[7757] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, June 17, 2013
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Jun 17 16:54:39 2013
Resent-From: ist-security-fyi@MIT.EDU
From: Monique Yeaton <myeaton@MIT.EDU>
To: ist-security-fyi <ist-security-fyi@MIT.EDU>
Date: Mon, 17 Jun 2013 20:52:45 +0000
Message-ID: <3ACED3B2A8CEFB4598A845F07FD4A05F2F2E730C@OC11EXPO24.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0599880063=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============0599880063==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F2E730COC11EXPO24excha_"
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F2E730COC11EXPO24excha_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. IT Partners Presentation on Securing the Human
2. Apple iOS 7 to Include Activation Lock Security Measures
3. Adobe Flash and AIR Updated
--------------------------------------------------------------------
1. IT Partners Presentation on Securing the Human
--------------------------------------------------------------------
Last week at the IT Partners Conference, I did a presentation on Securing t=
he Human, an online security awareness training program for students, facul=
ty and staff. The courses in the program are still in development, with the=
plan to roll these out to the MIT community in the summer.
The presentation (slides plus transcript) is available here<http://web.mit.=
edu/myeaton/Public/STH/>.
You can learn more about the Securing the Human - End User Training course =
materials here<http://www.securingthehuman.org/enduser/index>. They are cre=
ated by SANS.org a trusted name in information security training.
We are very excited about this new offering from IS&T to the MIT community =
and I would like to invite you to be part of the testing phase (through the=
end of June) or the pilot (starting in July).
If you are interested in either of these opportunities, please let me know =
by emailing: myeaton at mit.edu.
---------------------------------------------------------------------------=
-----
2. Apple iOS 7 to Include Activation Lock Security Measures
---------------------------------------------------------------------------=
-----
At the keynote address of its Worldwide Developers Conference, Apple said t=
hat when the new operating system comes out in Fall of 2013, an ID and pass=
word will be needed to turn off a mobile device's "Find my iPhone/iPad" fea=
ture or to erase any data. The same ID and password will be needed to react=
ivate a device after it has been remotely erased.
This step is being taken to stop the trend of "Apple picking" a growing wav=
e of crime in which thieves target mobile devices, particularly iPhones and=
iPads. As mobile devices become more popular, stealing them has become a u=
nique sort of crime, requiring some police units to create a special team j=
ust for crimes relating to mobile devices.
Read the full story in the news here<http://www.cnn.com/2013/06/11/tech/mob=
ile/iphone-ios7-kill-switch/index.html> and here<http://www.eweek.com/mobil=
e/new-ios-7-lockout-feature-that-may-save-lives-wont-arrive-until-fall/>. N=
BC Washington posted a video<http://www.nbcwashington.com/news/local/Victim=
s-Cell-Phone-Snatched-While-in-Use-211052171.html> showing such a crime occ=
urring on the street in Washington, DC.
There is one misleading bit of information in this article on page 2<http:/=
/www.eweek.com/mobile/new-ios-7-lockout-feature-that-may-save-lives-wont-ar=
rive-until-fall-2>. It says: "Right now, the find my iPhone app will only d=
isplay an info screen and have it display a message and send out an annoyin=
g sound. It doesn't stop the iPhone from being used."
This is not entirely true. You can remotely lock your device (iOS 5) or Loc=
k and Track your device (iOS 6) using Lost Mode in the Find my iPhone featu=
re in iCloud. If your iOS device already has a passcode, you don't need to =
enter a passcode, the device locks using the existing passcode.
Learn more about these existing iPhone protections here<http://kb.mit.edu/c=
onfluence/display/istcontrib/iPhone+at+MIT>.
--------------------------------------------
3. Adobe Flash and AIR Updated
--------------------------------------------
Last week, Adobe fixed a critical bug in Flash and AIR that might allow exp=
loits or attacks in the wild. The latest Flash version is 11.7.700.224 for =
Windows and 11.7.700.225 for Mac OS X. Internet Explorer 10 and Chrome shou=
ld auto-update their versions of Flash.
The most recent versions of Flash Player are also available from the Adobe =
website<http://get.adobe.com/flashplayer/> (when downloading, beware of pot=
entially unwanted add-ons, like McAfee Security Scan). You can find out wha=
t version of Flash Player your browser is using here<http://helpx.adobe.com=
/flash-player/kb/find-version-flash-player.html>.
