[IS&T Security-FYI] SFYI Newsletter, February 27, 2012

Mon Feb 27 15:31:36 EST 2012

In this issue:

1. NERCOMP Conference & New Security Paradigms

2. QR Codes: A Tool for Criminals

3. The White House's Consumer Privacy Bill of Rights

--------------------------------------------------------------------

1. NERCOMP Conference & New Security Paradigms

--------------------------------------------------------------------

This year the NERCOMP annual conference in Providence, Rhode Island is occurring on March 12-14. One of the pre-conference seminars is "New Paradigms for IT Security." Security officers from 4 different schools: Harvard, Brown, UMass and Boston College, will be discussing how computer security has become a business problem, with a growing need to "secure the human" over the computer or technology. They will explore risk management, HR security, applications security, compliance, user awareness, and other elements of the new security paradigm as they affect IT and the entire campus.

Time: Monday, March 12, 8:30 am - 12:00 pm

Location: Rhode Island Convention Center, Room 551

Cost: $165 (a separate registration and fee are required for this seminar)

Learn more<http://www.educause.edu/NC12/Program/SEM01A> or sign up online<http://net.educause.edu/content.asp?page_id=1029579&bhcp=1>.

Note: The rest of the conference (the Tuesday 3/13 and Wednesday 3/14 seminars) are available online, if interested. IS&T is hosting the online track of the conference<http://www.educause.edu/NC12/Program/Online> in the E17 Learning Center on both days.

-------------------------------------------

2. QR Codes: A Tool for Criminals

-------------------------------------------

You know those little black and white boxes you see on ads and billboards lately, used by advertisers and marketers. In many cases, these QR codes<http://en.wikipedia.org/wiki/QR_code> are encoded web links. They are intended to save users the hassle of writing down a web address or other information while they're out and about. A quick scan with a smartphone is all you need to use the decoded message.

Most scanning applications will recognize that the code is a link and instantly open a web browser. Here's where the bad guys can enter the picture. Criminals have discovered that they can use QR codes to infect your smartphone with malware, trick you to visiting a phishing web site, or steal information from your mobile device.

All a criminal has to do is use one of the QR code-generating tools available for free on the Internet, print out the code and affix it to an existing ad or poster, replacing the safe QR code with his risky one. You won't know you're scanning a malicious link until it's too late.

Learn what you can do to protect yourself from malicious QR codes<http://netsecurity.about.com/od/securityadvisorie1/a/How-To-Protect-Yourself-From-Malicious-QR-Codes.htm>.

--------------------------------------------------------------------

3. The White House's Consumer Privacy Bill of Rights

--------------------------------------------------------------------

President Obama's administration has released a Consumer Privacy Bill of Rights and plans to work with Congress to enact the legislation. The bill provides voluntary guidelines for online companies that aims to give people more control over how their personal data are collected and used.

Here's an excerpt of an article discussing the topic at CNET.com:

"Consumer online privacy is a hot topic these days, with complaints that Google and Facebook, among others, compromise the privacy of consumers in order to boost advertising opportunities and revenues.

Recently, several lawmakers and consumer advocates filed complaints with the FTC over Google's plan to consolidate its privacy policies and combine data on users from across all of it services and products. On Wednesday, 36 state Attorneys General offices signed a letter asking for a meeting with Google CEO Larry Page to discuss concerns they have that consumers can't opt out of having their information shared between different Google services under the modified privacy plan.

Google was also criticized this month for bypassing default privacy settings on Safari and Internet Explorer. Meanwhile, Facebook has taken heat for its frictionless sharing and Timeline features."

Read more<http://news.cnet.com/8301-27080_3-57383300-245/obama-unveils-consumer-privacy-bill-of-rights/#ixzz1nc88AY6A>.

===================================================================================

Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.

===================================================================================

Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20120227/ee1de73d/attachment.htm