[2066] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, Recognizing Phishing
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Nov 2 14:47:07 2009
Message-Id: <F7FB3011-185F-4CB4-8CC9-71AB22C2D541@mit.edu>
From: Monique Yeaton <myeaton@mit.edu>
To: ist-security-fyi@mit.edu
Mime-Version: 1.0 (Apple Message framework v936)
Date: Mon, 2 Nov 2009 14:38:35 -0500
Cc: itss@mit.edu
Content-Type: multipart/mixed; boundary="===============1395979095=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============1395979095==
Content-Type: multipart/signed; boundary=Apple-Mail-354--289358500; micalg=sha1;
protocol="application/pkcs7-signature"
--Apple-Mail-354--289358500
Content-Type: multipart/alternative;
boundary=Apple-Mail-353--289358586
--Apple-Mail-353--289358586
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
In this issue:
-------------------------------------
Recognizing Phishing Attacks
-------------------------------------
The Smart Response
There have been many reports and warnings about phishing attacks these
days. This makes it difficult to keep track of all of them or to
respond to each one appropriately. At MIT we put so much emphasis on
not giving out password information in response to an email, that we
can forget about all the other stuff we should not give out either,
such as our social security number, medical information, credit card
number, bank account number and date of birth.
Our common sense should tell us how to respond to "fishy" email
requests. If you aren't sure who is on the receiving end of the
information, or think the requester may not be legitimate, ignore them
and delete them. You can feel safe in assuming that you will suffer no
dire consequences (such as your email accounts or financial accounts
being suspended) by doing so.
Through experience you may have learned how to recognize a fake email
from a real one: spelling mistakes, grammatical errors, dire warnings
given if you don't reply, a fake "from" email address, a link within
the email that looks iffy, and promises of money.
Other Variations
Some phishing attacks are harder to recognize. Making users aware of
these takes more than just a one-line warning such as "don't ever give
out your password or personal information in an email."
These phishing attacks may seem harmless because they don't require
you to provide anyone with information. All they ask is that you open
the attachment they sent.
Recent examples came from Facebook and DHL. Many of us are on Facebook
and at MIT we use DHL for shipping. So receiving an email from these
sources seems feasible. Except for the fact that the messages aren't
really coming from these places at all, and the attachment (often
a .zip file) will do scary things to your computer.
Would you know better than to click on the attachment if you saw an
email from Facebook with this message: "Because of measures taken to
provide safety to our clients, your password has been changed. You can
find your new password in attached document."?
See an example here: <http://blogs.zdnet.com/security/?p=4724>
Some of the messages seemingly coming from Facebook did not have an
attachment, but had a link to click. See examples here: <http://ddanchev.blogspot.com/2009/10/ongoing-fdic-spam-campaign-serves-zeus.html
>
Or how about this one from DHL: "Dear Customer! The courier company
was not able to deliver your parcel by your address. Cause: Error in
shipping address. You may pick the parcel at our post office personaly
(oops there's a spelling error)! Please attention! (broken English)
The shipping label is attached to this e-mail. Print this label to get
this package at our post office."
That second one has a few clues revealing a scam, such as the language
and spelling. The use of exclamation points are also a clue. But some
of the recipients may not be English speakers themselves and not catch
these clues.
DHL's response: <http://www.dhl-usa.com/custserv/servicealert.asp?id=1>
What could happen if you clicked the .zip attachments? The .zip file
contains an .exe file that connects to servers to download additional
malicious files and joins the Bredolab botnet. Attackers now have full
control of the PC and can send spam emails or steal information on the
PC.
Lessons We Can Learn
1. File attachments can be dangerous.
Do not click on a .zip file when sent as an email attachment and to be
skeptical of any business who sends an email with an attachment. (A
Facebook spokesperson: "Facebook will never send you a new password as
an attachment.")
Other file types that can be dangerous include .html, .pdf, and .exe.
See a full list of them here: <http://webfreebies4u.blogspot.com/2009/06/dangerous-email-file-attachments-you.html
>
MIT's email server automatically blocks many dangerous file attachments.
2. Be skeptical of any emails you receive that you were not expecting.
If anything in an email seems at all off-kilter, you ought to be
suspicious. For instance, why would Facebook send you a new password
rather than allow you to change it yourself? And did you actually ship
something using DHL recently?
