[IS&T Security-FYI] SFYI Newsletter, May 21, 2012

Mon May 21 17:23:17 EDT 2012

In this issue:

1. Malware Targeting the Mac OS

2. Social Networking Sites and Security

-------------------------------------------

1. Malware Targeting the Mac OS

-------------------------------------------

About 50% of users at MIT use Mac computers. Many do so because of personal preference but another reason is that they have been historically safer than Windows computers. There are simply a lot more malware and viruses being written for Windows users because of the larger user base.

We now know that Mac computers are not immune to malware and that attackers are writing malware that target Macs specifically. This month Apple released an update to address the Flashfake/Flashback malware<http://www.securelist.com/en/analysis/204792227/The_anatomy_of_Flashfake_Part_1> attack. Apple, and even Microsoft, do not release security updates instantly when malware is found targeting those systems. There can be a few months' delay before they are released. So it is important that users have malware or virus protection already installed on their computers.

IS&T provides McAfee virus protection software<http://ist.mit.edu/mcafee-security> for free to MIT users and from what we have seen, it works great on the Macs. If you or your family members have a Mac at home and are concerned about malware, it would be smart to look into some of the other products that are available, both for a fee or for free. Here's a listing of the top five by ArsTechnica<http://arstechnica.com/apple/2012/05/hands-on-with-five-antivirus-apps-for-the-mac/>.

Additional tips: Turn on the Mac firewall<http://kb.mit.edu/confluence/x/FQCKBg>, and take all security patches<http://kb.mit.edu/confluence/x/IQCzB> from Apple as they are released.

--------------------------------------------------

2. Social Networking Sites and Security

--------------------------------------------------

Twitter Supports "Do Not Track"

Do Not Track (DNT) is a privacy preference that users can set in their web browsers. Twitter now supports DNT and provides clients with choices about the information Twitter collects. The company provides this article<https://support.twitter.com/articles/20169453> explaining DNT and how to enable it when visiting the Twitter site or other web sites.

Facebook Allegedly Tracks Web Usage

In similar news, Facebook was sued for $15 billion<http://www.bloomberg.com/news/2012-05-18/facebook-sued-for-15-billion-in-suit-over-user-tracking.html> over alleged privacy infraction. Law firm Stewarts Law announced last week that it combined 21 privacy lawsuits against the social network into a single, class-action suit. They are charging the social network with violating user privacy by allegedly tracking their Web usage.

Malware Targeting Social Networks is Spreading

On the malware front, a cross-browser extension development framework, called Crossrider, is being used by attackers to build click-fraud worms. Click-fraud occurs when attackers provide links on social networking sites that use fake advertisement modules. When a user clicks or views these ads, the malware's creators earn money through affiliate programs. Learn more in this article by ComputerWorld<http://www.computerworld.com/s/article/9227351/Cross_browser_worm_spreads_via_Facebook_security_experts_warn>.

===================================================================================

Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.

===================================================================================

Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20120521/faf8ea7f/attachment.htm