[2275] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, May 24, 2010
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon May 24 14:02:15 2010
From: Monique Yeaton <myeaton@mit.edu>
Date: Mon, 24 May 2010 14:01:19 -0400
Message-Id: <276422F4-D8C0-46FA-9467-F84AE11146CE@mit.edu>
To: ist-security-fyi@mit.edu
Mime-Version: 1.0 (Apple Message framework v1078)
Cc: itss@mit.edu
Content-Type: multipart/mixed; boundary="===============0408404155=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============0408404155==
Content-Type: multipart/alternative; boundary=Apple-Mail-56-64135745
--Apple-Mail-56-64135745
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
In this issue:
1. Event: IT Partners Conference Security Track
2. Google's Data Collecting Receives More Attention
3. Car Computer Systems Could Be Manipulated by Hackers
4. Tip of the Week: Protect Your Social Security Number
-------------------------------------------------------------
1. Event: IT Partners Conference Security Track
-------------------------------------------------------------
On June 2nd in the Stata Center from 9:00am to 5:00pm, the IT Partners =
Conference will be featuring various tracks, among them Security, which =
the planning team has placed very heavy emphasis on this year. The =
Security track will be covering these topics:
Sensitive Data at MIT: PIRN & WISP - Allison Dolan
Malware/PIRN Remediation from the Trenches - Tom Jagatic/Steve Burke
Data Inventory Tool: IdentityFinder Demo - Tim McGovern/Monique Yeaton
PGP Whole Disk Encryption - Mike Halsall
Cyber Investigations - James Burrell (FBI)
All Security topic presentations will take place in Kirsch Auditorium. =
Everyone is welcome to attend the conference (there is still time to =
RSVP as of today and it is free!). Keynote speaker will be Head of IS&T, =
Marilyn Smith and Jeff Schiller will provide the closing remarks. Hope =
to see you there!
To learn more about the conference and to RSVP: =
<http://kb.mit.edu/confluence/x/M4Vh>
------------------------------------------------------------------
2. Google's Data Collecting Receives More Attention
------------------------------------------------------------------
The Google data-gathering issue is gaining widespread attention. Google =
has acknowledged that it inadvertently gathered personal information, =
including scraps of websites and personal email messages, from =
unprotected Wi-Fi networks while gathering images for Google Street =
View. =20
German prosecutors have opened an investigation into Google's collection =
of data from Wi-Fi networks. German officials have asked that Google =
turn over a hard drive containing some of the data. Google has said it =
will destroy the data. US legislators are also questioning the legality =
of Google's data collection and have asked the Federal Trade Commission =
(FTC) to investigate. France and Italy are launching investigations as =
well. The Irish Data Protection Commissioner requested that data =
gathered there be destroyed and Google has complied. The UK Information =
Commissioner's Offices (ICO) have asked Google to delete the data it has =
collected there and declined to launch an investigation, although there =
are groups pushing for the data to be retained for an investigation.
Read the full story: =
<http://voices.washingtonpost.com/posttech/2010/05/the_anger_is_growing_ov=
er.html>
Comment on this story. Was Google "war driving?" Tell us what you think =
about this on the Security FYI Blog: <http://securityfyi.wordpress.com/>
=
--------------------------------------------------------------------------=
---
3. Car Computer Systems Could Be Manipulated by Hackers
=
--------------------------------------------------------------------------=
---
Researchers from the University of Washington and the University of =
California, San Diego, presented a paper at the IEEE Symposium on =
Security and Privacy on May 19 in which they describe how computer =
programs used in automobiles can be manipulated by hackers to take =
control of braking and other critical systems in cars.=20
The researchers created a tool called CarShark that "can sniff and =
inject packets on the" Controller Area Network (CAN) system, the =
diagnostic tool used for all US cars built in 2008 and later. The cyber =
attackers would need access to a standard diagnostic computer port in =
the targeted car. In a demonstration last year, the researchers =
connected a laptop to the targeted car and controlled that car's =
computer system wirelessly with another laptop in a car close by. The =
researchers are not trying to scare people, but to drive home the point =
to automobile manufacturers that they must bake security into the =
computer systems that accompany new cars. =20
Read the full story: =
<http://www.nytimes.com/2010/05/14/science/14hack.html>
-----------------------------------------------------------------------
4. Tip of the Week: Protect Your Social Security Number
-----------------------------------------------------------------------
Avoid using your social security number whenever you can. Many places =
use social security numbers for user identification. Ask to use an =
alternate number if possible. In addition, don't print it on personal =
checks. Your Social Security number is the key to most of your financial =
information which makes it a prime target for criminals. Only give it =
out when absolutely necessary.=20
At MIT, Social Security numbers are generally only used for income tax =
and salary payment or reimbursement payment purposes. For all other =
business purposes the MIT ID number is used. To learn more about how MIT =
is protecting Social Security numbers and other personal information =
see: <http://web.mit.edu/infoprotect/>.
