[2380] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, April 25, 2011
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Apr 25 17:00:54 2011
From: Monique Yeaton <myeaton@mit.edu>
To: "ist-security-fyi@mit.edu" <ist-security-fyi@mit.edu>
Date: Mon, 25 Apr 2011 16:59:34 -0400
Message-ID: <C9DB58F6.1546B%myeaton@exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Cc: "itss@mit.edu" <itss@mit.edu>
Content-Type: multipart/mixed; boundary="===============1511914676=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============1511914676==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_C9DB58F61546Bmyeatonexchangemitedu_"
--_000_C9DB58F61546Bmyeatonexchangemitedu_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Cyberlockers & Copyright
2. What is the iPhone Tracking?
3. Lost Data Rarely Encrypted
------------------------------------
1. Cyberlockers & Copyright
------------------------------------
Cyberlockers are 3rd party file sharing services. Examples of cyberlockers =
are Dropbox, RapidShare, and Megaupload, which provide users with password-=
protected spaces online where files can be shared with and downloaded by bu=
siness colleagues or friends.
Much more convenient than sending file attachments, cyberlockers are very u=
seful for transferring documents or photos between two or more people. Perh=
aps you're collaborating on a presentation, or are putting together an onli=
ne photo album for your family. Simply drop the files in the cyberlocker wi=
ndow through your browser.
The concern by copyright holders is that cyberlockers can hold large files =
as well, such as movies or music. It is common practice for people to share=
.avi movies and .mp3 songs through a cyberlocker. They are more difficult =
to monitor, and are invisible to surveillance tools used by anti-piracy gro=
ups and copyright holders.
Cyberlocker service providers are well aware of these risks. For example, t=
he Dropbox terms of use state that compliance with DMCA is required, and th=
at users will only upload, post or otherwise transmit data and/or files tha=
t they have the lawful right to use, copy, distribute, transmit or display.
Learn more: <http://paidcontent.org/article/419-how-cyberlockers-became-the=
-biggest-problem-in-piracy/>
-----------------------------------------
2. What is the iPhone Tracking?
-----------------------------------------
3G iPhones have been in the news recently regarding the phone's ability to =
track user location and store that information on the device. What exactly =
is the concern regarding this feature?
The concern is that the data is unencrypted and gives anyone with access to=
your phone or your computer a way to grab the data and extrapolate a perso=
n's whereabouts and routines.
Two members of the University of Exeter discovered the log file and created=
a tool that lets users see a visualization of the data. They say there's n=
o evidence of that information being sent to Apple or anyone else.
CNET has put together a FAQ to help users understand more about the data be=
ing collected, what the risks are, and what users can do about it:
<http://news.cnet.com/8301-13579_3-20055885-37.html>
The researches acknowledge that there's no way to turn the tracking feature=
off. The suggestions offered in the FAQ include making use of the free "Fi=
nd My iPhone" service by Apple to do a remote wipe if it's lost or stolen. =
Users can also encrypt the phone's backup files stored by iTunes on their c=
omputer.
--------------------------------------
3. Lost Data Rarely Encrypted
--------------------------------------
The Identity Theft Resource Center (ITRC) has been analyzing data breaches =
from the start of January 2011 to April 2011. During that time, the ITRC co=
unted 130 breaches, exposing a total of 9.5 million records. Their study re=
lied on statements released by breached companies or reliable news reports.
A disturbing find is that lost data of a sensitive nature rarely seems to b=
e protected. According to the ITRC, just 1% of lost data in 2011 was secure=
d using encryption, and only 5% was password protected.
MIT is committed to protecting sensitive data using administrative, technic=
al and physical safeguards, including encryption. MIT asks that all members=
of the community pay special attention any time this type of data crosses =
their desks. Learn what employees at MIT can do to mitigate risk: <http://w=
eb.mit.edu/infoprotect/overview/index.html>.
