[8096] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, August 27, 2013
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Tue Aug 27 15:47:02 2013
Resent-From: ist-security-fyi@MIT.EDU
From: Monique Yeaton <myeaton@MIT.EDU>
To: ist-security-fyi <ist-security-fyi@MIT.EDU>
Date: Tue, 27 Aug 2013 19:45:01 +0000
Message-ID: <3ACED3B2A8CEFB4598A845F07FD4A05F32393CF5@OC11EXPO24.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0619907601=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============0619907601==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_3ACED3B2A8CEFB4598A845F07FD4A05F32393CF5OC11EXPO24excha_"
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F32393CF5OC11EXPO24excha_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. EVENT: Laptop Registration, First Week in September
2. Using a Tracking System for Lost or Stolen Devices
3. Microsoft Warns About Dangers of Not Migrating From XP
---------------------------------------------------------------------------=
-
1. EVENT: Laptop Registration, First Week in September
---------------------------------------------------------------------------=
-
There are two dates coming up in September to register and tag your laptop:
Where: Kresge Lobby
When: September 3, 11:00 am - 2:30 pm
Where: Stata Student Street
When: September 4, 11:00 am - 2:30 pm
Cost: $10 cash only
Just as you might register a bike with the police, you can also register yo=
ur laptop. Information Services & Technology partners with MIT Police to pr=
ovide STOP tags for laptops. The tag is affixed to the device, has a unique=
number, and is registered with a world-wide database.
Sgt. Cheryl Vossmer of the MIT Police says that although a STOP tag is not =
software that can track a device via GPS or other means, it has been very e=
ffective at providing a way for lost or stolen laptops to be returned to th=
eir rightful owners.
For example, a laptop that was stolen from a MIT student last year turned u=
p at a Boston homeless shelter. When one of the residents of the shelter tr=
ied to sell the laptop to another resident, a person working at the shelter=
noticed and intervened. He called the number on the STOP tag that was atta=
ched to the laptop. The owner was eventually tracked down via the MIT Polic=
e. When he got the call from the police, he was surprised; he thought the l=
aptop was gone forever.
Read more laptop recovery stories here<https://www.stoptheft.com/>.
Learn more about laptop registration at MIT<http://kb.mit.edu/confluence/di=
splay/istcontrib/MIT+Police+Laptop+Tagging+and+Registration>.
------------------------------------------------------------------------
2. Using a Tracking System for Lost or Stolen Devices
------------------------------------------------------------------------
In addition to using the STOP tags mentioned above, the MIT Police recommen=
ds that Apple device owners make use of the free "find my iPhone<https://ww=
w.apple.com/icloud/features/find-my-iphone.html>" feature that comes with a=
n Apple iCloud account. Apple products, especially iPhones, are highly attr=
active to thieves<http://www.motherjones.com/mojo/2013/03/stolen-iphone-the=
ft-imsi>. According to various police reports around the country, theft of =
smartphones increased 40% in 2012.
The same iCloud service exists for Mac laptops and desktops. However, be aw=
are that even with a tracking system on a device -- whether using the iClou=
d service from Apple or a third-party software such as LoJack for Laptops (=
http://www.lojack.com/Laptops) or Prey Project (http://preyproject.com/) --=
the police may not be able to simply retrieve it.
Even when the police can track the stolen item to a building, the difficult=
y<http://www.businessweek.com/articles/2013-02-14/the-cops-arent-going-to-f=
ind-your-stolen-iphone> is in finding the person who has it. If your device=
has been stolen, or is in a location that you do not trust and cannot get =
to quickly, your best bet is to erase or lock the device. Once erased, file=
s and configurations cannot be restored except from a backup.
If you have a smart phone but don't have an iCloud account or Apple device,=
check with your cell phone service provider. They may have ways to lock or=
wipe the device remotely on your behalf.
What to do if your MIT or personally owned device has been lost or stolen<h=
ttp://kb.mit.edu/confluence/x/AQAKBw>.
---------------------------------------------------------------------------=
------
3. Microsoft Warns About Dangers of Not Migrating From XP
---------------------------------------------------------------------------=
------
For months now, Microsoft is telling Windows XP users that there will be no=
more updates for Windows XP Service Pack 3 after April 8, 2014.
A recent Security Blog post from Microsoft Director of Trustworthy Computin=
g Tim Rains<http://blogs.technet.com/b/security/archive/2013/08/15/the-risk=
-of-running-windows-xp-after-support-ends.aspx> warns that while XP SP3 was=
state of the art when it was released, the measures employed are no longer=
sufficient to block current attacks. Once support for XP ends, hackers wil=
l be able reverse engineer updates to see if XP is vulnerable to the vulner=
abilities they address; while newer versions of Windows will be patched, XP=
will not be, putting users at direct risk of attack.
Information Services & Technology is in the final phase of terminating supp=
ort for XP users at MIT.
The recommendation is to migrate to Windows 7<http://ist.mit.edu/windows/7/=
enterprise> (with SP1) via a clean install<http://kb.mit.edu/confluence/dis=
play/istcontrib/Windows+7+-+Clean+Installation> versus an upgrade, as soon =
as possible.
