[IS&T Security-FYI] Newsletter, March 21, 2008

Monique Yeaton myeaton at MIT.EDU
Fri Mar 21 14:15:43 EDT 2008 

In this issue:

1. Apple Security Update
2. Hannaford Security Breach Affects MITFCU


--------------------------------
1. Apple Security Update
--------------------------------

Apple released security update 2008-002 this week to fix a number of  
vulnerabilities in components of the OS X and OS X Server  
applications, including among others Apache, AppKit, and Kerberos. To  
receive the update, it can be downloaded and installed via Software  
Update preferences or from the Apple Downloads page <http:// 
www.apple.com/support/downloads/>. Previous security updates have  
been incorporated in this security update.


----------------------------------------------------------
2. Hannaford Security Breach Affects MITFCU
----------------------------------------------------------

This week a data breach has been reported by Maine-based Hannaford  
Brothers grocery chain. The breach occurred during the card  
authorization process, which caused card information to be stolen as  
it was being transmitted to banks for approval. Hannaford was found  
to be in compliance with PCI (Payment Card Industry) security  
standards. It is believed that this caused the company to have a  
false sense of security, leaving data unencrypted in a spot that  
turned out to be vulnerable.

The card data were reportedly exposed between December 7, 2007 and  
March 10, 2008. The company estimates that 4.2 million account  
numbers were compromised. Eighteen hundred cases of fraud have been  
reported in connection to the breach. The breach affected all 165  
stores in the northeast as well as 106 Sweetbay stores in Florida.

The MIT Federal Credit Union reports that some holders of MITFCU  
accounts were affected by the breach. The Credit Union notes that the  
stolen data was limited to credit and debit card numbers and  
expiration dates. If you used your MITFCU Visa or debit MasterCard at  
a Hannaford during the security breach period, you may want to  
monitor your statements for any sign of suspicious activity. Contact  
the MITFCU's Call Center at 617.253.2845 if you have any concerns.  
More information is posted on their web site at <www.mitfcu.org>.


=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security

More information about the ist-security-fyi mailing list