[IS&T Security-FYI] SFYI Newsletter, December 17, 2013

Monique Yeaton myeaton at MIT.EDU
Tue Dec 17 12:35:30 EST 2013 

In this issue:


1. Popular Holiday-Themed Phishing

2. Reminder: Windows XP and Office 2003 Soon De-Supported

3. Job Opening: IT Network Security Technical Team Lead

4. Free from SANS: Holiday Hacking Challenge



-------------------------------------------------

1. Popular Holiday-Themed Phishing

-------------------------------------------------


Phishing attacks —using email to trick a recipient to click on a link or an attachment that then infects the computer —happen year round. However, at this time of year there are more people shopping online than usual. Thieves take advantage of these rushed and weary shoppers to get through their defenses.


An article on Help Net Security lists the most common holiday-themed phishing attacks:


  *   Holiday e-card: Holiday greetings that come through email.
  *   Holiday sales, discounts or deals: Attackers will try to sneak through phishing emails masquerading as merchants offering blowout deals.
  *   Holiday party information or registration: Most companies throw a holiday party this time of year. Spoofed invitations could catch the untrained eye.
  *   Package delivery or update information: Fed Ex or UPS delivery notifications have often been spoofed to get a recipient caught unawares.
  *   Year-end deadlines or requirements: This is an open opportunity for attackers to get creative and exploit an employee before he/she heads out for the holidays.
  *   Travel notifications: Emails warning of itinerary changes will certainly grab the attention of a person eager to get home for the holidays.


Read the full article online<http://www.net-security.org/secworld.php?id=16075>.


The best way to make sure an email is legitimate is to verify the sender. Either view the email’s full headers<http://kb.mit.edu/confluence/display/istcontrib/How+to+verify+if+an+email+originated+from+someone+at+MIT> or double-check with the sender through some other means (calling them directly, for example) regarding the information in the email.


How to find full email headers<http://kb.mit.edu/confluence/display/mitcontrib/How+to+Find+Full+Email+Headers>.



-------------------------------------------------------------------------------------

2. Reminder: Windows XP and Office 2003 Soon De-Supported

-------------------------------------------------------------------------------------


In less than four months, Windows XP and Office 2003 will no longer be supported by Microsoft and the Windows Update services. MIT Information Services & Technology (IS&T) has also announced its de-support plan of Windows XP<http://kb.mit.edu/confluence/display/istcontrib/Windows+XP+De-support+Plan>.


This means that if your computer is still running Windows XP and Office 2003 by April 8, 2014, it will no longer receive security updates. Security updates prevent flaws in the software code from being exploited by attackers. Software that is up to date with the latest patches is much less likely to be vulnerable to an attack.


Office 2003 includes SharePoint 2003, Visio 2003 and Project 2003. Exchange Server 2003 is also being de-supported.


Content Management Server 2002 will no longer be supported after April 8, 2014 and Microsoft XML Core Services 4.0 will no longer be supported after April 12, 2014.


It is recommended to upgrade as soon as possible. IS&T recommends users upgrade to Windows 7. Here are the guidelines for a Windows 7 migration<http://kb.mit.edu/confluence/display/istcontrib/Windows+7+Migration+Guidelines>.


NOTE: If you have a new machine, IS&T now offers full support for the business-class versions of Windows 8<http://ist.mit.edu/windows/8/enterprise>. Note that there are still some known issues with using Windows 8 in the MIT environment, such as PGP Desktop is not supported. These issues are reported on the Windows 8 Enterprise page<http://ist.mit.edu/windows/8/enterprise>.



-----------------------------------------------------------------------------

3. Job Opening: IT Network Security Technical Team Lead

-----------------------------------------------------------------------------


IS&T has a position open for an IT Network Security Technical Team Lead. The position involves managing and delivering security operations, monitoring intrusion detection mechanisms, and other tasks to minimize security-related risks to the Institute.


View the full job description at the Jobs Site<http://jobs.mit.edu/>.



----------------------------------------------------------------

4. Free from SANS: Holiday Hacking Challenge

----------------------------------------------------------------


The SANS tenth annual holiday hacking challenge, using themes from the classic It's a Wonderful Life holiday movie, is their most exciting and in-depth challenge ever.  You'll match wits with nasty cyber attackers, analyzing their techniques in depth to help save the city and George Bailey's life!  Based on the technical infrastructure of SANS CyberCity project, this fun and informative challenge will help you pick up valuable real-world skills in defending critical infrastructures.


You see, the city of Bedford Falls is under cyber attack, and on Christmas Eve no less! Dastardly villains have targeted its train switching system, water reservoir, traffic lights, and even its power

grid. George Bailey, head of infosec for the town, is all that stands between Bedford Falls and disaster. Suddenly, all the lights in town go dark... And that's where you come in.


To read and participate in this FREE challenge, click here<http://pen-testing.sans.org/holiday-challenge>.



=======================================================================================

Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.

=======================================================================================

Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20131217/e1fd9d16/attachment.htm

More information about the ist-security-fyi mailing list