[3515] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, February 25, 2013
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Feb 25 17:23:29 2013
Resent-From: ist-security-fyi@mit.edu
From: Monique Yeaton <myeaton@mit.edu>
To: ist-security-fyi <ist-security-fyi@mit.edu>
Date: Mon, 25 Feb 2013 22:22:18 +0000
Message-ID: <3ACED3B2A8CEFB4598A845F07FD4A05F252A8029@OC11EXPO24.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============2000477194=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============2000477194==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_3ACED3B2A8CEFB4598A845F07FD4A05F252A8029OC11EXPO24excha_"
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F252A8029OC11EXPO24excha_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Beefing Up Public-Key Encryption
2. Still on Windows XP? Be Prepared to Migrate.
3. Identity Theft: Not so Funny for Most of Us
4. Laptop Tagging and Registration, Feb. 28
-------------------------------------------------
1. Beefing Up Public-Key Encryption
-------------------------------------------------
Public-key encryption is used by most financial transactions on the Interne=
t. This cryptographic technique uses two keys that are mathematically relat=
ed. One, the public key, is published on the Internet and any sender can us=
e it to encrypt a message. The second, the private key, is known only to th=
e recipient, and is required for decryption.
Financial institutions are seeking security against sophisticated attacks, =
called chosen-cyphertext attacks (CCA), that are able to successfully decry=
pt these public-key encrypted messages. The challenge is coming up with a s=
cheme to protect public-key encryption from these attacks.
A pair of MIT postdocs presented a way to do so at MIT's Computer Science a=
nd Artificial Intelligence Lab. They showed a way to take a vulnerable publ=
ic-key encryption scheme and turn it into a secure scheme.
Read the story online at the MIT News Office<http://web.mit.edu/newsoffice/=
2013/beefing-up-public-key-encryption-0215.html>.
----------------------------------------------------------------
2. Still on Windows XP? Be Prepared to Migrate.
-----------------------------------------------------------------
Are you prepared for the de-support of Windows XP<http://windows.microsoft.=
com/eos>? Microsoft support for Windows XP is ending April 8, 2014 and thos=
e users running the operating system after support ends will not receive se=
curity updates for Windows. Why are security updates important?<http://ist.=
mit.edu/security/patches>
IS&T now provides and supports Windows 7 in full and offers limited support=
for the business-class versions of Windows 8 (including Pro and Enterprise=
). The IS&T Software Grid<http://ist.mit.edu/software-hardware?type=3D33&pl=
atform=3DWindows&users=3DAll&title=3D&recommended_only=3DAll> shows which v=
ersions are available for download.
There are known issues running some software on Windows 8 machines, so if y=
ou rely on an application that is not yet fully compatible with Windows 8, =
you should hold off on upgrading or purchasing a new machine with Windows 8=
. Until software vendors have released versions of their applications that =
are compatible with Windows 8, IS&T will be unable to support them.
------------------------------------------------------------
3. Identity Theft: Not so Funny for Most of Us
-------------------------------------------------------------
I don't know if you've seen it listed in the movie section of your local pa=
per, but Identity Thief, the movie, was released a week or two ago. I was p=
retty excited to see this, considering that the main focus of my job to hel=
p people protect against identity theft.
How quickly my excitement turned to disappointment, when I realized from th=
e synopsis that the movie is a comedy<http://www.fandango.com/identitythief=
_v556210/plotsummary>. A poor sod gets his identity stolen by a unrepentant=
fraudster, who turns his credit rating into shambles and steals his carefu=
lly saved funds. He then goes on a mission to clear his name by going after=
her.
Not having seen the movie, I can't say too much about it, except this: alth=
ough it didn't get high ratings from reviewers, it's currently at the top o=
f the past week's box office ratings. So maybe there's something to be said=
for wanting to see a victim go after his identity thief.
For those of us who can't actually do this, here are some tips for preventi=
ng identity theft<http://ist.mit.edu/security/identity> from occurring in t=
he first place.
--------------------------------------------------------
4. Laptop Tagging and Registration, Feb. 28
--------------------------------------------------------
On February 28, 11:00am - 1:00pm, laptop registration will be in W92=96106A
On Thursday, MIT Campus Police is providing an opportunity for those in the=
West MIT Campus to tag and register laptop computers and electronic device=
s.
