[IS&T Security-FYI] Newsletter, March 22, 2007

Thu Mar 22 16:37:42 EDT 2007

In this issue:

1. DMCA Notices are Getting Attention
2. MIT is Looking for an IT Security Analyst
3. Tip: Purging Your Documents of a Hidden Threat

-------------------------------------------------
1. DMCA Notices are Getting Attention
-------------------------------------------------

One of the newsletters I sent around in February mentioned the rise  
in copyright infringement notices at MIT. The news media have been  
paying attention to this recent crackdown from the RIAA (Recording  
Industry Association of America), and point out that the worst  
infringers are universities.

The IT Security Support team at MIT receives the DMCA notices  
(Digital Millennium Copyright Act, which protects copyright holders),  
and gives infringers the opportunity to remove the violating files  
from their computers and to stop sharing copyrighted materials. As a  
response to this situation, the security team is working on a list of  
frequently asked questions which it will post online to help the  
community understand what copyright infringement is, how to avoid it,  
and what the consequences of infringement could entail. Stay tuned. I  
will notify this list when the page has been posted.

------------------------------------------------------
2. MIT is Looking for an IT Security Analyst
------------------------------------------------------

There is an IT Security job available within the IT Security Support  
team at MIT. The position, which is for an Information and Network  
Security Analyst, will be part of a four-person team to provide  
support and assistance to MIT departments, labs and centers in  
preventing and addressing security issues. In addition to at least  
five years of practical experience in information and network  
security and incident response, working directly with end-users, the  
optimal candidate would have good communication, technical,  
analytical and project management skills.

A full description of the position is posted on Jobs at MIT here:  
<http://hrweb.mit.edu/staffing/index.html> and can be found by  
selecting "Vice President Information Security and Technology" from  
the Organization drop menu.

-----------------------------------------------------------------
3. Tip: Purging Your Documents of a Hidden Threat
-----------------------------------------------------------------

Did you know that there is often data hidden (known as metadata) in  
Word documents that do not display when opened normally in Word? If  
information that the author didn't intend to share is revealed, it  
could lead to a security breach of private information or an  
embarrassment to those sharing the document. With metadata, it's  
possible to view the history of every change ever made to any  
Microsoft document during its lifetime. Information can include edits  
made by others, comments placed in it, and more.

This fact may not be news to some people. Several years ago, metadata  
accounted for an embarrassment for the British government, when it  
was discovered that hidden information in a security document  
outlining its stance towards involvement in Iraq revealed that much  
of the work was plagiarized.

We suggest that if you are sharing documents, to convert them to PDF  
format first, making sure that your "tracked changes" are not  
showing. Microsoft offers several other solutions for minimizing risk  
from metadata in its products including how to remove them. To learn  
more, visit Microsoft's help site: <http://office.microsoft.com/en-us/ 
help/FX100485361033.aspx> and do a search for "metadata."

If you have any questions, please contact us at security at mit.edu.

Monique

=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security