Read the story in the news: <http://www.informationweek.com/news/security/a=
ttacks/229402094>
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
To read all current and archived articles online, visit the Security-FYI Bl=
og at <http://securityfyi.wordpress.com/>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_C9DB58F61546Bmyeatonexchangemitedu_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html><head></head><body style=3D"word-wrap: break-word; -webkit-nbsp-mode:=
space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-si=
ze: 14px; font-family: Calibri, sans-serif; "><div><div><div><p style=3D"ma=
rgin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px"><br>=
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">In this is=
sue:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">1. Cyberlo=
ckers & Copyright</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">2. What is=
the iPhone Tracking?</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">3. Lost Da=
ta Rarely Encrypted</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
--------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">1. Cyberlo=
ckers & Copyright</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
--------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Cyberlocke=
rs are 3rd party file sharing services. Examples of cyberlockers are Dropbo=
x, RapidShare, and Megaupload, which provide users with password-protected =
spaces online where files can be shared with and downloaded by business col=
leagues or friends. </p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Much more =
convenient than sending file attachments, cyberlockers are very useful for =
transferring documents or photos between two or more people. Perhaps you're=
collaborating on a presentation, or are putting together an online photo a=
lbum for your family. Simply drop the files in the cyberlocker window throu=
gh your browser.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">The concer=
n by copyright holders is that cyberlockers can hold large files as well, s=
uch as movies or music. It is common practice for people to share .avi movi=
es and .mp3 songs through a cyberlocker. They are more difficult to monitor=
, and are invisible to surveillance tools used by anti-piracy groups and co=
pyright holders. </p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Cyberlocke=
r service providers are well aware of these risks. For example, the Dropbox=
terms of use state that compliance with DMCA is required, and that users w=
ill only upload, post or otherwise transmit data and/or files that they hav=
e the lawful right to use, copy, distribute, transmit or display.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Learn more=
: <http://paidcontent.org/article/419-how-cyberlockers-became-the-bigges=
t-problem-in-piracy/></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
-------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">2. What is=
the iPhone Tracking?</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
-------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">3G iPhones=
have been in the news recently regarding the phone's ability to track user=
location and store that information on the device. What exactly is the con=
cern regarding this feature?</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">The concer=
n is that the data is unencrypted and gives anyone with access to your phon=
e or your computer a way to grab the data and extrapolate a person's wherea=
bouts and routines.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Two member=
s of the University of Exeter discovered the log file and created a tool th=
at lets users see a visualization of the data. They say there's no evidence=
of that information being sent to Apple or anyone else.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">CNET has p=
ut together a FAQ to help users understand more about the data being collec=
ted, what the risks are, and what users can do about it:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial"><http:/=
/news.cnet.com/8301-13579_3-20055885-37.html></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">The resear=
ches acknowledge that there's no way to turn the tracking feature off. The =
suggestions offered in the FAQ include making use of the free "Find My iPho=
ne" service by Apple to do a remote wipe if it's lost or stolen. Users can =
also encrypt the phone's backup files stored by iTunes on their computer.&n=
bsp;</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
----------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">3. Lost Da=
ta Rarely Encrypted</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">----------=
----------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">The Identi=
ty Theft Resource Center (ITRC) has been analyzing data breaches from the s=
tart of January 2011 to April 2011. During that time, the ITRC counted 130 =
breaches, exposing a total of 9.5 million records. Their study relied on st=
atements released by breached companies or reliable news reports.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">A disturbi=
ng find is that lost data of a sensitive nature rarely seems to be protecte=
d. According to the ITRC, just 1% of lost data in 2011 was secured using en=
cryption, and only 5% was password protected.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">MIT is com=
mitted to protecting sensitive data using administrative, technical and phy=
sical safeguards, including encryption. MIT asks that all members of the co=
mmunity pay special attention any time this type of data crosses their desk=
s. Learn what employees at MIT can do to mitigate risk: <http://web.mit.=
edu/infoprotect/overview/index.html>.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"> </p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Read the s=
tory in the news: <http://www.informationweek.com/news/security/attacks/=