3. Trust your spam filter.
If the emails ended up in your spam/junk folder, you can assume it's
really junk. About 8% of users who received the fake Facebook message
pulled the message out of their junk file to open it. Set your filters
up so that legitimate emails do not end up there by adding them to
your good senders list.
3. Using a business computer for personal use might be dangerous.
Chances are, if you keep a computer solely for business use and do not
visit web sites or receive emails for personal use on that computer,
the computer has a better chance of not becoming infected with a
virus. Especially as more and more attacks are targeting Facebook and
other social networking sites. However, this will complicate matters
for those who use social networking for work.
These latest attacks in the news:
<http://www.computerworld.com/s/article/9140058/Massive_bot_attack_spoofs_Facebook_password_messages
>
<http://www.securitymanagement.com/news/two-new-fraudulent-e-mails-pose-facebook-and-federal-deposit-insurance-corporation-006378
>
<http://www.computerworld.com.au/article/324082/symantec_threat_bulletin_-_28_october_2009
>
=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--Apple-Mail-353--289358586
Content-Type: text/html;
charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">In =
this issue:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">-------------------------------------</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; ">Recognizing Phishing =
Attacks</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">-------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">The Smart Response</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">There have been many reports and =
warnings about phishing attacks these days. This makes it difficult to =
keep track of all of them or to respond to each one appropriately. At =
MIT we put so much emphasis on not giving out password information in =
response to an email, that we can forget about all the other stuff we =
should not give out either, such as our social security number, medical =
information, credit card number, bank account number and date of =
birth. </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Our common sense should tell us how to respond to "fishy" email =
requests. If you aren't sure who is on the receiving end of the =
information, or think the requester may not be legitimate, ignore them =
and delete them. You can feel safe in assuming that you will suffer no =
dire consequences (such as your email accounts or financial accounts =
being suspended) by doing so. </div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Through experience you may have learned how to recognize a fake email =
from a real one: spelling mistakes, grammatical errors, dire warnings =
given if you don't reply, a fake "from" email address, a link within the =
email that looks iffy, and promises of money.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Other Variations</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Some phishing attacks are harder =
to recognize. Making users aware of these takes more than just a =
one-line warning such as "don't ever give out your password or personal =
information in an email."</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">These phishing attacks may seem harmless because they don't require =
you to provide anyone with information. All they ask is that you open =
the attachment they sent. </div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Recent examples came from Facebook and DHL. Many of us are on Facebook =
and at MIT we use DHL for shipping. So receiving an email from these =
sources seems feasible. Except for the fact that the messages aren't =
really coming from these places at all, and the attachment (often a .zip =
file) will do scary things to your computer. </div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Would you know better than to =
click on the attachment if you saw an email from Facebook with this =
message: "Because of measures taken to provide safety to our clients, =
your password has been changed. You can find your new password in =
attached document."?</div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">See an example here: <<a =
href=3D"http://blogs.zdnet.com/security/?p=3D4724">http://blogs.zdnet.com/=
security/?p=3D4724</a>> </div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Some of the messages seemingly coming from Facebook did not have an =
