[IS&T Security-FYI] SFYI Newsletter, October 28, 2014

Tue Oct 28 12:29:42 EDT 2014

In this issue:

1. For Your Calendar: Free Webcasts from SANS
2. Video: Cybercrime Exposed
3. Updates on Disabling SSL 3.0

-----------------------------------------------------------------
1. For Your Calendar: Free Webcasts from SANS
-----------------------------------------------------------------

Do you have about an hour of free time and want to learn something new from experts in the security field? You can find free webcasts hosted by SANS.org<http://SANS.org> through their upcoming<https://www.sans.org/webcasts/upcoming> webcasts page. Recent webcasts are archived<https://www.sans.org/webcasts/archive/2014>. These are among other topics:

  *   What’s in your software? Reduce risk from third-party and open source components (sponsor: Veracode)
  *
  *   Watering hole attacks: Detect end-user compromise before the damage is done (sponsor: AlienVault)
  *
  *   Zen and the art of network segmentation (sponsor: Tufin Technologies)
  *
  *   Ramping up your phishing program (special from SANS)
  *
  *   Be ready for a breach with intelligent response (sponsor: McAfee/Intel Security)

You have to log in to SANS.org<http://SANS.org> to access the material. MIT is a member of SANS, so there is no cost. Much of the information in the Security FYI newsletter comes from SANS sources.

-----------------------------------------
2. Video: Cybercrime Exposed
-----------------------------------------

In this 2-minute video, Trend Micro educates about the ins and outs of phishing scams, what you might lose when you fall victim, and what you can do to stay protected. This cybercrime exposé specifically looks at a phishing operation that was in affect in Brazil during the 2014 World Cup. Criminals hosted phishing site templates, malware and the victims’ personal documents in an online sharing site. It lured victims to click their links, then stole their money.

Knowing the different tactics used by bad guys will help you avoid becoming a victim of cyber crime.

View the video on YouTube<http://youtu.be/pXp2RvA0SBU>.

-------------------------------------------
3. Updates on Disabling SSL 3.0
-------------------------------------------

Due to the recent POODLE flaw<https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/>, Apple will stop supporting SSL 3.0 for push notifications and switch to the TLS encryption standard. Apple announced on its developer site<https://developer.apple.com/news/?id=10222014a> that it will make the switch on October 29.

The push notification service from Apple forwards notifications of third-party applications to iOS devices; it may include badges, sounds or custom text alerts. Apple notes that providers that only support SSL 3.0 will need to transfer to TLS as soon as possible to ensure the service continues to perform as expected.

Other vendors are also updating their services. Twitter already notified users<https://twitter.com/twittersecurity/status/522190947782643712> that is has disabled SSL 3.0 support.

Mozilla advised Firefox users to install a Mozilla security add-on that disables SSL 3.0<https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/>. It will be disabling the old protocol in Firefox 34, the next version of its browser, by the end of November.

University of Michigan researchers have detailed how to disable SSL 3.0 for Internet Explorer<https://zmap.io/sslv3/browsers.html> and other sites.

Read the story online<http://www.cnet.com/news/apple-dumps-ssl-3-0-for-push-notifications-due-to-poodle-flaw/>.

=======================================================================================
Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
=======================================================================================

Monique Buchanan
IT Security Communications Coordinator
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715

[cid:B0BFCD69-2454-4597-9B79-36CDA1F0EA6E at mit.edu]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20141028/ac6be5a6/attachment-0001.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ncsam_sig.png
Type: image/png
Size: 10667 bytes
Desc: ncsam_sig.png
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20141028/ac6be5a6/attachment-0001.png