<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif; "><div><div><div><p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">In this issue:</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">1. Mac iOS 4.3.5 Fixes Data Security Issue</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">2. New Tricks Used by Computer Crooks</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">3. Help! My Laptop Was Stolen!</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------------------------------------------------------</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">1. Mac iOS 4.3.5 Fixes Data Security Issue</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------------------------------------------------------</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Last week Apple released iOS 4.3.5 for iPhone, iPad, and iPod Touch and iOS 4.2.10 for iPhone with Verizon service. It addresses a flaw with the certificate chain validation process when handling X.509 certificates. </p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">According to Apple, "An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible."</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Users of the above devices can take the update via iTunes on their PC or Mac.</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">See the notice by Apple:</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica"><http://support.apple.com/kb/HT4824></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">----------------------------------------------------</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">2. New Tricks Used by Computer Crooks</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">----------------------------------------------------</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">A new malware variant tries to trick people into voluntarily transferring money from their accounts to a cyber thief's account. The German police have warned consumers about a new Windows malware strain that waits until the victim logs into his bank account. The malware presents the customer with a message, stating that a credit has been made to his account by mistake, and that the account has been frozen until the errant payment is transferred back.</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">The victim is told to immediately make a transfer to return the funds and unlock his account. The malicious software presents an already filled-in online transfer form, with the account and routing numbers for a bank account the attacker controls.</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">To avoid falling victim to such scams, Kreb on Security, the blog featuring this story, recommends to "pick up the phone and call your bank… and make sure you are using the bank's real phone number" if you see something odd such as a "down for maintenance" page or an alert when logging in to your bank account.</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Read the full story here:</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica"><http://krebsonsecurity.com/2011/07/trojan-tricks-victims-into-transfering-funds/></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">----------------------------------------</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">3. Help! My Laptop Was Stolen!</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">----------------------------------------</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">The unfortunate side-effect of having a mobile device such as an iPad, smart phone or laptop is that, of course, they can be easily misplaced or stolen. They are small, lightweight and could bring in a few hundred bucks for the thief who off-loads them.</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">If it's gone, what do you do now? The important data contained on the device is hopefully password protected or even encrypted, but what if the drive wasn't encrypted? Or you can't remotely wipe or disable the device? </p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Think about what it may contain: photos of your family and friends, emails you sent out and received for work or personal correspondence, a manuscript or school paper, financial documents, etc. Depending on your browser settings, sites you have visited and passwords you entered may be easy to access. In other words, your own personal private information and intellectual property is now out there in someone's hands and you have no idea what they're doing with it. </p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Thieves will usually wipe the drive before selling it, but it's always best to prepare for the worst:</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<ol style="list-style-type: decimal">
<li style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Call MIT Police. Provide them with as much detail as you can, the serial number of the device, where and when it was stolen, and what it contained. Make sure you get a police report in case you need to prove fraud should that occur.</li>
<li style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">If the laptop had a STOP tag, there may be a chance of finding it again when the thief attempts to sell it. STOP tags can not be removed and if attempted, a tattoo is left in its place stating it is stolen material. Tell the MIT Police if there was a STOP tag affixed.</li>
<li style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Email infoprotect@mit.edu. If the device did contain the sensitive information of other members of the community, it is important to determine if that information has been put at risk. Again, include as much detail as you can. The email will be received by the IT Security Team. If you include the computer's MAC address, the last known IP address and the user name on the account, they can attempt to see if the computer comes back "on line," with the possibility of tracking it down.</li>
<li style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Change all your passwords, especially those to sites with your personal information.</li>
<li style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Contact your account providers to let them know your information may have been compromised. They may recommend you change the account numbers of your banks or credit cards. It's easier to close your accounts and open new ones than get the money back that the thieves have taken.</li>
<li style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">All a thief needs is your full name and another identifying piece of information, such as your driver's license or Social Security number to steal your identity. Put a fraud alert or credit freeze on your credit cards as soon as you can.</li>
</ol>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">It's very tough protecting data after a theft. Be proactive. Use software to protect your data. Use a lock to prevent theft. Other security tips for those traveling with a laptop can be found here:</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica"><http://ist.mit.edu/security/traveling></p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px"><br></p></div><div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; font-family: Helvetica; "><span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><div style="font-size: 12px; "><p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">===================================================================================</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Read all Security FYI Newsletter articles online or submit a comment at http://securityfyi.wordpress.com/.</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">===================================================================================</p><p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial"><br></p><p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial"><br></p></div><div style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; ">Monique Yeaton</span></span></span></span></div><div style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; ">IT Security Communications Consultant</span></span></span></span></span></span></div><div style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; ">MIT Information Services & Technology (IS&T)</span></span></span></span></span></span></div><div style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; ">(617) 253-2715</span></span></span></span></span></span></div><div style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; ">http://ist.mit.edu/security</span></span></span></span></span></span></div><div style="font-size: 12px; "><br class="khtml-block-placeholder"></div><br class="Apple-interchange-newline"></span></span></span></span></span></span></span></div></div></div></div></body></html>