[IS&T Security-FYI] Newsletter, March 21, 2008
Monique Yeaton
myeaton at MIT.EDU
Fri Mar 21 14:15:43 EDT 2008
In this issue:
1. Apple Security Update
2. Hannaford Security Breach Affects MITFCU
--------------------------------
1. Apple Security Update
--------------------------------
Apple released security update 2008-002 this week to fix a number of
vulnerabilities in components of the OS X and OS X Server
applications, including among others Apache, AppKit, and Kerberos. To
receive the update, it can be downloaded and installed via Software
Update preferences or from the Apple Downloads page <http://
www.apple.com/support/downloads/>. Previous security updates have
been incorporated in this security update.
----------------------------------------------------------
2. Hannaford Security Breach Affects MITFCU
----------------------------------------------------------
This week a data breach has been reported by Maine-based Hannaford
Brothers grocery chain. The breach occurred during the card
authorization process, which caused card information to be stolen as
it was being transmitted to banks for approval. Hannaford was found
to be in compliance with PCI (Payment Card Industry) security
standards. It is believed that this caused the company to have a
false sense of security, leaving data unencrypted in a spot that
turned out to be vulnerable.
The card data were reportedly exposed between December 7, 2007 and
March 10, 2008. The company estimates that 4.2 million account
numbers were compromised. Eighteen hundred cases of fraud have been
reported in connection to the breach. The breach affected all 165
stores in the northeast as well as 106 Sweetbay stores in Florida.
The MIT Federal Credit Union reports that some holders of MITFCU
accounts were affected by the breach. The Credit Union notes that the
stolen data was limited to credit and debit card numbers and
expiration dates. If you used your MITFCU Visa or debit MasterCard at
a Hannaford during the security breach period, you may want to
monitor your statements for any sign of suspicious activity. Contact
the MITFCU's Call Center at 617.253.2845 if you have any concerns.
More information is posted on their web site at <www.mitfcu.org>.
=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security
More information about the ist-security-fyi
mailing list