[9709] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, December 3, 2013
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Tue Dec 3 12:48:01 2013
Resent-From: ist-security-fyi@MIT.EDU
From: Monique Yeaton <myeaton@MIT.EDU>
To: ist-security-fyi <ist-security-fyi@MIT.EDU>
Date: Tue, 3 Dec 2013 17:45:49 +0000
Message-ID: <3ACED3B2A8CEFB4598A845F07FD4A05F3AA76D5E@OC11EXPO24.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0973467644=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============0973467644==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_3ACED3B2A8CEFB4598A845F07FD4A05F3AA76D5EOC11EXPO24excha_"
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F3AA76D5EOC11EXPO24excha_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. EVENT: Laptop Tagging & Registration, Wednesday Dec. 4
2. Webinar: Advanced Persistent Threat
3. Why Debit Cards Are Riskier
---------------------------------------------------------------------------=
-------
1. EVENT: Laptop Tagging & Registration, Wednesday Dec. 4
---------------------------------------------------------------------------=
-------
This Wednesday, there is an opportunity to register and tag your laptop:
Where: Stata Student Street (Bldg. 32, Ground level)
When: December 4, 11:00 am - 12:30 pm
Cost: $10 cash only or MIT Cash Object
Just as you might register a bike with the police, you can also register yo=
ur laptop. Information Services & Technology partners with MIT Police to pr=
ovide STOP tags for laptops. The tag is affixed to the device, has a unique=
number, and is registered with a world-wide database.
Sgt. Cheryl Vossmer of the MIT Police says that although a STOP tag is not =
software that can track a device via GPS or other means, it has been very e=
ffective at providing a way for lost or stolen laptops to be returned to th=
eir rightful owners.
Read laptop recovery stories here<https://www.stoptheft.com/>.
Learn more about laptop registration at MIT<http://kb.mit.edu/confluence/di=
splay/istcontrib/MIT+Police+Laptop+Tagging+and+Registration>.
-----------------------------------------------------
2. Webinar: Advanced Persistent Threat
-----------------------------------------------------
You may have heard of the term =93advanced persistent threat=94 or APT. As =
wikipedia states<http://en.wikipedia.org/wiki/Advanced_persistent_threat>, =
=93it usually refers to a group, such as a government, with both the capaci=
ty and the intent to effectively target a specific entity.=94 It has evolve=
d our view of cyber intrusions to realize there are people behind actions. =
The better we understand those people, the better we can prepare and protec=
t ourselves.
APT is a widely used, and widely misunderstood term. Most security professi=
onals have a strong opinion of APT. Here is an article about it in the MIT =
Technology Review<http://www.technologyreview.com/news/424310/prepare-for-t=
he-advanced-persistent-threat/>.
On Thursday, December 5th, the Center for Internet Security is presenting t=
wo security experts in their National Webcast Initiative series, to help us=
better understand APT, learn what it is, and what it isn=92t. The webcast =
will explore the difference between APT and cyber crime, what the APT adver=
saries are targeting, and the use of social components for intrusion. To re=
gister for free, visit the National Webcast Initiative<http://msisac.cisecu=
rity.org/webcast/2013-12/>.
------------------------------------------
3. Why Debit Cards Are Riskier
------------------------------------------
The recent IS&T article "Tips for Shopping Safely Online<http://ist.mit.edu=
/news/shop_safe_online>" mentions that using a debit card is riskier for sh=
opping than using a credit card. A colleague wondered how much of this was =
true, so I decided to do a little bit of research. These are some reasons w=
hy:
* Payments made with credit cards are charged to the lender, who takes =
the risk and covers you for fraud. You can make a dispute claim and have th=
e charge removed from your account. You simply decline the charges and don'=
t have to pay the bill. Debit cards are tied directly to a bank account, so=
payment is almost instant and charges are billed to you, the client, rathe=
r than the intermediary credit lender. Disputing a charge can take weeks to=
clean up, in the meantime leaving less funds in your account than you thou=
ght you had.