attachment, but had a link to click. See examples here: <<a =
href=3D"http://ddanchev.blogspot.com/2009/10/ongoing-fdic-spam-campaign-se=
rves-zeus.html">http://ddanchev.blogspot.com/2009/10/ongoing-fdic-spam-cam=
paign-serves-zeus.html</a>></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">Or =
how about this one from DHL: "Dear Customer! The courier company was not =
able to deliver your parcel by your address. Cause: Error in shipping =
address. You may pick the parcel at our post office personaly (oops =
there's a spelling error)! Please attention! (broken English) The =
shipping label is attached to this e-mail. Print this label to get this =
package at our post office."</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">That second one has a few clues revealing a scam, such as the language =
and spelling. The use of exclamation points are also a clue. But some of =
the recipients may not be English speakers themselves and not catch =
these clues. </div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">DHL's response: <<a =
href=3D"http://www.dhl-usa.com/custserv/servicealert.asp?id=3D1">http://ww=
w.dhl-usa.com/custserv/servicealert.asp?id=3D1</a>></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">What could happen if you clicked =
the .zip attachments? The .zip file contains an .exe file that connects =
to servers to download additional malicious files and joins the Bredolab =
botnet. Attackers now have full control of the PC and can send spam =
emails or steal information on the PC.</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; min-height: 17px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">Lessons We Can Learn</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">1. File attachments can be =
dangerous.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">Do not click on a .zip file when sent as an =
email attachment and to be skeptical of any business who sends an email =
with an attachment. (A Facebook spokesperson: "Facebook will never send =
you a new password as an attachment.")</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; min-height: 17px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">Other file types that can be dangerous include =
.html, .pdf, and .exe. See a full list of them here: <<a =
href=3D"http://webfreebies4u.blogspot.com/2009/06/dangerous-email-file-att=
achments-you.html">http://webfreebies4u.blogspot.com/2009/06/dangerous-ema=
il-file-attachments-you.html</a>> </div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; min-height: 17px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">MIT's email server automatically blocks many =
dangerous file attachments.</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">2. =
Be skeptical of any emails you receive that you were not =
expecting. </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">If anything in an email seems at all =
off-kilter, you ought to be suspicious. For instance, why would Facebook =
send you a new password rather than allow you to change it yourself? And =
did you actually ship something using DHL recently?</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">3. Trust your spam =
filter. </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">If the emails ended up in your spam/junk =
folder, you can assume it's really junk. About 8% of users who received =
the fake Facebook message pulled the message out of their junk file to =
open it. Set your filters up so that legitimate emails do not end up =
there by adding them to your good senders list.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">3. Using a business computer for =
personal use might be dangerous.</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Chances are, if you keep a =
computer solely for business use and do not visit web sites or receive =
emails for personal use on that computer, the computer has a better =
chance of not becoming infected with a virus. Especially as more and =
more attacks are targeting Facebook and other social networking sites. =
However, this will complicate matters for those who use social =
networking for work.</div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">These latest attacks in the news:</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
"><<a =
href=3D"http://www.computerworld.com/s/article/9140058/Massive_bot_attack_=
spoofs_Facebook_password_messages">http://www.computerworld.com/s/article/=
9140058/Massive_bot_attack_spoofs_Facebook_password_messages</a>></div>=
