[1536] in Security FYI
Re: [IS&T Security-FYI] SFYI Newsletter, January 30,
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Fri Jan 30 14:29:59 2009
Message-Id: <77AA919D-358D-4D20-9427-609DE0962085@mit.edu>
From: Monique Yeaton <myeaton@MIT.EDU>
To: ist-security-fyi@MIT.EDU
In-Reply-To: <35733D7C-6797-43F0-8734-682A82E2B102@mit.edu>
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Fri, 30 Jan 2009 14:24:21 -0500
Cc: itss@MIT.EDU
Content-Type: multipart/mixed; boundary="===============0693652816=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============0693652816==
Content-Type: multipart/alternative; boundary=Apple-Mail-7--514292628
--Apple-Mail-7--514292628
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
A small correction:
In the article about the New Security Standards Adopted by
Massachusetts below, the extensions on the dates for compliance are
not quite accurate. The complete language of the new deadlines is here:
http://www.mass.gov/?pageID=ocapressrelease&L=1&L0=Home&sid=Eoca&b=pressrelease&f=081114_IDTheftupdate&csid=Eoca
The article below notes:
"The January 1, 2009 deadline was extended to May 1, 2009 for
contractual compliance and general provisions of the regulation, and
January 1, 2010 for encryption and certification."
The deadlines listed for contractual compliance, general provisions
and certification are accurate. The certification refers to third-
party providers. However, the encryption deadlines are May 1, 2009 for
laptops and January 1, 2010 for other portable devices.
Thanks,
Monique
On Jan 30, 2009, at 1:28 PM, Monique Yeaton wrote:
>
> In this issue:
>
> 1. Two Big Computer Attacks Making the Rounds
> 2. New Security Standards Adopted by Massachusetts
> 3. Heartland Security Breach
> 4. Spam Levels Expected to Rise Soon
> 5. White House Posts Network Security Agenda
>
>
> --------------------------------------------------------------
> 1. Two Big Computer Attacks Making the Rounds
> --------------------------------------------------------------
>
> --Sophisticated Windows Worm Conficker--
> The Conficker worm, also known as Downadup and Kido, is troubling
> computer systems around the globe. This Windows worm, known by
> different monikers due to the various anti-virus and anti-malware
> companies out there, was first seen in Oct. 2008. Microsoft released
> a patch to solve the problem but the past week has seen the worm
> take hold once again due to a new strain, dubbed Conficker.B,
> causing more problems this month than the older version,
> Conficker.A, did at the end of last year. Officials put the total
> number of computers infected up to 3 million.
>
> Read more here:
> <http://tech.blorge.com/Structure:%20/2009/01/17/beware-the-windows-worm-conficker-downadup-kido-rampant/
> >
> <http://news.bbc.co.uk/2/hi/technology/7832652.stm>
>
> --Pirated Copies of iWork 09 Contain Trojan--
> Illegal copies of Apple's iWork 09 and Adobe's Photoshop CS4 have
> been appearing on file sharing websites. The pirated software is
> believed to contain a Trojan horse program known as iServices.A. The
> Trojan has root access to infected computers. Once in place, it
> connects to a remote server and downloads additional software that
> makes the infected computer part of a botnet. The Trojan has already
> been inadvertently downloaded by an estimated 20,000 users. This
> should send a warning to would-be downloaders of pirated software.
>
> Read more and learn how to remove the Trojan here:
> <http://kb.mit.edu/confluence/x/HRZB>
>
>
> --------------------------------------------------------------------
> 2. New Security Standards Adopted by Massachusetts
> --------------------------------------------------------------------
>
> Article by: Janine Hiller, Professor of Business Law, Virginia Tech:
> "New Security Standards Adopted by Massachusetts"
>
> Massachusetts security regulations adopted in 2008 are so
> controversial that the deadline for compliance has already been
> extended, and comments about possible amendments were heard January
> 16th, 2009. The requirements, intended to prevent identity theft,
> incorporate a good deal of the standard FTC security provisions; a
> comprehensive security program, identification of internal and
> external risks, employee security policies, and the like.
