"> - and mandate standards for securing personal data and require =
companies to disclose personal information data breaches. =
</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Notable under the first item is that the administration plans to =
"establish the position of national cyber advisor who will report =
directly to the president and will be responsible for coordinating =
federal agency efforts and development of national cyber security =
policy."</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Read more here:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; "><<a =
href=3D"http://www.whitehouse.gov/agenda/homeland_security/">http://www.wh=
itehouse.gov/agenda/homeland_security/</a>></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; "><<a =
href=3D"http://www.scmagazineus.com/President-Obamas-cybersecurity-plan-re=
leased/article/126252/">http://www.scmagazineus.com/President-Obamas-cyber=
security-plan-released/article/126252/</a>></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; min-height: 17px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div apple-content-edited=3D"true"><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; color: =
rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: =
normal; font-variant: normal; font-weight: normal; letter-spacing: =
normal; line-height: normal; orphans: 2; text-align: auto; text-indent: =
0px; text-transform: none; white-space: normal; widows: 2; word-spacing: =
0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><div><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><div style=3D"font-size: 12px; =
">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</div><div style=3D"font-size: 12px; ">Monique Yeaton</div><div =
style=3D"font-size: 12px; ">IT Security Awareness Consultant</div><div =
style=3D"font-size: 12px; ">MIT Information Services & Technology =
(IS&T)</div><div style=3D"font-size: 12px; ">(617) =
253-2715</div><div style=3D"font-size: 12px; "><a =
href=3D"http://web.mit.edu/ist/security">http://web.mit.edu/ist/security</=
a></div></span></div><div><br></div><div><span class=3D"Apple-style-span" =
style=3D"color: rgb(192, 0, 0); font-family: Arial; font-size: 12px; =
font-weight: bold; =
">---------------------------------------</span></div><div><font =
class=3D"Apple-style-span" color=3D"#C00000" face=3D"Arial" =
size=3D"3"><span class=3D"Apple-style-span" style=3D"font-size: 12px; =
"><b><span class=3D"Apple-style-span" style=3D"color: rgb(0, 0, 0); =
font-family: Helvetica; font-size: 14px; font-weight: normal; =
"><div><font class=3D"Apple-style-span" color=3D"#C00000" face=3D"Arial" =
size=3D"3"><span class=3D"Apple-style-span" style=3D"font-size: 12px; =
"><b>Important: DO NOT GIVE OUT YOUR =
PASSWORDS! </b></span></font></div><div><font =
class=3D"Apple-style-span" color=3D"#C00000" face=3D"Arial" =
size=3D"3"><span class=3D"Apple-style-span" style=3D"font-size: 12px; =
"><b>Ignore emails asking you to provide yours. IS&T will *NEVER* =
ask you for your =
password. </b></span></font></div></span></b></span></font></div></di=
v></span></div></span></div></span></div></span></div></span></div></span>=
</div></span></div></span></div></span> </div><br></body></html>=
--Apple-Mail-4--517665303--
--===============1946291341==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1946291341==--