Adobe AIR was updated to version 3.7.0.2090 for Windows and Android and ver=
sion 3.7.0.2100 for Mac OS X. Adobe AIR checks for and prompts you to insta=
ll available updates anytime you launch an application that uses AIR. Or yo=
u can download the latest version here<http://get.adobe.com/air/>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F2E730COC11EXPO24excha_
Content-Type: text/html; charset="us-ascii"
Content-ID: <117B86C403106449BD6F432BE380CC6D@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif; ">
<div><span style=3D"font-family: Helvetica; ">In this issue:</span></div>
<div><span class=3D"Apple-style-span" style=3D"border-collapse: separate; f=
ont-family: Calibri; font-size: medium; border-spacing: 0px; "><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px; font-family: Helvetica; font-size: 14px; ">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; border=
-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse:=
separate; border-spacing: 0px; "><span class=3D"Apple-style-span" style=3D=
"border-collapse: separate; border-spacing: 0px; "><span class=3D"Apple-sty=
le-span" style=3D"border-collapse: separate; border-spacing: 0px; "><span c=
lass=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacin=
g: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separa=
te; border-spacing: 0px; font-size: 12px; ">
<div>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">1. IT Partners Presentation on =
Securing the Human</p>
<p style=3D"margin: 0px; font-size: 14px; ">2. Apple iOS 7 to Include Activ=
ation Lock Security Measures</p>
<p style=3D"margin: 0px; font-size: 14px; ">3. Adobe Flash and AIR Updated<=
/p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">-------------------------------=
-------------------------------------</p>
<p style=3D"margin: 0px; font-size: 14px; ">1. IT Partners Presentation on =
Securing the Human</p>
<p style=3D"margin: 0px; font-size: 14px; ">-------------------------------=
-------------------------------------</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">Last week at the IT Partners Co=
nference, I did a presentation on Securing the Human, an online security aw=
areness training program for students, faculty and staff. The courses in th=
e program are still in development,
with the plan to roll these out to the MIT community in the summer. <=
/p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">The presentation (slides plus t=
ranscript)
<a href=3D"http://web.mit.edu/myeaton/Public/STH/">is available here</a>.&n=
bsp;</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">You can learn more about the Se=
curing the Human - End User Training course materials
<a href=3D"http://www.securingthehuman.org/enduser/index">here</a>. They ar=
e created by SANS.org a trusted name in information security training.</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">We are very excited about this =
new offering from IS&T to the MIT community and I would like to invite =
you to be part of the testing phase (through the end of June) or the pilot =
(starting in July). </p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">If you are interested in either=
of these opportunities, please let me know by emailing: myeaton at mit.edu=
.</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">-------------------------------=
-------------------------------------------------</p>
<p style=3D"margin: 0px; font-size: 14px; ">2. Apple iOS 7 to Include Activ=
ation Lock Security Measures</p>
<p style=3D"margin: 0px; font-size: 14px; ">-------------------------------=
-------------------------------------------------</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">At the keynote address of its W=
orldwide Developers Conference, Apple said that when the new operating syst=
em comes out in Fall of 2013, an ID and password will be needed to turn off=
a mobile device's "Find my iPhone/iPad"
feature or to erase any data. The same ID and password will be needed to r=
eactivate a device after it has been remotely erased. </p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">This step is being taken to sto=
p the trend of "Apple picking" a growing wave of crime in which t=
hieves target mobile devices, particularly iPhones and iPads. As mobile dev=
ices become more popular, stealing them has
become a unique sort of crime, requiring some police units to create a spe=
cial team just for crimes relating to mobile devices. </p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">Read the full story in the news=
<a href=3D"http://www.cnn.com/2013/06/11/tech/mobile/iphone-ios7-kill-swit=
ch/index.html">
here</a> and <a href=3D"http://www.eweek.com/mobile/new-ios-7-lockout-featu=
re-that-may-save-lives-wont-arrive-until-fall/">
here</a>. NBC Washington posted a <a href=3D"http://www.nbcwashington.com/n=
ews/local/Victims-Cell-Phone-Snatched-While-in-Use-211052171.html">
video</a> showing such a crime occurring on the street in Washington, DC.</=
p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">There is one misleading bit of =
information in this article
<a href=3D"http://www.eweek.com/mobile/new-ios-7-lockout-feature-that-may-s=
ave-lives-wont-arrive-until-fall-2">
on page 2</a>. It says: "Right now, the find my iPhone app will only d=
isplay an info screen and have it display a message and send out an annoyin=
g sound. It doesn't stop the iPhone from being used." </p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">This is not entirely true. You =
can remotely lock your device (iOS 5) or Lock and Track your device (iOS 6)=
using Lost Mode in the Find my iPhone feature in iCloud. If your iOS devic=
e already has a passcode, you don't
need to enter a passcode, the device locks using the existing passcode.</p=
>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">Learn more about these existing=
iPhone protections
<a href=3D"http://kb.mit.edu/confluence/display/istcontrib/iPhone+at=
3;MIT">here</a>.</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">-------------------------------=
-------------</p>
<p style=3D"margin: 0px; font-size: 14px; ">3. Adobe Flash and AIR Updated<=
/p>
<p style=3D"margin: 0px; font-size: 14px; ">-------------------------------=
-------------</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">Last week, Adobe fixed a critic=
al bug in Flash and AIR that might allow exploits or attacks in the wild. T=
he latest Flash version is 11.7.700.224 for Windows and 11.7.700.225 for Ma=
c OS X. Internet Explorer 10 and Chrome
should auto-update their versions of Flash. </p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">The most recent versions of Fla=
sh Player are also available from the
<a href=3D"http://get.adobe.com/flashplayer/">Adobe website</a> (when downl=
oading, beware of potentially unwanted add-ons, like McAfee Security Scan).=
You can find out what version of Flash Player your browser is using
<a href=3D"http://helpx.adobe.com/flash-player/kb/find-version-flash-player=
.html">here</a>.</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; ">Adobe AIR was updated to versio=
n 3.7.0.2090 for Windows and Android and version 3.7.0.2100 for Mac OS X. A=
dobe AIR checks for and prompts you to install available updates anytime yo=
u launch an application that uses
AIR. Or you can download the latest version <a href=3D"http://get.adobe.co=
m/air/">
here</a>.</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">Read all Se=
curity FYI Newsletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/">http://securityfyi.wordpress.=
com/</a>.</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; "><br>
</p>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F2E730COC11EXPO24excha_--
--===============0599880063==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0599880063==--