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
Find current and older issues of Security FYI Newsletter: =
<http://kb.mit.edu/confluence/x/ehBB>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--Apple-Mail-56-64135745
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">In this issue:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">1. Event: IT Partners Conference =
Security Track</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">2. Google's Data Collecting Receives More =
Attention</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">3. Car Computer Systems Could Be Manipulated by =
Hackers</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">4. Tip of the Week: Protect Your Social Security =
Number</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; =
">-------------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">1. =
Event: IT Partners Conference Security Track</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">-------------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; "><b>On June 2nd in the Stata Center =
from 9:00am to 5:00pm</b>, the IT Partners Conference will be featuring =
various tracks, among them Security, which the planning team has placed =
very heavy emphasis on this year. The Security track will be covering =
these topics:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div>
<ul style=3D"list-style-type: disc">
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Arial">Sensitive Data at MIT: PIRN & WISP - Allison Dolan</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Arial">Malware/PIRN Remediation from the Trenches - Tom Jagatic/Steve =
Burke</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Data =
Inventory Tool: IdentityFinder Demo - Tim McGovern/Monique Yeaton</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">PGP =
Whole Disk Encryption - Mike Halsall</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Cyber =
Investigations - James Burrell (FBI)</li>
</ul><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">All Security topic presentations will =
take place in Kirsch Auditorium. Everyone is welcome to attend the =
conference (there is still time to RSVP as of today and it is free!). =
Keynote speaker will be Head of IS&T, Marilyn Smith and Jeff =
Schiller will provide the closing remarks. Hope to see you =
there!</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">To learn more about the =
conference and to RSVP: <<a =
href=3D"http://kb.mit.edu/confluence/x/M4Vh">http://kb.mit.edu/confluence/=
x/M4Vh</a>></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; =
">------------------------------------------------------------------</div>=
<div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">2. =
Google's Data Collecting Receives More Attention</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">------------------------------------------------------------------</div>=
<div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">The Google data-gathering issue is =
gaining widespread attention. Google has acknowledged that it =
inadvertently gathered personal information, including scraps of =
websites and personal email messages, from unprotected Wi-Fi networks =
while gathering images for Google Street View. </div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">German prosecutors have opened an =
investigation into Google's collection of data from Wi-Fi networks. =
German officials have asked that Google turn over a hard drive =
containing some of the data. Google has said it will destroy the data. =
US legislators are also questioning the legality of Google's data =
collection and have asked the Federal Trade Commission (FTC) to =
investigate. France and Italy are launching investigations as well. The =
Irish Data Protection Commissioner requested that data gathered there be =
destroyed and Google has complied. The UK Information Commissioner's =
Offices (ICO) have asked Google to delete the data it has collected =
there and declined to launch an investigation, although there are groups =
pushing for the data to be retained for an investigation.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Read the full story: <<a =
href=3D"http://voices.washingtonpost.com/posttech/2010/05/the_anger_is_gro=
wing_over.html">http://voices.washingtonpost.com/posttech/2010/05/the_ange=
r_is_growing_over.html</a>></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">Comment on this story. Was Google "war driving?" Tell us what you =
think about this on the Security FYI Blog: <<a =
href=3D"http://securityfyi.wordpress.com/">http://securityfyi.wordpress.co=
m/</a>></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; =
">------------------------------------------------------------------------=
-----</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">3. Car Computer Systems Could Be Manipulated by =
Hackers</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; =
">------------------------------------------------------------------------=
-----</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Researchers from the =
University of Washington and the University of California, San Diego, =
presented a paper at the IEEE Symposium on Security and Privacy on May =
19 in which they describe how computer programs used in automobiles can =
be manipulated by hackers to take control of braking and other critical =
systems in cars. </div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">The researchers created a tool =
called CarShark that "can sniff and inject packets on the" Controller =
Area Network (CAN) system, the diagnostic tool used for all US cars =
built in 2008 and later. The cyber attackers would need access to =
a standard diagnostic computer port in the targeted car. In a =
demonstration last year, the researchers connected a laptop to the =
targeted car and controlled that car's computer system wirelessly with =
another laptop in a car close by. The researchers are not trying =
to scare people, but to drive home the point to automobile manufacturers =
that they must bake security into the computer systems that accompany =
new cars. </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Read the full story: <<a =
href=3D"http://www.nytimes.com/2010/05/14/science/14hack.html">http://www.=
nytimes.com/2010/05/14/science/14hack.html</a>></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">-----------------------------------------------------------------------<=
/div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">4. Tip of the Week: Protect Your Social Security Number</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">-----------------------------------------------------------------------<=
/div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Avoid using your social security =
number whenever you can. Many places use social security numbers for =
user identification. Ask to use an alternate number if possible. In =
addition, don't print it on personal checks. Your Social Security number =
is the key to most of your financial information which makes it a prime =
target for criminals. Only give it out when absolutely =
necessary. </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">At MIT, Social Security =
numbers are generally only used for income tax and salary payment or =
reimbursement payment purposes. For all other business purposes the MIT =
ID number is used. To learn more about how MIT is protecting Social =
Security numbers and other personal information see: <<a =
href=3D"http://web.mit.edu/infoprotect/">http://web.mit.edu/infoprotect/</=
a>>.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; "><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Find current and older issues =
of Security FYI Newsletter: <<a =
href=3D"http://kb.mit.edu/confluence/x/ehBB"><span =
style=3D"text-decoration: underline ; color: =
#2f69b5">http://kb.mit.edu/confluence/x/ehBB</span></a>></div></div><br=
><div>
<span class=3D"Apple-style-span" style=3D"font-family: Calibri; =
font-size: 14px; "><div style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; =
"><div><div><div><br></div><div>Monique Yeaton</div><div>IT Security =
Awareness Consultant</div><div>MIT Information Services & Technology =
(IS&T)</div><div>(617) 253-2715</div><div><a =
href=3D"http://ist.mit.edu/security">http://ist.mit.edu/security</a></div>=
<div><br></div><br></div></div><br></div></span><br =
class=3D"Apple-interchange-newline"><br =
class=3D"Apple-interchange-newline">
</div>
<br></body></html>=
--Apple-Mail-56-64135745--
--===============0408404155==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0408404155==--
