[1956] in Security FYI
[IS&T Security-FYI] Newsletter, August 24, 2009
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Aug 24 15:38:05 2009
Message-Id: <B87ACA97-819B-4EB9-B88E-35E2DDA21B30@mit.edu>
From: Monique Yeaton <myeaton@mit.edu>
To: ist-security-fyi@mit.edu
Mime-Version: 1.0 (Apple Message framework v936)
Date: Mon, 24 Aug 2009 15:35:38 -0400
Cc: itss@mit.edu
Content-Type: multipart/mixed; boundary="===============0819925744=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============0819925744==
Content-Type: multipart/signed; boundary=Apple-Mail-46-104915133; micalg=sha1;
protocol="application/pkcs7-signature"
--Apple-Mail-46-104915133
Content-Type: multipart/alternative;
boundary=Apple-Mail-45-104915071
--Apple-Mail-45-104915071
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
In this issue:
1. Security Updates from Apple
2. Gmail Password Recovery Vulnerability
3. Automatic Update Risks
4. Phishing Site Fooled University
----------------------------------------
1. Security Updates from Apple
----------------------------------------
Apple released several more security updates since the last issue of
this newsletter was published.
---- Safari 4.0.3 ----
Safari 4.0.3 update, includes improvements to stability, compatibility
and security including:
Stability improvements for 3rd party plug-ins, Safari's Top Sites
feature (a list of most visited sites), and web pages that use the
HTML 5 video tag
Fixes an issue that prevented some users from logging into iwork.com
Fixes an issue for Windows users that could cause Web content to be
displayed in grayscale instead of color
Systems (Windows, Vista, Tiger and Leopard) running Safari are
recommended to download the new update. It is available from Apple
Safari's Downloads page:
<http://www.apple.com/safari/download/>
---- Security Update 2009-004 ----
Available for: Mac OS X 10.4.11 and Mac OS X 10.5.8
About a week after releasing Security Update 2009-003 / Mac OS X
10.5.8, Apple released Security Update 2009-004 on August 12, to
address a single vulnerability in the BIND suite of Unix utilities
that works with the Domain Name System. There is reportedly a public
exploit of the vulnerability in wide circulation.
The update is available through Software Update or Apple's Downloads
page:
<http://support.apple.com/downloads/>
-----------------------------------------------------
2. Gmail Password Recovery Vulnerability
-----------------------------------------------------
If you are using Gmail for your personal or primary email account, you
should know about a password recovery vulnerability that could allow a
hacker to gain access to personal information. Many people forget
their passwords, so a password recovery feature is often included in
any online service. Google lets you do this 3 different ways: via
email, via text message, or after answering a personal security
question online.
Watch this video from CNET, which explains how an alleged attack on a
Twitter employee occurred, exposing sensitive company documents. Tips
for how to stay safe are also covered:
<http://blogs.techrepublic.com.com/itdojo/?p=894&tag=nl.e036>
These tips can be applied to other online applications that have
password recovery features. The best tip listed: don't opt in to
recover a password. An effective password is one that no one else can
guess, isn't shared, and is easily remembered.
----------------------------------
3. Automatic Update Risks
----------------------------------
What if an attacker could hijack the update request of a computer
application and download malware instead of the update? A lot of
applications are set to check for updates automatically, without
requiring you to enter an administrative password. A new attack tool,
called Ippon, will scan open Wi-Fi networks specifically for HTTP
update request traffic. If found, Ippon sends a message to the
application that an update is available even if it's not. Once the
connection is established, a malicious file is then downloaded from
the attacker's server.
So far Microsoft and Apple applications are not vulnerable to an Ippon
attack because they are digitally signed. The main way to avoid this
type of attack is to not use open Wi-Fi connections. If using Wi-Fi,
the suggestion is to set updates to manual rather than automatic.
Read the full story here: <http://blogs.techrepublic.com.com/security/?p=2056&tag=nl.e036
>
-------------------------------------------
4. Phishing Site Fooled University
-------------------------------------------
Earlier this summer a phishing attack hit North Carolina State
University's email system. The difference in this attack from other
email phishing attacks that target higher education is that instead of
asking for the user to submit a user name and password via email
reply, this one had a link to the university's email sign-in page.