When registering your device, it receives a STOP tag. This loss prevention =
measure is a visible deterrent to theft. Take a look at this video<http://w=
eb.mit.edu/cp/www/_docs/theft_deterrent.wmv> to see the results. Each tag c=
osts $10. Cash or a G/L account is accepted (no TechCash).
Details of this service and all upcoming dates and locations are listed her=
e<http://kb.mit.edu/confluence/display/istcontrib/Campus+Police+Laptop+Tagg=
ing+and+Registration#CampusPoliceLaptopTaggingandRegistration-Q%3AWhereandw=
hencanIhaveequipmenttagged%3F>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Thanks,
Monique
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F252A8029OC11EXPO24excha_
Content-Type: text/html; charset="Windows-1252"
Content-ID: <592F609FEE51084C9F4E0A4599C60D8A@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif; ">
<div>
<div>
<div>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">In this issue:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. Beefing Up Public-Key=
Encryption</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. Still on Windows XP? =
Be Prepared to Migrate.</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. Identity Theft: Not s=
o Funny for Most of Us</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">4. Laptop Tagging and Re=
gistration, Feb. 28</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. Beefing Up Public-Key=
Encryption</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Public-key encryption is=
used by most financial transactions on the Internet. This cryptographic te=
chnique uses two keys that are mathematically related. One, the public key,=
is published on the Internet and
any sender can use it to encrypt a message. The second, the private key, i=
s known only to the recipient, and is required for decryption. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Financial institutions a=
re seeking security against sophisticated attacks, called chosen-cyphertext=
attacks (CCA), that are able to successfully decrypt these public-key encr=
ypted messages. The challenge is coming
up with a scheme to protect public-key encryption from these attacks.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">A pair of MIT postdocs p=
resented a way to do so at MIT's Computer Science and Artificial Intelligen=
ce Lab. They showed a way to take a vulnerable public-key encryption scheme=
and turn it into a secure scheme. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://web.mi=
t.edu/newsoffice/2013/beefing-up-public-key-encryption-0215.html">Read the =
story online at the MIT News Office</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. Still on Windows XP? =
Be Prepared to Migrate.</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-----------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Are you prepared for the=
<a href=3D"http://windows.microsoft.com/eos">
de-support of Windows XP</a>? Microsoft support for Windows XP is ending Ap=
ril 8, 2014 and those users running the operating system after support ends=
will not receive security updates for Windows.
<a href=3D"http://ist.mit.edu/security/patches">Why are security updates im=
portant?</a></p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">IS&T now provides an=
d supports Windows 7 in full and offers limited support for the business-cl=
ass versions of Windows 8 (including Pro and Enterprise). The
<a href=3D"http://ist.mit.edu/software-hardware?type=3D33&platform=3DWi=
ndows&users=3DAll&title=3D&recommended_only=3DAll">
IS&T Software Grid</a> shows which versions are available for download.=
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">There are known issues r=
unning some software on Windows 8 machines, so if you rely on an applicatio=
n that is not yet fully compatible with Windows 8, you should hold off=
on upgrading or purchasing a new machine
with Windows 8. Until software vendors have released versions of their app=
lications that are compatible with Windows 8, IS&T will be unable to su=
pport them.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. Identity Theft: Not s=
o Funny for Most of Us</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-------------------------------------<span class=3D"Apple-tab-span" style=
=3D"white-space:pre">
</span></p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">I don't know if you've s=
een it listed in the movie section of your local paper, but Identity Thief,=
the movie, was released a week or two ago. I was pretty excited to see thi=
s, considering that the main focus
of my job to help people protect against identity theft. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">How quickly my excitemen=
t turned to disappointment, when I realized from the synopsis that
<a href=3D"http://www.fandango.com/identitythief_v556210/plotsummary">the m=
