[IS&T Security-FYI] SFYI Newsletter, June 23, 2014

Tue Jun 24 07:08:51 EDT 2014

In this issue:

1. WEBCAST: Authentication Security and Why It Matters
2. Secret Keys Stashed in Google Play Apps
3. Ten Ideas for Improving Cyber Security
4. Security SIG’s First Lunch Meeting, July 16th

-----------------------------------------------------------------------------
1. WEBCAST: Authentication Security and Why It Matters
-----------------------------------------------------------------------------

Join a free webcast provided by SANS.org<http://SANS.org> this Tuesday.

What: Looking Beyond Layers: Why Authentication Security Matters Most
When: Tuesday, June 24 at 12:30 PM EDT
Featuring: Dave Shackelford and Brian Kelly
https://www.sans.org/webcasts/layers-authentication-security-matters-98480
Sponsored By: Duo Security https://www.duosecurity.com/

Description: Traditional, "tried-and-true" security wisdom tells us that tough perimeter controls, defense-in-depth, threat intelligence feeds, and all manner of security point products are the solutions to all our problems. However, as we've seen time and time again, breaches still happen, credentials still get lifted, and chaos ensues. Yet there's still hope -- authentication security is a viable avenue for making a huge impact against an attacker's sphere of influence and lateral movement capabilities.

Presenters will highlight some examples where two-factor authentication provided the key defense for disrupting attacks.

Duo Security is a vendor that IS&T is considering working with for two-factor authentication. If you miss this webcast, it will be archived on the SANS website here<https://www.sans.org/webcasts/archive/2014>.

See additional upcoming webcasts from SANS<https://www.sans.org/webcasts/upcoming>.

-----------------------------------------------------------
2. Secret Keys Stashed in Google Play Apps
-----------------------------------------------------------

Researchers at Columbia University have found that many Android app developers hide secret authentication keys in their code. The keys could be used to access private cloud accounts or social media profiles.

Read the story in the news.<http://arstechnica.com/security/2014/06/secret-keys-stashed-in-google-play-apps-pose-risk-to-android-users-developers/>

-------------------------------------------------------
3. Ten Ideas for Improving Cyber Security
-------------------------------------------------------

Forbes asked ten cyber experts' best ideas for thwarting digital security threats include changing the way we think about security and being proactive about protecting sensitive data; encouraging transparency from cloud services about data handling; making better use of encryption; developing systems that present smaller attack surfaces; developing a new secure network for critical infrastructure; and establishing privacy and data security regulation and enforcement for companies. Most acknowledged that there are no easy and quick fixes.

Read the story in the news<http://www.forbes.com/sites/kashmirhill/2014/06/18/10-ways-to-fix-cybersecurity/>.

---------------------------------------------------------------
4. Security SIG’s First Lunch Meeting, July 16th
----------------------------------------------------------------

Security SIG is holding its first luncheon on Wednesday, July 16th, 12:00 - 1:00 pm. If you haven’t yet signed up for Security SIG<https://mailman.mit.edu:444/mailman/listinfo/security_sig>, please do so.

Main topic: "The Biggest Threats to Security Today.” If you have any suggestions on what to cover for this topic, please let us know.
Lunch will be provided.
Location to be determined.

We got a great response rate (30% of the list) for the poll, so thanks to those who replied. Some of you also offered additional topics you¹re interested in, which is great to know for future events.

We need to still book a room, so stay tuned. Because we are serving lunch we will need you to RSVP. Please send your attendance confirmation to me, at myeaton at mit.edu<https://owa.exchange.mit.edu/owa/redir.aspx?C=wYhOL6XkkECJ0obiudR8BMpYm3vWYtEIixtMz7SxvupOHbZQb3xmBbC7tj5ze56wA8HGf75Qr5o.&URL=mailto%3amyeaton%40mit.edu>.

=======================================================================================
Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
=======================================================================================

Monique Buchanan
IT Security Communications Coordinator
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20140624/4870995c/attachment.htm