The Web page looked identical to the university's email sign-in page,
but was actually a fake. It was hosted by the attacker, which could
capture user id and password if someone used it to log on.
Read the full news story here:
<http://chronicle.com/blogPost/Phishing-Attack-Hits-North/7272>
NCSU posted this incident here:
<http://www.ncsu.edu/it/security/webmail-phishing.html>
MIT has seen phishing emails coming in over the past few years,
claiming to be from MIT's IT department or Webmail team, and
requesting user names and passwords. Due to the latest attack at NCSU,
we should educate our community members that attacks can come in a
variety of other formats, such as a spoofed Web page.
=
=
=
========================================================================
Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB
>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you
for your password.
--Apple-Mail-45-104915071
Content-Type: text/html;
charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">In =
this issue:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">1. Security Updates from =
Apple</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">2. Gmail Password Recovery Vulnerability</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">3. =
Automatic Update Risks</div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">4. Phishing Site Fooled University</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">----------------------------------------</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">1. Security Updates from =
Apple</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">----------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Apple released several more security =
updates since the last issue of this newsletter was published.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; "> ---- Safari 4.0.3 =
----</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Safari 4.0.3 update, includes =
improvements to stability, compatibility and security =
including:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div>
<ul style=3D"list-style-type: disc">
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Arial">Stability improvements for 3rd party plug-ins, Safari's Top Sites =
feature (a list of most visited sites), and web pages that use the HTML =
5 video tag</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Fixes =
an issue that prevented some users from logging into iwork.com</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Fixes =
an issue for Windows users that could cause Web content to be displayed =
in grayscale instead of color</li>
</ul><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Systems (Windows, Vista, Tiger and =
Leopard) running Safari are recommended to download the new update. It =
is available from Apple Safari's Downloads page:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; "><<a =
href=3D"http://www.apple.com/safari/download/">http://www.apple.com/safari=
/download/</a>></div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; "> ---- Security Update 2009-004 ----</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Available for: Mac OS X 10.4.11 and =
Mac OS X 10.5.8</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">About a week after releasing =
Security Update 2009-003 / Mac OS X 10.5.8, Apple released Security =
Update 2009-004 on August 12, to address a single vulnerability in the =
BIND suite of Unix utilities that works with the Domain Name System. =
There is reportedly a public exploit of the vulnerability in wide =
circulation.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">The update is available =
through Software Update or Apple's Downloads page:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; "><<a =
href=3D"http://support.apple.com/downloads/">http://support.apple.com/down=
loads/</a>></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><p style=3D"margin: =
0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: =
16.0px"> <br class=3D"webkit-block-placeholder"></p><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">-----------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">2. =
Gmail Password Recovery Vulnerability</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">-----------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">If you are using Gmail for your =
personal or primary email account, you should know about a password =
recovery vulnerability that could allow a hacker to gain access to =
personal information. Many people forget their passwords, so a password =