ovie is a comedy</a>. A poor sod gets his identity stolen by a unrepentant =
fraudster, who turns his credit rating into shambles and steals his careful=
ly saved funds. He then goes on a
mission to clear his name by going after her.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Not having seen the movi=
e, I can't say too much about it, except this: although it didn't get high =
ratings from reviewers, it's currently at the top of the past week's box of=
fice ratings. So maybe there's something
to be said for wanting to see a victim go after his identity thief. <=
/p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">For those of us who can'=
t actually do this, here are some tips for
<a href=3D"http://ist.mit.edu/security/identity">preventing identity theft<=
/a> from occurring in the first place. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; ">------=
--------------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; ">4. Lap=
top Tagging and Registration, Feb. 28</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; ">------=
--------------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "></p>
<p style=3D"margin: 0px; "><b>On February 28, 11:00am - 1:00pm, laptop regi=
stration will be in W92=96106A</b></p>
<p style=3D"margin: 0px; "><br>
</p>
<p style=3D"margin: 0px; ">On Thursday, MIT Campus Police is providing=
an opportunity for those in the West MIT Campus to tag and register laptop=
computers and electronic devices. </p>
<p style=3D"margin: 0px; "><br>
</p>
<p style=3D"margin: 0px; ">When registering your device, it receives a STOP=
tag. This loss prevention measure is a visible deterrent to theft. Take a =
look at <a href=3D"http://web.mit.edu/cp/www/_docs/theft_deterrent.wmv=
">this video</a> to see the results. Each
tag costs $10. Cash or a G/L account is accepted (no TechCash). </p>
<p style=3D"margin: 0px; min-height: 17px; "><br>
</p>
<p style=3D"font-family: Garamond; font-size: medium; margin: 0px; "><a hre=
f=3D"http://kb.mit.edu/confluence/display/istcontrib/Campus+Police+=
Laptop+Tagging+and+Registration#CampusPoliceLaptopTaggingandReg=
istration-Q%3AWhereandwhencanIhaveequipmenttagged%3F" style=3D"font-family:=
Helvetica; font-size: 14px; ">Details
of this service and all upcoming dates and locations are listed here</a><s=
pan style=3D"font-family: Helvetica; font-size: 14px; ">.</span></p>
<p style=3D"font-family: Garamond; font-size: medium; margin: 0px; "><span =
style=3D"font-family: Helvetica; font-size: 14px; "><br>
</span></p>
<p style=3D"font-family: Garamond; font-size: medium; margin: 0px; "><span =
style=3D"font-family: Helvetica; font-size: 14px; "><br>
</span></p>
<p></p>
<p style=3D"margin: 0px; font-family: Arial; ">=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p=
>
<p style=3D"margin: 0px; font-family: Arial; ">Read all Security FYI Newsle=
tter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/">http://securityfyi.wordpress.=
com/</a>.</p>
<p style=3D"margin: 0px; font-family: Arial; ">=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p=
>
</div>
<div><br>
</div>
<div><span class=3D"Apple-style-span" style=3D"border-collapse: separate; f=
ont-family: Calibri; font-size: medium; border-spacing: 0px; "><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px; font-family: Helvetica; font-size: 14px; ">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; border=
-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse:=
separate; border-spacing: 0px; "><span class=3D"Apple-style-span" style=3D=
"border-collapse: separate; border-spacing: 0px; "><span class=3D"Apple-sty=
le-span" style=3D"border-collapse: separate; border-spacing: 0px; "><span c=
lass=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacin=
g: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separa=
te; border-spacing: 0px; font-size: 12px; ">
<div><font class=3D"Apple-style-span" size=3D"4"><span class=3D"Apple-style=
-span" style=3D"font-size: 14px;"><span class=3D"Apple-style-span" style=3D=
"font-size: 12px; ">Thanks,</span></span></font></div>
<div><font class=3D"Apple-style-span" size=3D"4"><span class=3D"Apple-style=
-span" style=3D"font-size: 14px;"><span class=3D"Apple-style-span" style=3D=
"font-size: 12px; "><br>
</span></span></font></div>
<div><font class=3D"Apple-style-span" size=3D"4"><span class=3D"Apple-style=
-span" style=3D"font-size: 14px;"><span class=3D"Apple-style-span" style=3D=
"font-size: 12px; ">Monique</span></span></font></div>
<div><br class=3D"khtml-block-placeholder">
</div>
<div>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</div>
</div>
</body>
</html>
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F252A8029OC11EXPO24excha_--
--===============2000477194==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============2000477194==--