* ATMs, where you withdraw cash from your bank account, are the perfect=
target for thieves. Outdoor ATMs are especially susceptible: the thieves i=
nstall a skimming device that reads the magnetic strip on the back of the c=
ard, thereby stealing your financial information. Gas station payment machi=
nes are another place thieves install skimmers.
* Stores are also targets for thieves. In 2009 Heartland Payment System=
s<http://www.darkreading.com/attacks-breaches/heartland-struggles-to-measur=
e-extent-of/212901810> discovered thieves had been stealing financial data =
right from the check-out card payment machines at 175,000 of their merchant=
s, and several years later Michael's was hit<http://online.wsj.com/news/art=
icles/SB10001424052748703730804576319033369439712> in a similar manner.
Of course, using a credit card comes with its own risks, such as interest r=
ates and late fees. You can run up too much debt if you're not careful. But=
for those of you who are financially responsible, credit cards can also ea=
rn you miles or other bonus points and rewards.
View more information about the differences between debit and credit cards =
at bankrate.com<http://www.bankrate.com/finance/checking/risky-places-swipe=
-debit-card-1.aspx> and this article on the NY Times<http://www.nytimes.com=
/2009/01/06/your-money/credit-and-debit-cards/primercards.html>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F3AA76D5EOC11EXPO24excha_
Content-Type: text/html; charset="Windows-1252"
Content-ID: <8512E840AE18944B9D564EB90D422D12@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif;">
<div>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;">In this=
issue:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">1. EVENT: Laptop Tagging =
& Registration, Wednesday Dec. 4</p>
<p style=3D"margin: 0px; font-family: Helvetica;">2. Webinar: Advanced Pers=
istent Threat</p>
<p style=3D"margin: 0px; font-family: Arial;">3. Why Debit Cards Are Riskie=
r</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
---------------------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica;">1. EVENT: Laptop Tagging =
& Registration, Wednesday Dec. 4</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
---------------------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">This Wednesday, there is =
an opportunity to register and tag your laptop:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">Where: <b>Stata Student S=
treet (Bldg. 32, Ground level)</b></p>
<p style=3D"margin: 0px; font-family: Helvetica;">When: <b>December 4, 11:0=
0 am - 12:30 pm</b></p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">Cost: $10 cash only or MI=
T Cash Object</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">Just as you might registe=
r a bike with the police, you can also register your laptop. Information Se=
rvices & Technology partners with MIT Police to provide STOP tags for l=
aptops. The tag is affixed to the device,
has a unique number, and is registered with a world-wide database.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">Sgt. Cheryl Vossmer of th=
e MIT Police says that although a STOP tag is not software that can track a=
device via GPS or other means, it has been very effective at providing a w=
ay for lost or stolen laptops to be
returned to their rightful owners.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; color: rgb(4, 46, 238);"><=
span style=3D"color: #000000">Read
<a href=3D"https://www.stoptheft.com/">laptop recovery stories here</a>.</s=
pan></p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; color: rgb(4, 46, 238);"><=
span style=3D"text-decoration: underline"><a href=3D"http://kb.mit.edu/conf=
luence/display/istcontrib/MIT+Police+Laptop+Tagging+and+=
;Registration">Learn more about laptop registration at MIT</a></span><span =
style=3D"color: #000000">.</span></p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
----------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica;">2. Webinar: Advanced Pers=
istent Threat</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
----------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">You may have heard of the=
term =93advanced persistent threat=94 or APT.
<a href=3D"http://en.wikipedia.org/wiki/Advanced_persistent_threat">As wiki=
pedia states</a>, =93it usually refers to a group, such as a government, wi=
th both the capacity and the intent to effectively target a specific entity=
.=94 It has evolved our view of cyber
intrusions to realize there are people behind actions. The better we under=
stand those people, the better we can prepare and protect ourselves.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">APT is a widely used, and=
widely misunderstood term. Most security professionals have a strong opini=
on of APT.