recovery feature is often included in any online service. Google lets =
you do this 3 different ways: via email, via text message, or after =
answering a personal security question online.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Watch this video from CNET, which =
explains how an alleged attack on a Twitter employee occurred, exposing =
sensitive company documents. Tips for how to stay safe are also =
covered:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; color: rgb(33, 81, 170); "><span style=3D"color: =
#000000"><</span><span style=3D"text-decoration: underline"><a =
href=3D"http://blogs.techrepublic.com.com/itdojo/?p=3D894&tag=3Dnl.e03=
6">http://blogs.techrepublic.com.com/itdojo/?p=3D894&tag=3Dnl.e036</a>=
</span><span style=3D"color: #000000">></span></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">These tips can be applied to other =
online applications that have password recovery features. The best tip =
listed: don't opt in to recover a password. An effective password is one =
that no one else can guess, isn't shared, and is easily =
remembered.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">----------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">3. =
Automatic Update Risks</div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">----------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">What if an attacker could hijack the =
update request of a computer application and download malware instead of =
the update? A lot of applications are set to check for updates =
automatically, without requiring you to enter an administrative =
password. A new attack tool, called Ippon, will scan open Wi-Fi networks =
specifically for HTTP update request traffic. If found, Ippon sends a =
message to the application that an update is available even if it's not. =
Once the connection is established, a malicious file is then downloaded =
from the attacker's server. </div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">So far =
Microsoft and Apple applications are not vulnerable to an Ippon attack =
because they are digitally signed. The main way to avoid this type of =
attack is to not use open Wi-Fi connections. If using Wi-Fi, the =
suggestion is to set updates to manual rather than automatic.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; color: rgb(33, 81, 170); "><span =
style=3D"color: #000000">Read the full story here: <</span><span =
style=3D"text-decoration: underline"><a =
href=3D"http://blogs.techrepublic.com.com/security/?p=3D2056&tag=3Dnl.=
e036">http://blogs.techrepublic.com.com/security/?p=3D2056&tag=3Dnl.e0=
36</a></span><span style=3D"color: #000000">></span></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">-------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">4. =
Phishing Site Fooled University</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; =
">-------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Earlier this summer a phishing attack =
hit North Carolina State University's email system. The difference in =
this attack from other email phishing attacks that target higher =
education is that instead of asking for the user to submit a user name =
and password via email reply, this one had a link to the university's =
email sign-in page.</div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">The Web page looked identical =
to the university's email sign-in page, but was actually a fake. It was =
hosted by the attacker, which could capture user id and password if =
someone used it to log on.</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Read =
the full news story here:</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; "><<a =
href=3D"http://chronicle.com/blogPost/Phishing-Attack-Hits-North/7272">htt=
p://chronicle.com/blogPost/Phishing-Attack-Hits-North/7272</a>></div><d=
iv style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">NCSU posted this incident =
here:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; "><<a =
href=3D"http://www.ncsu.edu/it/security/webmail-phishing.html">http://www.=
ncsu.edu/it/security/webmail-phishing.html</a>></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">MIT has seen phishing emails coming =
in over the past few years, claiming to be from MIT's IT department or =
Webmail team, and requesting user names and passwords. Due to the latest =
attack at NCSU, we should educate our community members that attacks can =
come in a variety of other formats, such as a spoofed Web =
