[2242] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, March 30, 2010
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Tue Mar 30 15:41:29 2010
Message-Id: <BCCF5FBD-F5CE-4590-99D7-A66430FD3607@mit.edu>
From: Monique Yeaton <myeaton@mit.edu>
To: ist-security-fyi@mit.edu
Mime-Version: 1.0 (Apple Message framework v936)
Date: Tue, 30 Mar 2010 15:40:34 -0400
Content-Type: multipart/mixed; boundary="===============1304609629=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============1304609629==
Content-Type: multipart/alternative; boundary=Apple-Mail-54--386941863
--Apple-Mail-54--386941863
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
In this issue:
1. Mac OS X Security Updates
2. ID Theft Hits 3.3 Million College Students
3. Tip of the Week: Blackberry Security
---------------------------------------
1. Mac OS X Security Updates
---------------------------------------
The security updates released on March 29 by Apple includes fixes for
88 security holes. The combination Mac OS X 10.6.3/Security Update
2010-002 for Mac OS X 10.5.x is a large file and may take up to an
hour to install, depending on the type of computer being used.
Some flaws addressed in the update include:
AppKit Spellchecker used by Cocoa-based applications in Leopard
CoreAudio/CoreMedia/QuickTime in Snow Leopard
Safari concerning CoreTypes in Leopard/Snow Leopard
DiskImage in Leopard/Snow Leopard
Image RAW in Leopard/Snow Leopard
It can be downloaded as a free update via Software Update or as a
downloadable installer at the Apple Downloads site: http://support.apple.com/downloads/
Details on the update:
http://support.apple.com/kb/HT4077
-------------------------------------------------------
2. ID Theft Hits 3.3 Million College Students
-------------------------------------------------------
Thieves stole computer discs from Oakdale, Minnesota-based Educational
Credit Management Corp. (ECMC), getting sensitive information about
federal student loans. It is believed to be one of the largest cases
of student identity theft in the U.S., affecting 5 percent of all
students with federal loans.
Congressional sources said the data were stored on discs contained in
a safe. The stolen data include names, addresses, dates of birth and
Social Security numbers. No bank account or other financial
information was included in the data. Storing this data on removable
devices was "a clear violation of our company policies and protocols,"
according to David Hawn, chief business development officer for ECMC.
He was not able to reveal if the data was encrypted. So far none of
the data was found to be misused.
Putting data on removable devices is not unique to ECMC. A study
released by Ipswitch File Transfer shows that 90 percent of IT and
security professionals use thumb drives or external devices to move
data. Few bother encrypting data on those devices. Per new
Massachusetts data breach regulations, all entities that store
sensitive data of MA residents on removable devices must have that
data encrypted.
Read the full story here:
http://www.washingtonpost.com/wp-dyn/content/article/2010/03/26/AR2010032605475.html
The response from ECMC is posted here:
http://www.ecmc.org/details/Announcement.html
-------------------------------------------------
3. Tip of the Week: Blackberry Security
-------------------------------------------------
Here are 5 tips posted by ITworld.com for keeping the information on
your smartphone safe:
1. Set a password
2. Choose the right encryption
3. Lock down Bluetooth connectivity
4. Give on-device data extra protection
5. Wipe discarded devices
Full information on all 5 tips can be found here:
http://www.itworld.com/personal-tech/100637/blackberry-security-five-tips-keep-your-smartphone-safe
=
=
=
========================================================================
Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB
>
NOTE: The previous SFYI issue sent was on March 8th. We skipped a few
weeks due to the editor being on vacation. Look for a regular posting
of the issues starting next week.
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS, SSN, OR OTHER PERSONAL
INFORMATION!
Ignore emails asking you to provide yours. MIT will *NEVER* ask you
for this information through email.
