[IS&T Security-FYI] SFYI Newsletter, May 19, 2014

Mon May 19 14:50:27 EDT 2014

In this issue:

1. Increase in Spam Attacks at MIT this Weekend
2. Who’s Still Vulnerable to Heartbleed?
3. US Retailers Launch Cyber Intelligence Sharing Center

------------------------------------------------------------------
1. Increase in Spam Attacks at MIT this Weekend
------------------------------------------------------------------

Over the weekend, two MIT Kerberos accounts were compromised, leading to a spike in spam<http://ist.mit.edu/security/spam_phishing> in our email inboxes. The emails were not sent by anyone at MIT, but were sent using the compromised users’ accounts, to make it look like they came from MIT.

When spam comes from a compromised email account at MIT, the spam filters at MIT are less likely to block them than if they come from an account outside of MIT. The only action MIT can take is to notify the user and temporarily suspend the account, preventing it from sending further emails. The user must change their account password before it is reactivated by MIT.

To prevent your MIT account from compromise, it is important to have a strong password<http://kb.mit.edu/confluence/x/3wNt> and to protect it appropriately<http://ist.mit.edu/security/passwords>. Do not use your Kerberos password for other accounts. Do not use your password on an insecure network. When off-campus, be sure to use an encrypted wireless network or use VPN<http://ist.mit.edu/security/connections>.

-----------------------------------------------------
2. Who’s Still Vulnerable to Heartbleed?
-----------------------------------------------------

Is the Internet safer since the discovery of Heartbleed? To an extent.

Many websites responded promptly to the bug by patching OpenSSL, replacing their SSL certificates and revoking the old certificates. However, 7% of these sites made a mistake: they reissued certificates without changing the encryption key that may have been leaked via Heartbleed.

It is critical to keep the private keys of certificates secret. If an attacker steals the private key, he can impersonate the secure website, decrypt sensitive information, or perform a man-in-the-middle attack. By reusing the same private key, a site that was affected by Heartbleed still faces exactly the same risks as those who have not yet replaced their SSL certificates.

So, it is STILL VERY IMPORTANT to check first before visiting sites to see if they remain affected by Heartbleed. You can check these sites by using several online tools, including:

  *   https://filippo.io/Heartbleed/
  *   https://lastpass.com/heartbleed/
  *   https://www.ssllabs.com/ssltest/

Read the full story in the news<http://news.netcraft.com/archives/2014/05/09/keys-left-unchanged-in-many-heartbleed-replacement-certificates.html>.

-----------------------------------------------------------------------------
3. US Retailers Launch Cyber Intelligence Sharing Center
-----------------------------------------------------------------------------

Major US retailers have come together to launch the Retail Cyber Intelligence Sharing Center (R-CISC) in an effort to prevent incidents like the Target attack. The organization, which counts among its members Target, The Gap, Walgreens, and J.C. Penney, will share real-time threat information with each other and with US agencies, including the Secret Service, the FBI, and the Department of Homeland Security (DHS), as well as with other public and private stakeholders.

R-CISC will provide training, education, and research resources to its members to help fight “increasingly sophisticated methods of attack.”

Read the full story in the news<http://www.scmagazine.com/retailers-join-forces-to-share-threat-intelligence/article/347215/>.

=======================================================================================
Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
=======================================================================================

Monique Buchanan
IT Security Communications Coordinator
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20140519/661c8d59/attachment.htm