> Furthermore, the regulations list specific security actions that
> must be implemented. Several highly debated provisions include
> mandatory encryption of personal information of Massachusetts
> residents held in a laptop or portable device, contractually
> requiring third party service providers to comply with security
> protections, and a written certificate of compliance from those
> providers.
>
> The January 1, 2009 deadline was extended to May 1, 2009 for
> contractual compliance and general provisions of the regulation, and
> January 1, 2010 for encryption and certification. These seem to be
> the most specific and strongest security regulations to date. The
> importance of one state's specific security requirements for the
> protection of residents' personal information can not be
> overemphasized; as the Data Breach Notification laws showed, one
> state's laws can affect other residents, and can spur action by
> other states.
>
> Standards are found here:
> <http://www.mass.gov/?pageID=ocaterminal&L=3&L0=Home&L1=Consumer&L2=Identity+Theft&sid=Eoca&b=terminalcontent&f=idtheft_201cmr17&csid=Eoca
> >
> See Massachusetts Office of Consumer Affairs and Business and
> Business Regulation for further information.
>
>
> -------------------------------------
> 3. Heartland Security Breach
> -------------------------------------
>
> Princeton, NJ-based Heartland Payment Systems has acknowledged a
> data security breach that may affect tens of millions of payment
> card accounts. The breach apparently occurred in 2008, and
> Heartland says the only data affected by that breach were the names
> and/or number associated with payment cards; no merchant data,
> Social Security numbers (SSNs), addresses or phone numbers were
> compromised. Heartland discovered the breach after MasterCard and
> Visa contacted the company regarding suspicious activity associated
> with certain accounts. Investigators found malware lurking on
> Heartland's network.
>
> Heartland's system processes 100 million transactions a month and
> were regarded PCI certified. Many of the transactions using the
> Heartland Payment System are not over the Internet, but are done in
> retail stores and restaurants. If you think your credit card has
> been compromised, contact the financial institution that issued the
> card.
>
> Read full story here:
> <http://www.msnbc.msn.com/id/28758856/>
>
> Response from Heartland:
> <http://2008breach.com/>
>
> [Article source: SANS]
>
>
> -------------------------------------------------
> 4. Spam Levels Expected to Rise Soon
> -------------------------------------------------
>
> Although spam levels dropped sharply after the hosting company
> McColo was taken offline by its upstream providers two months ago,
> new botnets and several resilient older ones are once again building
> the volume of spam. Levels are expected to reach pre-takedown
> levels in about one month, if the recent trend continues. McColo
> was disconnected from the Internet by its upstream provider after
> the provider received information indicating the hosting company had
> numerous customers involved in cybercrime. McColo's takedown all
> but demolished the Srizbi botnet and crippled several others,
> including Rustock. However, no arrests were made and new botnets
> have taken their places, including one called Ozdok or Mega-D that
> takes screenshots of activity on infected machines and sends them
> back to a remote server.
>
> Read more here:
> <http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9126793&source=rss_topic17
> >
>
> [Article source: SANS]
>
>
> ------------------------------------------------------------
> 5. White House Posts Network Security Agenda
> ------------------------------------------------------------
>
> In its recently posted Homeland Security Agenda, the Obama
> administration has outlined its six major information network
> protection goals:
>
> - strengthen federal leadership on cyber security;
> - initiate a safe computing R&D effort and harden our nation's
> cyber infrastructure;
> - protect the IT infrastructure that keeps America's economy safe;
> - prevent corporate cyber espionage;
> - develop a cyber crime strategy to minimize the opportunities for
> criminal profit;
> - and mandate standards for securing personal data and require
> companies to disclose personal information data breaches.
>
> Notable under the first item is that the administration plans to
> "establish the position of national cyber advisor who will report
> directly to the president and will be responsible for coordinating
> federal agency efforts and development of national cyber security
> policy."
>
> Read more here:
> <http://www.whitehouse.gov/agenda/homeland_security/>
> <http://www.scmagazineus.com/President-Obamas-cybersecurity-plan-released/article/126252/
> >
>
>
>
> =========================
> Monique Yeaton
> IT Security Awareness Consultant
> MIT Information Services & Technology (IS&T)
> (617) 253-2715
> http://web.mit.edu/ist/security
>
> ---------------------------------------
> Important: DO NOT GIVE OUT YOUR PASSWORDS!