<div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; "><<a =
href=3D"http://www.securitymanagement.com/news/two-new-fraudulent-e-mails-=
pose-facebook-and-federal-deposit-insurance-corporation-006378">http://www=
.securitymanagement.com/news/two-new-fraudulent-e-mails-pose-facebook-and-=
federal-deposit-insurance-corporation-006378</a>></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; "><<a =
href=3D"http://www.computerworld.com.au/article/324082/symantec_threat_bul=
letin_-_28_october_2009">http://www.computerworld.com.au/article/324082/sy=
mantec_threat_bulletin_-_28_october_2009</a>></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><font class=3D"Apple-style-span" =
face=3D"Calibri"><span class=3D"Apple-style-span" style=3D"font-size: =
medium;"><font class=3D"Apple-style-span" =
face=3D"Helvetica"><br></font></span></font></div><div =
apple-content-edited=3D"true"><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: medium; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; =
white-space: normal; widows: 2; word-spacing: 0px; =
-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: =
0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; =
"><div><div><div><br></div><div>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</div><div>Monique Yeaton</div><div>IT =
Security Awareness Consultant</div><div>MIT Information Services & =
Technology (IS&T)</div><div>(617) 253-2715</div><div><a =
href=3D"http://ist.mit.edu/security">http://ist.mit.edu/security</a></div>=
<div><br></div><br></div></div><br></div></span><br =
class=3D"Apple-interchange-newline"></div></span><br =
class=3D"Apple-interchange-newline"> </div><br></body></html>=
--Apple-Mail-353--289358586--
--Apple-Mail-354--289358500
Content-Disposition: attachment;
filename=smime.p7s
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIDwjCCA74w
ggMnoAMCAQICEQCgVkmJt2RPZFjUToeFtLUNMA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNVBAYTAlVT
MRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMS4wLAYDVQQKEyVNYXNzYWNodXNldHRzIEluc3RpdHV0
ZSBvZiBUZWNobm9sb2d5MRUwEwYDVQQLEwxDbGllbnQgQ0EgdjEwHhcNMDkwNzA3MTkwNzQ1WhcN
MTAwNzMxMTkwNzQ1WjCBpTELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAs
BgNVBAoTJU1hc3NhY2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxFTATBgNVBAsTDENs
aWVudCBDQSB2MTEXMBUGA1UEAxMOTW9uaXF1ZSBZZWF0b24xHjAcBgkqhkiG9w0BCQEWD215ZWF0
b25ATUlULkVEVTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL5YyEmHtimNf2l9Swh7
azen1VDYTAHPef/hu8pDiEdf51i6i/1uiI7RCvzmGt8SRR3gwx1MuJt3TCKKX7kedPK8owWHRDO1
SQTG+RJHEKa8IeG/7Fk8kXFJqBYbk5sA8YOQOwmlG2x5ssMhfoPAxc44rh9tk4VfDgASGZXQITa+
8SwLG2JSFgUlnvEJAOrw8XRXRX78mgPwkydJQNhfK+ikYm2JtyqM5cSwgLxHh0XldWAI7P4csM79
LQcG4HQZRmTCVeMuy67KgNjtg/94O5AfwLkbP6hwvqsDsfr8aTwhbrhkayJnvXeY0L2X4i9AasVP
aAC4apVYBbIQr5mW4S8CAwEAAaOBoTCBnjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAd
BgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRfbDIy
HJrY3A0bf+451r8D8oZXGjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY2EubWl0LmVkdS9jYS9t
aXRjbGllbnQuY3JsMA0GCSqGSIb3DQEBBQUAA4GBAIa1unH8mI8xbBDdr0Iqub03tHeb4/VWpsPq
GmhYH9vXRI6x7B+dAIwghm4gKo9y4d8qlgcx+1sLjRQ8DkZcXacX52a1eb1qYzXhzNGkxp4EEZIq
xYCHWJRYuitl+cpqVbS0Dxh/+gC5KL4LkMRJjQ6kP1ns99bdK132BxmyNX1+MYIDNjCCAzICAQEw
gYEwbDELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAsBgNVBAoTJU1hc3Nh
Y2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxFTATBgNVBAsTDENsaWVudCBDQSB2MQIR
AKBWSYm3ZE9kWNROh4W0tQ0wCQYFKw4DAhoFAKCCAYkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEH
ATAcBgkqhkiG9w0BCQUxDxcNMDkxMTAyMTkzODM2WjAjBgkqhkiG9w0BCQQxFgQUM1hMj0MLf2bK
dqKxyvdkjhW6qZ0wgZIGCSsGAQQBgjcQBDGBhDCBgTBsMQswCQYDVQQGEwJVUzEWMBQGA1UECBMN
TWFzc2FjaHVzZXR0czEuMCwGA1UEChMlTWFzc2FjaHVzZXR0cyBJbnN0aXR1dGUgb2YgVGVjaG5v
bG9neTEVMBMGA1UECxMMQ2xpZW50IENBIHYxAhEAoFZJibdkT2RY1E6HhbS1DTCBlAYLKoZIhvcN
AQkQAgsxgYSggYEwbDELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAsBgNV
BAoTJU1hc3NhY2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxFTATBgNVBAsTDENsaWVu
dCBDQSB2MQIRAKBWSYm3ZE9kWNROh4W0tQ0wDQYJKoZIhvcNAQEBBQAEggEAe2tO1BDrqbHh/2aD
sZC1EnniZGKqzFqtZEQM5hnSnAWRWD0m6OE6a4/DkoIrNhffBqdNCoMdDWe20TxnoM75VftVZoEq
zz2KAsOb/ebWX58AS9gRNZtlUcsMdJN3PEXj9BKcqx7PDMLBfg1FWerQPMRxQuTEtknZlstb7xV5
cfvFi6QQOlZEzCLo+6E+wV4DrfmcG6+pCNJ7obrVtbwB1V+cfGjbI2g1eB1ss6AuOu222Z/WaOEP
rFaO7CCPQh9ZCzsBQqX9CjvJ9HrKXDTLz16ml186RRlRIMSweMRyn0o3rM7xizG9wVad6D3bXwhQ
2qsmJy3LTazVp1g7jmDZ9wAAAAAAAA==
--Apple-Mail-354--289358500--
--===============1395979095==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1395979095==--
