[IS&T Security-FYI] SFYI Newsletter, December 5, 2008

Fri Dec 5 15:29:49 EST 2008

In this issue:

1. Apple Issues Update for iPhone, iPod Touch
2. Leaving a Digital Trail: What About Privacy?
3. Update: Advanced SANS Forensics Course

-----------------------------------------------------------
1. Apple Issues Update for iPhone, iPod Touch
-----------------------------------------------------------

Apple released an update for the iPhone and the iPod touch. In  
addition to new features, the update incorporates security patches for  
a dozen vulnerabilities, including two iPhone data exposure problems.  
The first of these was noted in August and allows someone with  
physical access to a passcode-locked device to launch applications  
without needing to know the passcode. The second is a vulnerability  
that exposes incoming SMS messages if the iPhone is set to emergency  
call mode. Other vulnerabilities addressed in the update include  
remote code execution flaws in the way the device handles image files  
and web pages.

[Source: SANS NewsBites]

Read full story here:
<http://www.vnunet.com/vnunet/news/2231088/apple-releases-iphone-update>
<http://news.cnet.com/8301-1009_3-10105450-83.html>

----------------------------------------------------------
2. Leaving a Digital Trail: What About Privacy?
----------------------------------------------------------

A story featured in The Tech earlier this week, and was originally  
published in the New York Times, discusses a study being conducted at  
Random Hall at MIT, in which students exchange privacy for smart  
phones that generate digital trails to be beamed to a central  
computer. Data is collected as the basis for an emerging field called  
collective intelligence.

It does make one wonder about the future of privacy, or lack thereof,  
in this electronic age. Read the full story here:

<http://tech.mit.edu/V128/N59/privacy.html>

To show that using these types of digital trails for specific purposes  
is not so far-fetched, also read this other New York Times article,  
which follows how MetroCards in NYC are being used to trace murder  
suspects:

<http://www.nytimes.com/2008/11/19/nyregion/19metrocard.html?_r=1&th&emc=th 
 >

----------------------------------------------------------
3. Update: Advanced SANS Forensics Course
----------------------------------------------------------

As a reader of this newsletter pointed out earlier this week, the  
Advanced SANS Forensics course <http://www.sans.org/info/30523> is  
available at a discount, if more than one person from an organization  
is attending.

According to the group registration information on the site:
SANS Local Mentor Program is pleased to offer two (2) or more Students  
who work at the same organization, a Group Discount tuition fee. To  
obtain the Group Discount fee and Registration Code offered for this  
course, contact tuition at sans.org PRIOR to registering and provide the  
names and e-mail addresses of all the students registering within your  
organization.

So, if you ARE interested in attending, or know of anyone, please  
reply to <ist-security-fyi at mit.edu> so that a potential list can be  
collected before registering.

=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20081205/672e601f/attachment.htm