> Ignore emails asking you to provide yours. IS&T will *NEVER* ask you
> for your password.
>
--Apple-Mail-7--514292628
Content-Type: text/html;
charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; ">A small =
correction:<br><div><br></div><div>In the article about the New =
Security Standards Adopted by Massachusetts below, the extensions on the =
dates for compliance are not quite accurate. The complete language of =
the new deadlines is here:<div><br></div><div><a =
href=3D"http://www.mass.gov/?pageID=3Docapressrelease&L=3D1&L0=3DH=
ome&sid=3DEoca&b=3Dpressrelease&f=3D081114_IDTheftupdate&c=
sid=3DEoca">http://www.mass.gov/?pageID=3Docapressrelease&L=3D1&L0=
=3DHome&sid=3DEoca&b=3Dpressrelease&f=3D081114_IDTheftupdate&a=
mp;csid=3DEoca</a></div><div><br></div><div>The article below =
notes:</div><div>"The January 1, 2009 deadline was extended to May 1, =
2009 for contractual compliance and general provisions of the =
regulation, and January 1, 2010 for encryption and =
certification."</div><div><br></div><div>The deadlines listed for =
contractual compliance, general provisions and certification are =
accurate. The certification refers to third-party providers. However, =
the encryption deadlines are May 1, 2009 for laptops and January 1, 2010 =
for other portable =
devices.</div><div><br></div><div>Thanks,</div><div><div =
apple-content-edited=3D"true"><div style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; =
"><div><br =
class=3D"khtml-block-placeholder"></div><div>Monique</div></div></div></di=
v></div><div apple-content-edited=3D"true"> <span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 14px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><div =
style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; =
-khtml-line-break: after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; border-spacing: 0px 0px; color: =
rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: =
normal; font-variant: normal; font-weight: normal; letter-spacing: =
normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; =
"><div><br></div></span></div></span> </div><br><div><div>On Jan 30, =
2009, at 1:28 PM, Monique Yeaton wrote:</div><br =
class=3D"Apple-interchange-newline"><blockquote type=3D"cite"><div =
style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">In =
this issue:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">1. =
Two Big Computer Attacks Making the Rounds</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; ">2. New Security Standards =
Adopted by Massachusetts</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">3. Heartland Security =
Breach</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">4. Spam Levels Expected to Rise Soon</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">5. =
White House Posts Network Security Agenda</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; min-height: 17px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">--------------------------------------------------------------</div><div=
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">1. =
Two Big Computer Attacks Making the Rounds</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; =
">--------------------------------------------------------------</div><div=
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">--Sophisticated Windows Worm =
Conficker--</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">The Conficker worm, also known as Downadup and =
Kido, is troubling computer systems around the globe. This Windows =
worm, known by different monikers due to the various anti-virus and =
anti-malware companies out there, was first seen in Oct. 2008. Microsoft =
released a patch to solve the problem but the past week has seen the =
worm take hold once again due to a new strain, dubbed Conficker.B, =
causing more problems this month than the older version, Conficker.A, =
did at the end of last year. Officials put the total number of computers =
infected up to 3 million. </div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Read more here:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; "><<a =
href=3D"http://tech.blorge.com/Structure:%20/2009/01/17/beware-the-windows=
-worm-conficker-downadup-kido-rampant/">http://tech.blorge.com/Structure:%=
20/2009/01/17/beware-the-windows-worm-conficker-downadup-kido-rampant/</a>=
></div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
"><<a =
href=3D"http://news.bbc.co.uk/2/hi/technology/7832652.stm">http://news.bbc=
.co.uk/2/hi/technology/7832652.stm</a>></div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; min-height: 17px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">--Pirated Copies of iWork 09 Contain =
Trojan--</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">Illegal copies of Apple's iWork 09 and Adobe's =
Photoshop CS4 have been appearing on file sharing websites. The =
pirated software is believed to contain a Trojan horse program known as =
iServices.A. The Trojan has root access to infected computers. =
Once in place, it connects to a remote server and downloads =
additional software that makes the infected computer part of a botnet. =
The Trojan has already been inadvertently downloaded by an estimated =
20,000 users. This should send a warning to would-be downloaders of =
pirated software.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Read more and learn how to remove the Trojan here:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
"><<a =
