[IS&T Security-FYI] SFYI Newsletter, February 16, 2010
Monique Yeaton
myeaton at MIT.EDU
Tue Feb 16 11:05:39 EST 2010
In this issue:
1. US Cyber Challenge Talent Search
2. Hackers Taking Advantage of False Celebrity News
3. Tip of the Week: Don't Fall for Phishing Schemes
------------------------------------------------
1. US Cyber Challenge Talent Search
------------------------------------------------
The US Cyber Challenge, announced last year by CSIS (Center for
Strategic and International Studies), is looking for young Americans
with the skills to fill the ranks of cyber security practitioners,
researchers, and warriors, and to deal with the severe lack of
technical talent in the government.
CSIS: "The purpose of the challenge is to identify 10,000 people who
have the interest and technical computer skills. The program will
nurture and develop their skills, enable them to get access to
advanced education and exercises, and where appropriate, enable them
to be recognized by employers where their skills can be of the
greatest value to their nation."
Along with creating new jobs with this program, it will also improve
the security of the private and public sectors, adopt new technology
innovations, and shift the dynamic between hostile and friendly actors
in the cyber world.
High school students, college students and graduates can all enter the
competitions listed on the CSIS site. After being identified as top
candidates, and going through advanced education, they will finally be
brought into federal agencies like the NSA, FBI, DoD, US-Cert and the
US Department of Energy Laboratories, all of which are helping to make
this program effective.
Free summer camps are also being made available. Similar to sports
camps, they are for those who already know how systems can be hacked
and protected. To qualify for an invitation, students have to do well
in one of the four competitions of the US Cyber Challenge. If you are
interested in attending the camps, or know someone who is, send email
to Sonny Sandelius (ssandelius at sans.org).
More about the program:
• http://csis.org/uscc
• http://techbuddha.wordpress.com/2009/08/04/the-us-cyber-challenge-wants-you/
--------------------------------------------------------------------
2. Hackers Taking Advantage of False Celebrity News
--------------------------------------------------------------------
Last month a false rumor was going around the Internet that actor
Johnny Depp had died in a car accident. There was even a page posted,
that looked very much like a CNN news page, and had the story complete
with photo of the crushed car.
If you were interested in finding out more, and used Google to search
on the story, you could find a series of links that would supposedly
lead you to a video of the scene of the accident. In fact, the video
had a hidden Trojan that would download malware and infect your
computer.
Watch this video by Sophos, the security software company, which takes
you through these steps and details how hackers take advantage of a
user's gullibility:
http://www.youtube.com/watch?v=LPBhaVduF-Q&feature=player_embedded
-----------------------------------------------------------------
3. Tip of the Week: Don't Fall for Phishing Schemes
-----------------------------------------------------------------
As the onslaught of phishing emails (emails that look legitimate but
are actually "fishing" for personal confidential information) continue
unabated, we regularly remind folks to stay on the look out. And
remember, just because your spam filter didn't catch a sneaky email,
doesn't mean it's harmless.
Could you tell if an email message requesting personal information was
legitimate? In most cases you can trust your instincts (if an email
message looks suspicious, it probably is). However there are some
messages that look like the real thing but aren't. If an email message
contains any of the following phrases, there's a good chance it could
be a phishing scheme:
1. We need to verify your account information.
2. If you don't respond immediately, your account will be cancelled.
3. Click the link below to update your information.
Take the following Phishing Quizzes and see how good you are at
identifying phishing schemes.
• http://www.washingtonpost.com/wp-srv/technology/articles/phishingtest.html
• http://www.sonicwall.com/phishing/
=
=
=
========================================================================
Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB
>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS, SSN, OR OTHER PERSONAL
INFORMATION!
Ignore emails asking you to provide yours. MIT will *NEVER* ask you
for this information through email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100216/db093513/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1846 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100216/db093513/attachment.bin
More information about the ist-security-fyi
mailing list