[IS&T Security-FYI] SFYI Newsletter, June 17, 2013

Monique Yeaton myeaton at MIT.EDU
Mon Jun 17 16:52:45 EDT 2013 

In this issue:


1. IT Partners Presentation on Securing the Human

2. Apple iOS 7 to Include Activation Lock Security Measures

3. Adobe Flash and AIR Updated



--------------------------------------------------------------------

1. IT Partners Presentation on Securing the Human

--------------------------------------------------------------------


Last week at the IT Partners Conference, I did a presentation on Securing the Human, an online security awareness training program for students, faculty and staff. The courses in the program are still in development, with the plan to roll these out to the MIT community in the summer.


The presentation (slides plus transcript) is available here<http://web.mit.edu/myeaton/Public/STH/>.


You can learn more about the Securing the Human - End User Training course materials here<http://www.securingthehuman.org/enduser/index>. They are created by SANS.org a trusted name in information security training.


We are very excited about this new offering from IS&T to the MIT community and I would like to invite you to be part of the testing phase (through the end of June) or the pilot (starting in July).


If you are interested in either of these opportunities, please let me know by emailing: myeaton at mit.edu.



--------------------------------------------------------------------------------

2. Apple iOS 7 to Include Activation Lock Security Measures

--------------------------------------------------------------------------------


At the keynote address of its Worldwide Developers Conference, Apple said that when the new operating system comes out in Fall of 2013, an ID and password will be needed to turn off a mobile device's "Find my iPhone/iPad" feature or to erase any data. The same ID and password will be needed to reactivate a device after it has been remotely erased.


This step is being taken to stop the trend of "Apple picking" a growing wave of crime in which thieves target mobile devices, particularly iPhones and iPads. As mobile devices become more popular, stealing them has become a unique sort of crime, requiring some police units to create a special team just for crimes relating to mobile devices.


Read the full story in the news here<http://www.cnn.com/2013/06/11/tech/mobile/iphone-ios7-kill-switch/index.html> and here<http://www.eweek.com/mobile/new-ios-7-lockout-feature-that-may-save-lives-wont-arrive-until-fall/>. NBC Washington posted a video<http://www.nbcwashington.com/news/local/Victims-Cell-Phone-Snatched-While-in-Use-211052171.html> showing such a crime occurring on the street in Washington, DC.


There is one misleading bit of information in this article on page 2<http://www.eweek.com/mobile/new-ios-7-lockout-feature-that-may-save-lives-wont-arrive-until-fall-2>. It says: "Right now, the find my iPhone app will only display an info screen and have it display a message and send out an annoying sound. It doesn't stop the iPhone from being used."


This is not entirely true. You can remotely lock your device (iOS 5) or Lock and Track your device (iOS 6) using Lost Mode in the Find my iPhone feature in iCloud. If your iOS device already has a passcode, you don't need to enter a passcode, the device locks using the existing passcode.


Learn more about these existing iPhone protections here<http://kb.mit.edu/confluence/display/istcontrib/iPhone+at+MIT>.



--------------------------------------------

3. Adobe Flash and AIR Updated

--------------------------------------------


Last week, Adobe fixed a critical bug in Flash and AIR that might allow exploits or attacks in the wild. The latest Flash version is 11.7.700.224 for Windows and 11.7.700.225 for Mac OS X. Internet Explorer 10 and Chrome should auto-update their versions of Flash.


The most recent versions of Flash Player are also available from the Adobe website<http://get.adobe.com/flashplayer/> (when downloading, beware of potentially unwanted add-ons, like McAfee Security Scan). You can find out what version of Flash Player your browser is using here<http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html>.


Adobe AIR was updated to version 3.7.0.2090 for Windows and Android and version 3.7.0.2100 for Mac OS X. Adobe AIR checks for and prompts you to install available updates anytime you launch an application that uses AIR. Or you can download the latest version here<http://get.adobe.com/air/>.



===================================================================================

Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.

===================================================================================


Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20130617/688fbded/attachment.htm

More information about the ist-security-fyi mailing list