href=3D"http://kb.mit.edu/confluence/x/HRZB">http://kb.mit.edu/confluence/=
x/HRZB</a>></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; =
">--------------------------------------------------------------------</di=
v><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">2. =
New Security Standards Adopted by Massachusetts</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">--------------------------------------------------------------------</di=
v><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Article by: Janine Hiller, =
Professor of Business Law, Virginia Tech: "New Security Standards =
Adopted by Massachusetts"</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Massachusetts security regulations adopted in 2008 are so =
controversial that the deadline for compliance has already been =
extended, and comments about possible amendments were heard January =
16th, 2009. The requirements, intended to prevent identity theft, =
incorporate a good deal of the standard FTC security provisions; a =
comprehensive security program, identification of internal and external =
risks, employee security policies, and the like. Furthermore, the =
regulations list specific security actions that must be implemented. =
Several highly debated provisions include mandatory encryption of =
personal information of Massachusetts residents held in a laptop or =
portable device, contractually requiring third party service providers =
to comply with security protections, and a written certificate of =
compliance from those providers. </div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; min-height: 17px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">The January 1, 2009 deadline was extended to =
May 1, 2009 for contractual compliance and general provisions of the =
regulation, and January 1, 2010 for encryption and certification. These =
seem to be the most specific and strongest security regulations to date. =
The importance of one state's specific security requirements for the =
protection of residents' personal information can not be overemphasized; =
as the Data Breach Notification laws showed, one state's laws can affect =
other residents, and can spur action by other states.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Standards are found =
here:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; "><<a =
href=3D"http://www.mass.gov/?pageID=3Docaterminal&L=3D3&L0=3DHome&=
amp;L1=3DConsumer&L2=3DIdentity+Theft&sid=3DEoca&b=3Dterminalc=
ontent&f=3Didtheft_201cmr17&csid=3DEoca">http://www.mass.gov/?page=
ID=3Docaterminal&L=3D3&L0=3DHome&L1=3DConsumer&L2=3DIdenti=
ty+Theft&sid=3DEoca&b=3Dterminalcontent&f=3Didtheft_201cmr17&a=
mp;csid=3DEoca</a>></div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">See Massachusetts Office of Consumer Affairs =
and Business and Business Regulation for further information.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">-------------------------------------</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; ">3. Heartland Security =
Breach</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">-------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Princeton, NJ-based Heartland =
Payment Systems has acknowledged a data security breach that may affect =
tens of millions of payment card accounts. The breach apparently =
occurred in 2008, and Heartland says the only data affected by that =
breach were the names and/or number associated with payment cards; no =
merchant data, Social Security numbers (SSNs), addresses or phone =
numbers were compromised. Heartland discovered the breach after =
MasterCard and Visa contacted the company regarding suspicious activity =
associated with certain accounts. Investigators found malware lurking on =
Heartland's network. </div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Heartland's system processes 100 million transactions a month and were =
regarded PCI certified. Many of the transactions using the Heartland =
Payment System are not over the Internet, but are done in retail stores =
and restaurants. If you think your credit card has been compromised, =
contact the financial institution that issued the card.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Read full story here:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
"><<a =
href=3D"http://www.msnbc.msn.com/id/28758856/">http://www.msnbc.msn.com/id=
/28758856/</a>></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Response from Heartland:</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; "><<a =
href=3D"http://2008breach.com/">http://2008breach.com/</a>></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">[Article source: SANS]</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">-------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">4. =
Spam Levels Expected to Rise Soon</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; =
">-------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Although spam levels dropped =
sharply after the hosting company McColo was taken offline by its =
upstream providers two months ago, new botnets and several resilient =
older ones are once again building the volume of spam. Levels are =
expected to reach pre-takedown levels in about one month, if the recent =
trend continues. McColo was disconnected from the Internet by its =
upstream provider after the provider received information indicating the =
hosting company had numerous customers involved in cybercrime. =