See the schedule and details for the termination of Windows XP support by I=
S&T<http://ist.mit.edu/news/retiring_windows.xp>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F32393CF5OC11EXPO24excha_
Content-Type: text/html; charset="us-ascii"
Content-ID: <61F427A8D254D746883168A99CB1D276@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif; ">
<div>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; ">In thi=
s issue:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. EVENT: Laptop Registr=
ation, First Week in September</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. Using a Tracking Syst=
em for Lost or Stolen Devices</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. Microsoft Warns About=
Dangers of Not Migrating From XP</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. EVENT: Laptop Registr=
ation, First Week in September</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">There are two dates comi=
ng up in September to register and tag your laptop:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Where: Kresge Lobby</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">When: September 3, 11:00=
am - 2:30 pm</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Where: Stata Student Str=
eet</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">When: September 4, 11:00=
am - 2:30 pm</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Cost: $10 cash only</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Just as you might regist=
er a bike with the police, you can also register your laptop. Information S=
ervices & Technology partners with MIT Police to provide STOP tags for =
laptops. The tag is affixed to the device,
has a unique number, and is registered with a world-wide database.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Sgt. Cheryl Vossmer of t=
he MIT Police says that although a STOP tag is not software that can track =
a device via GPS or other means, it has been very effective at providing a =
way for lost or stolen laptops to
be returned to their rightful owners.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">For example, a laptop th=
at was stolen from a MIT student last year turned up at a Boston homeless s=
helter. When one of the residents of the shelter tried to sell the laptop t=
o another resident, a person working
at the shelter noticed and intervened. He called the number on the STOP ta=
g that was attached to the laptop. The owner was eventually tracked down vi=
a the MIT Police. When he got the call from the police, he was surprised; h=
e thought the laptop was gone forever.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Read more <a href=3D"htt=
ps://www.stoptheft.com/">
laptop recovery stories here</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://kb.mit=
.edu/confluence/display/istcontrib/MIT+Police+Laptop+Tagging=
3;and+Registration">Learn more about laptop registration at MIT</a>.</p=
>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
------------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. Using a Tracking Syst=
em for Lost or Stolen Devices</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
------------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">In addition to using the=
STOP tags mentioned above, the MIT Police recommends that Apple device own=
ers make use of the free "<a href=3D"https://www.apple.com/icloud/feat=
ures/find-my-iphone.html">find my iPhone</a>"
feature that comes with an Apple iCloud account. Apple products, especiall=
y iPhones, are
<a href=3D"http://www.motherjones.com/mojo/2013/03/stolen-iphone-theft-imsi=
">highly attractive to thieves</a>. According to various police reports aro=
und the country, theft of smartphones increased 40% in 2012. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">The same iCloud service =
exists for Mac laptops and desktops. However, be aware that even with a tra=
cking system on a device -- whether using the iCloud service from Apple or =
a third-party software such as LoJack
for Laptops (<a href=3D"http://www.lojack.com/Laptops">http://www.lojack.c=
om/Laptops</a>) or Prey Project (<a href=3D"http://preyproject.com/">http:/=
/preyproject.com/</a>) -- the police may not be able to simply retrieve it.=
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Even when the police can=
track the stolen item to a building,
<a href=3D"http://www.businessweek.com/articles/2013-02-14/the-cops-arent-g=
oing-to-find-your-stolen-iphone">
the difficulty</a> is in finding the person who has it. If your device has =
been stolen, or is in a location that you do not trust and cannot get to qu=
ickly, your best bet is to erase or lock the device. Once erased, files and=
configurations cannot be restored
except from a backup.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">If you have a smart phon=
e but don't have an iCloud account or Apple device, check with your cell ph=
one service provider. They may have ways to lock or wipe the device remotel=
y on your behalf.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://kb.mit=
.edu/confluence/x/AQAKBw">What to do if your MIT or personally owned device=
has been lost or stolen</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
---------------------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. Microsoft Warns About=
Dangers of Not Migrating From XP</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
---------------------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">For months now, Microsof=
t is telling Windows XP users that there will be no more updates for Window=
s XP Service Pack 3 after April 8, 2014.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://blogs.=
technet.com/b/security/archive/2013/08/15/the-risk-of-running-windows-xp-af=
ter-support-ends.aspx">A recent Security Blog post from Microsoft Director =
of Trustworthy Computing Tim Rains</a>
warns that while XP SP3 was state of the art when it was released, the mea=
sures employed are no longer sufficient to block current attacks. Once supp=
ort for XP ends, hackers will be able reverse engineer updates to see if XP=
is vulnerable to the vulnerabilities
they address; while newer versions of Windows will be patched, XP will not=
be, putting users at direct risk of attack.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Information Services &am=
p; Technology is in the final phase of terminating support for XP users at =
MIT. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">The recommendation is to=
migrate to
<a href=3D"http://ist.mit.edu/windows/7/enterprise">Windows 7</a> (with SP1=
) via a <a href=3D"http://kb.mit.edu/confluence/display/istcontrib/Windows&=
#43;7+-+Clean+Installation">
clean install</a> versus an upgrade, as soon as possible.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://ist.mi=
t.edu/news/retiring_windows.xp">See the schedule and details for the termin=
ation of Windows XP support by IS&T</a>. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "></p>
<p style=3D"margin: 0px; font-family: Arial; "><br>
</p>
<p style=3D"margin: 0px; font-family: Arial; ">=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p=
>
<p style=3D"margin: 0px; font-family: Arial; ">Read all Security FYI Newsle=
tter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/">http://securityfyi.wordpress.=
com/</a>.</p>
<p style=3D"margin: 0px; font-family: Arial; ">=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p=
>
<p></p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
</div>
<div><span class=3D"Apple-style-span" style=3D"border-collapse: separate; f=
ont-family: Calibri; font-size: medium; border-spacing: 0px; "><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px; font-family: Helvetica; font-size: 14px; ">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; border=
-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse:=
separate; border-spacing: 0px; "><span class=3D"Apple-style-span" style=3D=
"border-collapse: separate; border-spacing: 0px; "><span class=3D"Apple-sty=
le-span" style=3D"border-collapse: separate; border-spacing: 0px; "><span c=
lass=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacin=
g: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separa=
te; border-spacing: 0px; font-size: 12px; ">
<div><br>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F32393CF5OC11EXPO24excha_--
--===============0619907601==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0619907601==--