page.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Find current and older issues =
of Security FYI Newsletter: <<a =
href=3D"http://kb.mit.edu/confluence/x/ehBB"><span =
style=3D"text-decoration: underline ; color: =
#2151aa">http://kb.mit.edu/confluence/x/ehBB</span></a>></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><br><div apple-content-edited=3D"true"><span=
class=3D"Apple-style-span" style=3D"border-collapse: separate; color: =
rgb(0, 0, 0); font-family: Calibri; font-size: medium; font-style: =
normal; font-variant: normal; font-weight: normal; letter-spacing: =
normal; line-height: normal; orphans: 2; text-align: auto; text-indent: =
0px; text-transform: none; white-space: normal; widows: 2; word-spacing: =
0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: medium; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; =
"><div><div><div><div><div><div><div><div><div><div><div><div><span =
class=3D"Apple-style-span" style=3D"font-size: =
medium;"><br></span></div><div>Monique Yeaton</div><div>IT Security =
Awareness Consultant</div><div>MIT Information Services & Technology =
(IS&T)</div><div>(617) 253-2715</div><div><a =
href=3D"http://ist.mit.edu/security">http://ist.mit.edu/security</a></div>=
</div><div><br></div><div>---------------------------------------</div><di=
v><div><font class=3D"Apple-style-span" color=3D"#FF0000">Important: DO =
NOT GIVE OUT YOUR PASSWORDS! </font></div><div><font =
class=3D"Apple-style-span" color=3D"#FF0000">Ignore emails asking you to =
provide yours. IS&T will *NEVER* ask you for your =
password. </font></div></div></div></div></div></div></div></div></di=
v></div></div></div></div></span></div></span></div></span> =
</div><br></body></html>=
--Apple-Mail-45-104915071--
--Apple-Mail-46-104915133
Content-Disposition: attachment;
filename=smime.p7s
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIDwjCCA74w
ggMnoAMCAQICEQCgVkmJt2RPZFjUToeFtLUNMA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNVBAYTAlVT
MRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMS4wLAYDVQQKEyVNYXNzYWNodXNldHRzIEluc3RpdHV0
ZSBvZiBUZWNobm9sb2d5MRUwEwYDVQQLEwxDbGllbnQgQ0EgdjEwHhcNMDkwNzA3MTkwNzQ1WhcN
MTAwNzMxMTkwNzQ1WjCBpTELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAs
BgNVBAoTJU1hc3NhY2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxFTATBgNVBAsTDENs
aWVudCBDQSB2MTEXMBUGA1UEAxMOTW9uaXF1ZSBZZWF0b24xHjAcBgkqhkiG9w0BCQEWD215ZWF0
b25ATUlULkVEVTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL5YyEmHtimNf2l9Swh7
azen1VDYTAHPef/hu8pDiEdf51i6i/1uiI7RCvzmGt8SRR3gwx1MuJt3TCKKX7kedPK8owWHRDO1
SQTG+RJHEKa8IeG/7Fk8kXFJqBYbk5sA8YOQOwmlG2x5ssMhfoPAxc44rh9tk4VfDgASGZXQITa+
8SwLG2JSFgUlnvEJAOrw8XRXRX78mgPwkydJQNhfK+ikYm2JtyqM5cSwgLxHh0XldWAI7P4csM79
LQcG4HQZRmTCVeMuy67KgNjtg/94O5AfwLkbP6hwvqsDsfr8aTwhbrhkayJnvXeY0L2X4i9AasVP
aAC4apVYBbIQr5mW4S8CAwEAAaOBoTCBnjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAd
BgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRfbDIy
HJrY3A0bf+451r8D8oZXGjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY2EubWl0LmVkdS9jYS9t
aXRjbGllbnQuY3JsMA0GCSqGSIb3DQEBBQUAA4GBAIa1unH8mI8xbBDdr0Iqub03tHeb4/VWpsPq
GmhYH9vXRI6x7B+dAIwghm4gKo9y4d8qlgcx+1sLjRQ8DkZcXacX52a1eb1qYzXhzNGkxp4EEZIq
xYCHWJRYuitl+cpqVbS0Dxh/+gC5KL4LkMRJjQ6kP1ns99bdK132BxmyNX1+MYIDNjCCAzICAQEw
gYEwbDELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAsBgNVBAoTJU1hc3Nh
Y2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxFTATBgNVBAsTDENsaWVudCBDQSB2MQIR
AKBWSYm3ZE9kWNROh4W0tQ0wCQYFKw4DAhoFAKCCAYkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEH
ATAcBgkqhkiG9w0BCQUxDxcNMDkwODI0MTkzNTM4WjAjBgkqhkiG9w0BCQQxFgQUYjQRH1CNIx4z
aPiJtvFyOkySeWwwgZIGCSsGAQQBgjcQBDGBhDCBgTBsMQswCQYDVQQGEwJVUzEWMBQGA1UECBMN
TWFzc2FjaHVzZXR0czEuMCwGA1UEChMlTWFzc2FjaHVzZXR0cyBJbnN0aXR1dGUgb2YgVGVjaG5v
bG9neTEVMBMGA1UECxMMQ2xpZW50IENBIHYxAhEAoFZJibdkT2RY1E6HhbS1DTCBlAYLKoZIhvcN
AQkQAgsxgYSggYEwbDELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAsBgNV
BAoTJU1hc3NhY2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxFTATBgNVBAsTDENsaWVu
dCBDQSB2MQIRAKBWSYm3ZE9kWNROh4W0tQ0wDQYJKoZIhvcNAQEBBQAEggEAMzyjSIj7rqAqnIxJ
EW1xN1hAAWy2Iy26YGI/xzq3NcqeLzZRfv5T8EAnNUsZKh9v4kHK/JnjSYNrbgyQxJrLLQXA9xBM
Gyk2ocM+pmA8DWVmWbK2VS2LA2uEMiGqKblcwdHGlpSk0KbZ9pQ74jhhERFv/cTPGxCfTfBqZzEK
V5xswbEoAmLT7usD8Zl+Qt/hrjWUe1DwFvPWkBQRcFkqZQA5aNdmt3I10P4a9bY34EtMABFFxuRK
mCI8C2UzaIfrtomKf9v7meerC/s5a7V126Yv+8roA9kODuKhxfyBMBg0C7+DHXlSfFWzmSgOTvQV
MfNasSdGKL0pSJ5xJ1WwOQAAAAAAAA==
--Apple-Mail-46-104915133--
--===============0819925744==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0819925744==--