--Apple-Mail-54--386941863
Content-Type: text/html;
charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">In =
this issue:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">1. Mac OS X Security =
Updates</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">2. ID Theft Hits 3.3 Million College =
Students</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">3. Tip of the Week: Blackberry Security</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; ">---------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">1. Mac =
OS X Security Updates</div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">---------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">The security updates released on =
March 29 by Apple includes fixes for 88 security holes. The combination =
Mac OS X 10.6.3/Security Update 2010-002 for Mac OS X 10.5.x is a large =
file and may take up to an hour to install, depending on the type of =
computer being used. </div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Some =
flaws addressed in the update include:</div>
<ul style=3D"list-style-type: disc">
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">AppKit =
Spellchecker used by Cocoa-based applications in Leopard</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Arial">CoreAudio/CoreMedia/QuickTime in Snow Leopard</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Safari =
concerning CoreTypes in Leopard/Snow Leopard</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Arial">DiskImage in Leopard/Snow Leopard</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Image =
RAW in Leopard/Snow Leopard</li>
</ul><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">It can be downloaded as a free update =
via Software Update or as a downloadable installer at the Apple =
Downloads site: <a =
href=3D"http://support.apple.com/downloads/">http://support.apple.com/down=
loads/</a></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Details on the =
update:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; "><a =
href=3D"http://support.apple.com/kb/HT4077">http://support.apple.com/kb/HT=
4077</a></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; =
">-------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">2. ID =
Theft Hits 3.3 Million College Students</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">-------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Thieves stole computer discs from =
Oakdale, Minnesota-based Educational Credit Management Corp. (ECMC), =
getting sensitive information about federal student loans. It is =
believed to be one of the largest cases of student identity theft in the =
U.S., affecting 5 percent of all students with federal loans.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Congressional sources said the data =
were stored on discs contained in a safe. The stolen data include names, =
addresses, dates of birth and Social Security numbers. No bank account =
or other financial information was included in the data. Storing this =
data on removable devices was "a clear violation of our company policies =
and protocols," according to David Hawn, chief business development =
officer for ECMC. He was not able to reveal if the data was encrypted. =
So far none of the data was found to be misused.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Putting data on removable devices is =
not unique to ECMC. A study released by Ipswitch File Transfer shows =
that 90 percent of IT and security professionals use thumb drives or =
external devices to move data. Few bother encrypting data on those =
devices. Per new Massachusetts data breach regulations, all entities =
that store sensitive data of MA residents on removable devices must have =
that data encrypted.</div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Read the full story =
here:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; "><a =
href=3D"http://www.washingtonpost.com/wp-dyn/content/article/2010/03/26/AR=
2010032605475.html">http://www.washingtonpost.com/wp-dyn/content/article/2=
010/03/26/AR2010032605475.html</a></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">The =
response from ECMC is posted here:</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; "><a =
href=3D"http://www.ecmc.org/details/Announcement.html">http://www.ecmc.org=
/details/Announcement.html</a></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; =
">-------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">3. Tip =
of the Week: Blackberry Security</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; =
">-------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Here are 5 tips posted by ITworld.com =
for keeping the information on your smartphone safe:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">1. Set a password</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">2. =
Choose the right encryption</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">3. Lock down Bluetooth =
connectivity</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">4. Give on-device data extra protection</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">5. =
Wipe discarded devices</div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Full information on all 5 tips =
can be found here:</div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; "><a =
href=3D"http://www.itworld.com/personal-tech/100637/blackberry-security-fi=
ve-tips-keep-your-smartphone-safe">http://www.itworld.com/personal-tech/10=
0637/blackberry-security-five-tips-keep-your-smartphone-safe</a></div><div=
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; =
">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Find current and older issues =
of Security FYI Newsletter: <<a =
href=3D"http://kb.mit.edu/confluence/x/ehBB"><span =
style=3D"text-decoration: underline ; color: =
#2151aa">http://kb.mit.edu/confluence/x/ehBB</span></a>></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">NOTE: The previous SFYI issue sent =
was on March 8th. We skipped a few weeks due to the editor being on =
vacation. Look for a regular posting of the issues starting next =
week.</div><div><font class=3D"Apple-style-span" =
face=3D"Arial"><br></font></div><div apple-content-edited=3D"true"><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; color: =
rgb(0, 0, 0); font-family: Calibri; font-size: medium; font-style: =
normal; font-variant: normal; font-weight: normal; letter-spacing: =
normal; line-height: normal; orphans: 2; text-align: auto; text-indent: =
0px; text-transform: none; white-space: normal; widows: 2; word-spacing: =
0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: medium; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: medium; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; =
"><div><div><div><div><div><div><div><div><div><div><div><span =
class=3D"Apple-style-span" style=3D"font-size: =
medium;"><br></span><div>Monique Yeaton</div><div>IT Security Awareness =
Consultant</div><div>MIT Information Services & Technology =
(IS&T)</div><div>(617) 253-2715</div><div><a =
href=3D"http://ist.mit.edu/security">http://ist.mit.edu/security</a></div>=
</div><div><br></div><div>---------------------------------------</div><di=
v><div><font class=3D"Apple-style-span" color=3D"#FF0000">Important: DO =
NOT GIVE OUT YOUR PASSWORDS, SSN, OR OTHER PERSONAL =
INFORMATION! </font></div><div><font class=3D"Apple-style-span" =
color=3D"#FF0000">Ignore emails asking you to provide yours. MIT will =
*NEVER* ask you for this information through =
email. </font></div></div></div></div></div></div></div></div></div><=
/div></div></div></div></span></div></span></div></span></div></span> =
</div><br></body></html>=
--Apple-Mail-54--386941863--
--===============1304609629==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1304609629==--
