[IS&T Security-FYI] SFYI Newsletter, May 24, 2010

Mon May 24 14:01:19 EDT 2010

In this issue:

1. Event: IT Partners Conference Security Track
2. Google's Data Collecting Receives More Attention
3. Car Computer Systems Could Be Manipulated by Hackers
4. Tip of the Week: Protect Your Social Security Number

-------------------------------------------------------------
1. Event: IT Partners Conference Security Track
-------------------------------------------------------------

On June 2nd in the Stata Center from 9:00am to 5:00pm, the IT Partners Conference will be featuring various tracks, among them Security, which the planning team has placed very heavy emphasis on this year. The Security track will be covering these topics:

Sensitive Data at MIT: PIRN & WISP - Allison Dolan
Malware/PIRN Remediation from the Trenches - Tom Jagatic/Steve Burke
Data Inventory Tool: IdentityFinder Demo - Tim McGovern/Monique Yeaton
PGP Whole Disk Encryption - Mike Halsall
Cyber Investigations - James Burrell (FBI)

All Security topic presentations will take place in Kirsch Auditorium. Everyone is welcome to attend the conference (there is still time to RSVP as of today and it is free!). Keynote speaker will be Head of IS&T, Marilyn Smith and Jeff Schiller will provide the closing remarks. Hope to see you there!

To learn more about the conference and to RSVP: <http://kb.mit.edu/confluence/x/M4Vh>

------------------------------------------------------------------
2. Google's Data Collecting Receives More Attention
------------------------------------------------------------------

The Google data-gathering issue is gaining widespread attention. Google has acknowledged that it inadvertently gathered personal information, including scraps of websites and personal email messages, from unprotected Wi-Fi networks while gathering images for Google Street View.  

German prosecutors have opened an investigation into Google's collection of data from Wi-Fi networks. German officials have asked that Google turn over a hard drive containing some of the data. Google has said it will destroy the data. US legislators are also questioning the legality of Google's data collection and have asked the Federal Trade Commission (FTC) to investigate. France and Italy are launching investigations as well. The Irish Data Protection Commissioner requested that data gathered there be destroyed and Google has complied. The UK Information Commissioner's Offices (ICO) have asked Google to delete the data it has collected there and declined to launch an investigation, although there are groups pushing for the data to be retained for an investigation.

Read the full story: <http://voices.washingtonpost.com/posttech/2010/05/the_anger_is_growing_over.html>

Comment on this story. Was Google "war driving?" Tell us what you think about this on the Security FYI Blog: <http://securityfyi.wordpress.com/>

-----------------------------------------------------------------------------
3. Car Computer Systems Could Be Manipulated by Hackers
-----------------------------------------------------------------------------

Researchers from the University of Washington and the University of California, San Diego, presented a paper at the IEEE Symposium on Security and Privacy on May 19 in which they describe how computer programs used in automobiles can be manipulated by hackers to take control of braking and other critical systems in cars. 

The researchers created a tool called CarShark that "can sniff and inject packets on the" Controller Area Network (CAN) system, the diagnostic tool used for all US cars built in 2008 and later.  The cyber attackers would need access to a standard diagnostic computer port in the targeted car.  In a demonstration last year, the researchers connected a laptop to the targeted car and controlled that car's computer system wirelessly with another laptop in a car close by.  The researchers are not trying to scare people, but to drive home the point to automobile manufacturers that they must bake security into the computer systems that accompany new cars.  

Read the full story: <http://www.nytimes.com/2010/05/14/science/14hack.html>

-----------------------------------------------------------------------
4. Tip of the Week: Protect Your Social Security Number
-----------------------------------------------------------------------

Avoid using your social security number whenever you can. Many places use social security numbers for user identification. Ask to use an alternate number if possible. In addition, don't print it on personal checks. Your Social Security number is the key to most of your financial information which makes it a prime target for criminals. Only give it out when absolutely necessary. 

At MIT, Social Security numbers are generally only used for income tax and salary payment or reimbursement payment purposes. For all other business purposes the MIT ID number is used. To learn more about how MIT is protecting Social Security numbers and other personal information see: <http://web.mit.edu/infoprotect/>.

===========================================================================

Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB>

Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100524/a313f5ad/attachment.htm