<a href=3D"http://www.technologyreview.com/news/424310/prepare-for-the-adva=
nced-persistent-threat/">
Here is an article about it in the MIT Technology Review</a>. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">On <b>Thursday, December =
5th</b>, the Center for Internet Security is presenting two security expert=
s in their National Webcast Initiative series, to help us better understand=
APT, learn what it is, and what it
isn=92t. The webcast will explore the difference between APT and cyber cri=
me, what the APT adversaries are targeting, and the use of social component=
s for intrusion.
<a href=3D"http://msisac.cisecurity.org/webcast/2013-12/">To register for f=
ree, visit the National Webcast Initiative</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
-----------------</p>
<p style=3D"margin: 0px; font-family: Arial;">3. Why Debit Cards Are Riskie=
r</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
-----------------</p>
<p style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Arial;">The recent IS&T article &=
quot;<a href=3D"http://ist.mit.edu/news/shop_safe_online">Tips for Shopping=
Safely Online</a>" mentions that using a debit card is riskier for sh=
opping than using a credit card. A colleague wondered
how much of this was true, so I decided to do a little bit of research. Th=
ese are some reasons why:</p>
<p style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</p>
<ul>
<li style=3D"margin: 0px; font-family: Arial;">Payments made with credit ca=
rds are charged to the lender, who takes the risk and covers you for fraud.=
You can make a dispute claim and have the charge removed from your account=
. You simply decline the charges and
don't have to pay the bill. Debit cards are tied directly to a bank accoun=
t, so payment is almost instant and charges are billed to you, the client, =
rather than the intermediary credit lender. Disputing a charge can take wee=
ks to clean up, in the meantime
leaving less funds in your account than you thought you had. </li><l=
i style=3D"margin: 0px; font-family: Arial;">ATMs, where you withdraw cash =
from your bank account, are the perfect target for thieves. Outdoor ATMs ar=
e especially susceptible: the thieves install a skimming device that reads =
the magnetic strip on the back of
the card, thereby stealing your financial information. Gas station payment=
machines are another place thieves install skimmers.
</li><li style=3D"margin: 0px; font-family: Arial;">Stores are also targets=
for thieves. In 2009
<a href=3D"http://www.darkreading.com/attacks-breaches/heartland-struggles-=
to-measure-extent-of/212901810">
Heartland Payment Systems</a> discovered thieves had been stealing financia=
l data right from the check-out card payment machines at 175,000 of their m=
erchants, and several years later
<a href=3D"http://online.wsj.com/news/articles/SB10001424052748703730804576=
319033369439712">
Michael's was hit</a> in a similar manner. </li></ul>
<p style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Arial;">Of course, using a credit car=
d comes with its own risks, such as interest rates and late fees. You can r=
un up too much debt if you're not careful. But for those of you who are fin=
ancially responsible, credit cards
can also earn you miles or other bonus points and rewards. </p>
<p style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Arial;">View more information about t=
he differences between debit and credit cards at
<a href=3D"http://www.bankrate.com/finance/checking/risky-places-swipe-debi=
t-card-1.aspx">
bankrate.com</a> and <a href=3D"http://www.nytimes.com/2009/01/06/your-mone=
y/credit-and-debit-cards/primercards.html">
this article on the NY Times</a>. </p>
<p style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0px; font-family: Helvetica;">Read all Security FYI New=
sletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"color: rgb(4, =
46, 238);">http://securityfyi.wordpress.com/</span></a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p>
</div>
<div><span class=3D"Apple-style-span" style=3D"border-collapse: separate; f=
ont-family: Calibri; font-size: medium; border-spacing: 0px;"><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px; font-family: Helvetica; font-size: 14px; orphans: 2; widows: 2;">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; border=
-spacing: 0px;"><span class=3D"Apple-style-span" style=3D"border-collapse: =
separate; border-spacing: 0px;"><span class=3D"Apple-style-span" style=3D"b=
order-collapse: separate; border-spacing: 0px;"><span class=3D"Apple-style-=
span" style=3D"border-collapse: separate; border-spacing: 0px;"><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px;"><span class=3D"Apple-style-span" style=3D"border-collapse: separate; b=
order-spacing: 0px; font-size: 12px;">
<div><br>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F3AA76D5EOC11EXPO24excha_--
--===============0973467644==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0973467644==--