229402094></p></div><div><br></div><div><div style=3D"word-wrap: break-w=
ord; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; font-=
family: Helvetica; "><span class=3D"Apple-style-span" style=3D"border-colla=
pse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-verti=
cal-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 1=
4px; font-style: normal; font-variant: normal; font-weight: normal; letter-=
spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: n=
one; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none=
; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span cl=
ass=3D"Apple-style-span" style=3D"border-collapse: separate; -webkit-border=
-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(=
0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font=
-variant: normal; font-weight: normal; letter-spacing: normal; line-height:=
normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webki=
t-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: no=
rmal; widows: 2; word-spacing: 0px; "><span class=3D"Apple-style-span" styl=
e=3D"border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -we=
bkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvet=
ica; font-size: 14px; font-style: normal; font-variant: normal; font-weight=
: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorat=
ions-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; tex=
t-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing=
: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separat=
e; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing:=
0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-st=
yle: normal; font-variant: normal; font-weight: normal; letter-spacing: nor=
mal; line-height: normal; -webkit-text-decorations-in-effect: none; text-in=
dent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2=
; white-space: normal; widows: 2; word-spacing: 0px; "><span class=3D"Apple=
-style-span" style=3D"border-collapse: separate; -webkit-border-horizontal-=
spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); fo=
nt-family: Helvetica; font-size: 14px; font-style: normal; font-variant: no=
rmal; font-weight: normal; letter-spacing: normal; line-height: normal; -we=
bkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-=
adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows=
: 2; word-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-=
collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-=
vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-si=
ze: 12px; font-style: normal; font-variant: normal; font-weight: normal; le=
tter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effe=
ct: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform:=
none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><sp=
an class=3D"Apple-style-span" style=3D"border-collapse: separate; -webkit-b=
order-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color:=
rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal;=
font-variant: normal; font-weight: normal; letter-spacing: normal; line-he=
ight: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -=
webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-spac=
e: normal; widows: 2; word-spacing: 0px; "><div style=3D"font-size: 12px; "=
><p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">To read al=
l current and archived articles online, visit the Security-FYI Blog at <=
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"text-decoratio=
n: underline ; color: #3369b5">http://securityfyi.wordpress.com/</span></a>=
></p><p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial"><b=
r></p><p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial"><br>=
</p></div><div style=3D"font-size: 12px; "><span class=3D"Apple-style-span"=
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font=
-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "=
><span class=3D"Apple-style-span" style=3D"font-size: 12px; ">Monique Yeato=
n</span></span></span></span></div><div style=3D"font-size: 12px; "><span c=
lass=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-=
style-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" st=
yle=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-si=
ze: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><s=
pan class=3D"Apple-style-span" style=3D"font-size: 12px; ">IT Security Awar=
eness Consultant</span></span></span></span></span></span></div><div style=
=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size:=
12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span=
class=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Appl=
e-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-=
size: 12px; ">MIT Information Services & Technology (IS&T)</span></=
span></span></span></span></span></div><div style=3D"font-size: 12px; "><sp=
an class=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Ap=
ple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span=
" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"fon=
t-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; =
"><span class=3D"Apple-style-span" style=3D"font-size: 12px; ">(617) 253-27=
15</span></span></span></span></span></span></div><div style=3D"font-size: =
12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span =
class=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple=
-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" s=
tyle=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-s=
ize: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; ">h=
ttp://ist.mit.edu/security</span></span></span></span></span></span></div><=
div style=3D"font-size: 12px; "><br class=3D"khtml-block-placeholder"></div=
><br class=3D"Apple-interchange-newline"></span></span></span></span></span=
></span></span></div></div></div></div></body></html>
--_000_C9DB58F61546Bmyeatonexchangemitedu_--
--===============1511914676==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1511914676==--
