[IS&T Security-FYI] SFYI Newsletter, August 6, 2012
Monique Yeaton
myeaton at MIT.EDU
Mon Aug 6 16:18:09 EDT 2012
In this issue:
1. PGP Incompatible with Mac OS X 10.8
2. Phishing Emails Appear to Come from MIT
3. SQL Injection Attacks Up 69%
----------------------------------------------------
1. PGP Incompatible with Mac OS X 10.8
----------------------------------------------------
Symantec Corporation, maker of PGP Whole Disk Encryption software, has released a statement regarding the recent release of OS X 10.8 Mountain Lion. The statement warns users:
"Based on past experiences, we do NOT recommend that users, currently encrypted with PGP Whole Disk Encryption for Macs, upgrade to OS X 10.8 when it is made available by Apple."
Symantec is actively testing both products with the 10.8 release. According to latest reports from Symantec, support for 10.8 will be available in September 2012.
IS&T Recommendation: You should not upgrade to 10.8 if you wish to continue using PGP. If you want to upgrade to 10.8, please decrypt your disk and uninstall PGP prior to installing 10.8. See your local IT support for environment specific recommendations.
IS&T provides steps for FileVault<http://kb.mit.edu/confluence/x/dABpC>, which is native to the operating system.
---------------------------------------------------------
2. Phishing Emails Appear to Come from MIT
---------------------------------------------------------
You may receive emails in your inbox that appear to come from MIT, warning you about your email quota being reached, or requiring a response to the "MIT Help Desk."
These emails are spoofed, written to look like they come from a legitimate source, but were actually sent by cyber criminals who are trying to get you to click on a link or to provide your personal information (such as your email account information). See some examples of these fake emails<http://kb.mit.edu/confluence/x/VxhB>.
Unfortunately, many of these emails make it through the spam-filtering tools of MIT. The best way to handle the emails is to not reply, or click on the links or attachments provided, but to delete them immediately. If you are concerned about spam, please contact the IS&T Help Desk<http://ist.mit.edu/help>.
IMPORTANT: IS&T will never send a request via email to MIT users to either update their email account or follow a link to verify their account.
------------------------------------------
3. SQL Injection Attacks Up 69%
------------------------------------------
According to an article by ZDNet, SQL Injection attacks are becoming more popular amongst hackers. The numbers jumped 69% between the first and second quarters of 2012. This might explain how all those email addresses and passwords are being stolen lately. In the last few months, there have been a slew of attacks against popular sites such as LinkedIn, eHarmony, and Yahoo.
A SQL Injection<http://en.wikipedia.org/wiki/SQL_injection> is a technique used to access a database through a website, often by exploiting a vulnerability in the site's software.
Read the full story in the news<http://www.zdnet.com/sql-injection-attacks-up-69-7000001742/>.
===================================================================================
Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
===================================================================================
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20120806/dad975be/attachment.htm
More information about the ist-security-fyi
mailing list