[IS&T Security-FYI] Security FYI Newsletter, April 29, 2015
Monique Buchanan
myeaton at mit.edu
Wed Apr 29 15:44:17 EDT 2015
In this issue:
1. Cloud Security Research at MIT
2. Event: Laptop Tagging and Registration, May 6th
3. WordPress Releases Update to Address Zero Day Flaw
----------------------------------------------
1. Cloud Security Research at MIT
----------------------------------------------
For several years, computer science researchers at MIT have been reviewing and attempting to address the problem of attacks on data in the cloud. A recent method designed by faculty in MIT’s Department of Electrical Engineering and Computer Science would thwart attacks by disguising memory-access patterns. The scheme would be implemented in custom-built chips that write multiple data queries at the point where data is accessed, serving as a sort of decoy for attackers who are spying on other people’s data.
Read the full MIT News story<http://newsoffice.mit.edu/2015/cloud-security-chips-0223>.
---------------------------------------------------------------------
2. Event: Laptop Tagging and Registration, May 6th
---------------------------------------------------------------------
Come next week to Lobby 10 to register and tag your laptop. This is the last opportunity to do so this semester!
Where: Lobby of Building 10
When: Wed., May 6th, 11:00 am - 1:15 pm
How to pay: $10 cash (no cards) or MIT Cost Object
Just as you might register a bike with the police, you can also register your laptop. Information Systems & Technology partners with MIT Police to provide STOP (Security Tracking of Office Property) tags for laptops. The tag is affixed to the device, has a unique number, and is registered with a world-wide database.
Capt. Cheryl Vossmer of the MIT Police says that although a STOP tag is not software that can track a device via GPS or other means, it has been very effective at providing a way for lost or stolen laptops to be returned to their rightful owners.
Read recovery stories here<https://www.stoptheft.com/> of laptops with STOP tags.
Laptop tagging and registration takes a break during the summer and we will post the next laptop tagging session when available. Laptop registration at MIT<http://kb.mit.edu/confluence/display/istcontrib/MIT+Police+Laptop+Tagging+and+Registration>.
------------------------------------------------------------------------------
3. WordPress Releases Update to Address Zero Day Flaw
------------------------------------------------------------------------------
This week WordPress released a critical update<https://wordpress.org/news/2015/04/wordpress-4-2-1/> to fix a vulnerability in its content management system that could be exploited to hijack web admin accounts. An exploit for the vulnerability was released over the weekend.
Attackers could exploit the flaw by embedding malicious code in a comment. If the attacker has previously made an innocuous post that gets approved by a site administrator, the new comment containing the code would post automatically and the code would execute. The WordPress update brings the most current version to 4.2.1.
Read the story in the news<http://www.zdnet.com/article/millions-of-wordpress-sites-vulnerable-to-hijacking-after-zero-day-exploit-released/>.
=======================================================================================
Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
=======================================================================================
Monique Buchanan
Social Communications Specialist
Information Systems & Technology, MIT
tel: 617.253.2715
www.ist.mit.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20150429/57ceaa7b/attachment.htm
More information about the ist-security-fyi
mailing list