[IS&T Security-FYI] SFYI Newsletter, April 17, 2012

[Monique Yeaton]

In this issue:


1. Spam Getting Through? Report It.

2. Mobile Security, Not So Much

3. Event: 2012 National Collegiate Cyber Competition

4. April Issue of OUCH! Newsletter Covers Metadata



----------------------------------------------

1. Spam Getting Through? Report It.

----------------------------------------------


The email coming through MIT's email servers also runs through the Symantec Brightmail Gateway. This service ensures that most spam is caught before it reaches our in-boxes. End users at MIT can log into the Gateway to set up good and bad senders lists. It also allows users to release spam that is inadvertently caught by the Spam Quarantine. Learn more<http://ist.mit.edu/spam>.


Unfortunately, no spam filters are 100% fail-safe. Unwanted email may still get through and land in our in boxes. I'm referring to unsolicited email that should not have made it through the filters in the first place. IS&T does not have fine-tuning control over the spam measuring features built into the Gateway itself; that is controlled by the vendor, Symantec. However, the vendor does provide users with a way to submit feedback so that the metrics used to tag emails as spam can be tweaked. If you are computer savvy, this knowledge base article posted by Symantec<http://www.symantec.com/business/support/index?page=content&id=TECH83081> explains how you can manually submit spam and false positives to the Symantec Security Response Center.


NOTE: The spam feedback service is provided by Symantec to its customers, it is not a service that IS&T offers to MIT. Users must contact Symantec directly for support.



-----------------------------------------

2. Mobile Security, Not So Much

-----------------------------------------


Last week I attended an IT security conference and one of the presenters threw out the following statistics: Five billion people in the world have access to a mobile device, and in comparison, only half a billion have access to a computer. Yet when it comes to technologies for mobile security, they're almost non-existent. In addition, the biggest obstacle to securing sensitive data on cell phones or smart phones is the lack of knowledge of the customer.


As stated in a recent New York Times article<http://www.nytimes.com/2012/01/26/technology/personaltech/protecting-a-cellphone-against-hackers.html>, technology experts predict that in 2012, breached, infiltrated or otherwise compromised mobile devices will be the biggest security issue. Some experts also estimate that more than a million phones worldwide have already been affected. The article goes on to describe what can happen if your device is breached and lists several ways you can help protect it against hackers.


Additional tips for mobile devices can be found in the IS&T Knowledge Base<http://kb.mit.edu/confluence/x/XQdS>.


Also, if you're interested, the next IT Partners lunch on April 24 is on Mobile Device Management and one of the topics covers sensitive data concerns. Don't forget to RSVP with the IT Partners Planning team if you plan to attend (rsvp-itpartners at mit.edu<mailto:rsvp-itpartners at mit.edu>). Details: April 24 (Tuesday), 12:00 to 1:30 pm, Marlar Lounge, 37-252.



-------------------------------------------------------------------

3. Event: 2012 National Collegiate Cyber Competition

-------------------------------------------------------------------


More than 400 college students in the US have registered for CyberQuest, the online US Cyber Challenge competition that is the only way to win invitations and scholarships for the summer regional Fantasy Cyber Camps (featuring America's top cyber experts teaching advanced technique) in California, Virginia and Delaware.


CyberQuests are a series of fun but challenging on-line competitions allowing participants to demonstrate their knowledge in a variety of information security realms. Each quest features an artifact for analysis, along with a series of quiz questions. Some quests focus on a potentially vulnerable sample web server as the artifact, challenging participants to identify its flaws using vulnerability analysis skills. Other quests are focused around forensic analysis, packet capture analysis, and more. The quests have varying levels of difficulty and complexity, with some quests geared toward beginners, while others include more intermediate and ultimately advanced material.


Register for the April 2012 quest before it closes on April 29. More information here<http://uscc.cyberquests.org/>.



------------------------------------------------------------------

4. April Issue of OUCH! Newsletter Covers Metadata

------------------------------------------------------------------


This month's issue explains what metadata is, the types of information metadata can unknowingly expose, and how to identify and delete it. Metadata is far more pervasive than you may think. Download the PDF of the newsletter, published by SANS.org here<http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201204_en.pdf>.



===================================================================================

Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.

===================================================================================

Thanks,

Monique

=========================
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20120417/40879cc0/attachment.htm