[IS&T Security-FYI] SFYI Newsletter, July 16, 2012
Monique Yeaton
myeaton at MIT.EDU
Mon Jul 16 15:31:48 EDT 2012
In this issue:
1. Yahoo Passwords Hacked
2. Theft on the MIT Campus
3. Reminder to Change Your Kerberos Password
-------------------------------------
1. Yahoo Passwords Hacked
-------------------------------------
Yahoo is investigating a breach that exposed usernames and passwords of 450,000 accounts last Wednesday. The compromised accounts are for Yahoo Voice, a voice-over-Internet-protocol (VoIP) service. According to security firm TrustedSec, the passwords and usernames appeared to be stored without encryption in plain text. That means anyone can use the information. Yahoo said that fewer than 5 percent of the accounts breached had valid passwords. The company is fixing the vulnerability that led to the disclosure.
Many people use the same usernames and passwords for multiple accounts. To be on the safe side, it is recommended to change your Yahoo password and those of any other accounts that used that password.
Read the full story online<http://www.washingtonpost.com/business/technology/yahoo-passwords-hacked-likely-taken-through-yahoo-voices/2012/07/12/gJQA6IsOfW_story.html>.
------------------------------------
2. Theft on the MIT Campus
------------------------------------
The Police at MIT is warning the community about the occurrence of theft on campus this summer. Nine laptops, tablets, phones or backpacks/wallets were reported stolen in June; so far this month, ten such items were reported stolen. The thefts occur with higher frequency in public areas, such as the Student Center.
The Police bulletin<http://web.mit.edu/cp/www/bulletins.htm> recommends that you do not leave any of your possessions unattended, not even for an instant. Most items are stolen when the victim gets up and leaves his or her bag or device behind "just to grab a coffee" or "to use the restroom." As an additional precaution against theft of electronic devices, it is recommended to use a tool (such as iCloud<http://www.apple.com/icloud/setup/> for Mac OS or iOS devices or one that supports multiple platforms such as http://preyproject.com/) that can locate, lock and recover your device at no cost.
--------------------------------------------------------------
3. Reminder to Change Your Kerberos Password
--------------------------------------------------------------
It's that time of year to renew our MIT personal web certificates (which expire the end of July) and at the same time to refresh our Kerberos password if it's been over a year since it was last updated.
Why change your password? Password strength requirements change as password cracking methods become more technologically advanced. While a 6-character password used to be considered strong enough a few years ago, today the recommendation is 8 characters and longer. Complexity is also a factor: using 3 different types of characters (upper case and lower case letters plus special characters) is better than just using one or two different types.
Password complexity and length does add one large risk: being able to remember it becomes more difficult. Especially since we often have more than one password we need to remember, it's becoming a challenge to keep track of them without the need to write them down.
I have found a great solution is a password vault that encrypts all my passwords, right on my computer. One master password is needed to gain access to them. LastPass<http://lastpass.com/> is one such service which I have used for years now and can't imagine living without. It is free and easy to use. Other options are KeePass and Password Safe (both free open source password managers). You can find others if you search your browser on the terms "password manager" or "password vault."
Change your Kerberos password here<https://ca.mit.edu/ca/cpw>.
===================================================================================
Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
===================================================================================
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20120716/6d039fb3/attachment.htm
More information about the ist-security-fyi
mailing list