[3401] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, November 5, 2012
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Nov 5 16:21:36 2012
From: Monique Yeaton <myeaton@MIT.EDU>
To: "ist-security-fyi@mit.edu" <ist-security-fyi@MIT.EDU>
Date: Mon, 5 Nov 2012 21:20:17 +0000
Message-ID: <3ACED3B2A8CEFB4598A845F07FD4A05F10D0F5AD@OC11EXPO24.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0310694317=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============0310694317==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_3ACED3B2A8CEFB4598A845F07FD4A05F10D0F5ADOC11EXPO24excha_"
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F10D0F5ADOC11EXPO24excha_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Upcoming Laptop Tagging Events
2. Data Privacy Concerns in Android Apps
------------------------------------------------
1. Upcoming Laptop Tagging Events
------------------------------------------------
In collaboration with the MIT Police, IS&T is providing a monthly opportuni=
ty to have laptops registered and tagged with a STOP tag.
The next upcoming tagging events are November 7 and December 5 from 11:00 a=
m to 1:30 pm in E17-121.
Learn more about this laptop theft prevention program<http://ist.mit.edu/ne=
ws/STOP_tags>.
--------------------------------------------------------
2. Data Privacy Concerns in Android Apps
---------------------------------------------------------
Researchers say that more than a quarter of apps for Androids available thr=
ough the Google Play store appear to pose potential security risks to users=
. The researchers considered the apps to be questionable or suspicious if t=
hey had the capability to access personal information such as GPS data, pho=
ne calls and phone numbers. Users were led into allowing the apps to collec=
t the data when they were installed; if users do not agree to the apps' req=
uests, the apps will not run on their devices. The practice appeared to be =
popular among games, entertainment, and wallpaper apps, despite the fact th=
at those apps would seem to have little or no practical use for the informa=
tion.
The researchers state specifically that these apps are not considered malwa=
re, simply that they pose a privacy risk to users.
The report, released by Bit9, suggests that businesses educate employees ab=
out what app permission requests really mean and to stay away from third-pa=
rty app markets, where the majority of malicious Android apps lurk.
If you are an MIT community member, see this handout<http://kb.mit.edu/conf=
luence/download/attachments/5375837/Mobile+Security+Handout.pdf> (.pdf form=
at) for advice on securing your mobile device or visit the Mobile Device Ni=
nja page<http://kb.mit.edu/confluence/display/istcontrib/Mobile+Device+Ninj=
a> in the MIT Knowledge Base.
Read the full story in the news<http://www.informationweek.com/security/app=
lication-security/android-apps-fail-risk-assessment-check/240012652>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F10D0F5ADOC11EXPO24excha_
Content-Type: text/html; charset="us-ascii"
Content-ID: <B1FF0F04A9682A4FAB3709A4938AB228@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif; ">
<div>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; ">In thi=
s issue:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. Upcoming Laptop Taggi=
ng Events</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. Data Privacy Concerns=
in Android Apps</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. Upcoming Laptop Taggi=
ng Events</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">In collaboration with th=
e MIT Police, IS&T is providing a monthly opportunity to have laptops r=
egistered and tagged with a STOP tag. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">The next upcoming taggin=
g events are
<b>November 7</b> and <b>December 5 </b>from 11:00 am to 1:30 pm in E17-121=
. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://ist.mi=
t.edu/news/STOP_tags">Learn more about this laptop theft prevention program=
</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
--------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. Data Privacy Concerns=
in Android Apps</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
---------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Researchers say that mor=
e than a quarter of apps for Androids available through the Google Play sto=
re appear to pose potential security risks to users. The researchers consid=
ered the apps to be questionable or
suspicious if they had the capability to access personal information such =
as GPS data, phone calls and phone numbers. Users were led into allowing th=
e apps to collect the data when they were installed; if users do not agree =
to the apps' requests, the apps
will not run on their devices. The practice appeared to be popular among g=
ames, entertainment, and wallpaper apps, despite the fact that those apps w=
ould seem to have little or no practical use for the information. </p>
<p style=3D"margin: 0px; font-family: Helvetica; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">The researchers state sp=
ecifically that these apps are not considered malware, simply that they pos=
e a privacy risk to users.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">The report, released by =
Bit9, suggests that businesses educate employees about what app permission =
requests really mean and to stay away from third-party app markets, where t=
he majority of malicious Android apps
lurk. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">If you are an MIT commun=
ity member, see
<a href=3D"http://kb.mit.edu/confluence/download/attachments/5375837/Mobile=
+Security+Handout.pdf">
this handout</a> (.pdf format) for advice on securing your mobile device or=
visit the
<a href=3D"http://kb.mit.edu/confluence/display/istcontrib/Mobile+Devic=
e+Ninja">Mobile Device Ninja page</a> in the MIT Knowledge Base.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://www.in=
formationweek.com/security/application-security/android-apps-fail-risk-asse=
ssment-check/240012652">Read the full story in the news</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Arial; ">=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p=
>
<p style=3D"margin: 0px; font-family: Arial; ">Read all Security FYI Newsle=
tter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"color: rgb(4, =
48, 244); ">http://securityfyi.wordpress.com/</span></a>.</p>
<p style=3D"margin: 0px; font-family: Arial; ">=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p=
>
</div>
<div><span class=3D"Apple-style-span" style=3D"border-collapse: separate; f=
ont-family: Calibri; font-size: medium; border-spacing: 0px; "><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px; font-family: Helvetica; font-size: 14px; ">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; border=
-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse:=
separate; border-spacing: 0px; "><span class=3D"Apple-style-span" style=3D=
"border-collapse: separate; border-spacing: 0px; "><span class=3D"Apple-sty=
le-span" style=3D"border-collapse: separate; border-spacing: 0px; "><span c=
lass=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacin=
g: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separa=
te; border-spacing: 0px; font-size: 12px; ">
<div><br>
</div>
<div><br>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F10D0F5ADOC11EXPO24excha_--
--===============0310694317==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0310694317==--