McColo's takedown all but demolished the Srizbi botnet and =
crippled several others, including Rustock. However, no arrests =
were made and new botnets have taken their places, including one called =
Ozdok or Mega-D that takes screenshots of activity on infected machines =
and sends them back to a remote server.</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; min-height: 17px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">Read more here:</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; "><<a =
href=3D"http://www.computerworld.com/action/article.do?command=3DviewArtic=
leBasic&articleId=3D9126793&source=3Drss_topic17">http://www.compu=
terworld.com/action/article.do?command=3DviewArticleBasic&articleId=3D=
9126793&source=3Drss_topic17</a>></div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; min-height: 17px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">[Article source: SANS]</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">------------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">5. =
White House Posts Network Security Agenda</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; =
">------------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">In its recently posted Homeland =
Security Agenda, the Obama administration has outlined its six major =
information network protection goals: </div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; min-height: 17px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; "> - strengthen federal leadership on cyber =
security; </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; "> - initiate a safe computing R&D =
effort and harden our nation's cyber infrastructure; </div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
"> - protect the IT infrastructure that keeps America's economy =
safe; </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; "> - prevent corporate cyber =
espionage; </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; "> - develop a cyber crime strategy to =
minimize the opportunities for criminal profit; </div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
"> - and mandate standards for securing personal data and require =
companies to disclose personal information data breaches. =
</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Notable under the first item is that the administration plans to =
"establish the position of national cyber advisor who will report =
directly to the president and will be responsible for coordinating =
federal agency efforts and development of national cyber security =
policy."</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Read more here:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; "><<a =
href=3D"http://www.whitehouse.gov/agenda/homeland_security/">http://www.wh=
itehouse.gov/agenda/homeland_security/</a>></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; "><<a =
href=3D"http://www.scmagazineus.com/President-Obamas-cybersecurity-plan-re=
leased/article/126252/">http://www.scmagazineus.com/President-Obamas-cyber=
security-plan-released/article/126252/</a>></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; min-height: 17px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div apple-content-edited=3D"true"><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; color: =
rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: =
normal; font-variant: normal; font-weight: normal; letter-spacing: =
normal; line-height: normal; orphans: 2; text-align: auto; text-indent: =
0px; text-transform: none; white-space: normal; widows: 2; word-spacing: =
0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><div><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><div style=3D"font-size: 12px; =
">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</div><div style=3D"font-size: 12px; ">Monique Yeaton</div><div =
style=3D"font-size: 12px; ">IT Security Awareness Consultant</div><div =
style=3D"font-size: 12px; ">MIT Information Services & Technology =
(IS&T)</div><div style=3D"font-size: 12px; ">(617) =
253-2715</div><div style=3D"font-size: 12px; "><a =
href=3D"http://web.mit.edu/ist/security">http://web.mit.edu/ist/security</=
a></div></span></div><div><br></div><div><span class=3D"Apple-style-span" =
style=3D"color: rgb(192, 0, 0); font-family: Arial; font-size: 12px; =
font-weight: bold; =
">---------------------------------------</span></div><div><font =
class=3D"Apple-style-span" color=3D"#C00000" face=3D"Arial" =
size=3D"3"><span class=3D"Apple-style-span" style=3D"font-size: 12px; =
"><b><span class=3D"Apple-style-span" style=3D"color: rgb(0, 0, 0); =
font-family: Helvetica; font-size: 14px; font-weight: normal; =
"><div><font class=3D"Apple-style-span" color=3D"#C00000" face=3D"Arial" =
size=3D"3"><span class=3D"Apple-style-span" style=3D"font-size: 12px; =
"><b>Important: DO NOT GIVE OUT YOUR =
PASSWORDS! </b></span></font></div><div><font =
class=3D"Apple-style-span" color=3D"#C00000" face=3D"Arial" =
size=3D"3"><span class=3D"Apple-style-span" style=3D"font-size: 12px; =
"><b>Ignore emails asking you to provide yours. IS&T will *NEVER* =
ask you for your =
password. </b></span></font></div></span></b></span></font></div></di=
v></span></div></span></div></span></div></span></div></span></div></span>=
</div></span></div></span></div></span> =
</div><br></div></blockquote></div><br></body></html>=
--Apple-Mail-7--514292628--
--===============0693652816==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0693652816==--
