<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Garamond, sans-serif; ">
<div>
<div>
<div><span class="Apple-style-span" style="font-family: Helvetica; ">In this issue:</span></div>
<div><span class="Apple-style-span" style="font-family: Helvetica; ">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
<span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; ">
<div style="font-size: 12px; ">
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px">
<br>
</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">1. What Is Application Whitelisting?</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">2. Cyber Threats to US Taken Seriously</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">3. Flame Virus: Most Sophisticated Weapon Yet Unleashed</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px">
<br>
</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px">
<br>
</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">---------------------------------------------</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">1. What Is Application Whitelisting?</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">---------------------------------------------</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px">
<br>
</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Application whitelisting is a computer administration practice used to prevent unauthorized programs from running. The purpose is primarily to protect computers and networks from harmful applications
that might contain viruses or other malware.</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px">
<br>
</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Whitelisted applications are granted by permission of the computer user or an administrator. Applications are automatically checked against the list and if found, allowed to run when they try
to execute an action.</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px">
<br>
</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Some security experts believe that the technique of whitelisting is better than blacklisting, which is the technique that anti-virus (AV) applications use. They argue that blacklisting is too
complex and difficult to manage.</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px">
<br>
</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Application whitelisting has been in the news more frequently recently because of the feature (called Gatekeeper) in Apple's new operating system
<a href="http://www.apple.com/osx/what-is/security.html">Mountain Lion (OS X 10.8)</a> and because it has been brought up as the solution for addressing the
<a href="http://www.infosecurity-magazine.com/view/26475/whitelisting-is-the-solut">
security of large national infrastructure systems</a>.</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px">
<br>
</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px">
<br>
</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">--------------------------------------------------</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">2. Cyber Threats to US Taken Seriously</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">--------------------------------------------------</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px">
<br>
</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">In the <a href="http://online.wsj.com/article/SB10000872396390444330904577535492693044650.html?KEYWORDS=Obama+cybersecurity#printMode">
Wall Street Journal</a> last week President Obama explains why the nation needs new cyber legislation. </p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px">
<br>
</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">An except: "The American people deserve to know that companies running our critical infrastructure meet basic, commonsense cybersecurity standards, just as they already meet other security requirements.
Nuclear power plants must have fences and defenses to thwart a terrorist attack. Water treatment plants must test their water regularly for contaminants. Airplanes must have secure cockpit doors. We all understand the need for these kinds of physical security
measures. It would be the height of irresponsibility to leave a digital backdoor wide open to our cyber adversaries."</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px">
<br>
</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px">
<br>
</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">---------------------------------------------------------------------------</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">3. Flame Virus: Most Sophisticated Weapon Yet Unleashed</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">---------------------------------------------------------------------------</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px">
<br>
</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">You may have heard about the latest big cyber threat going around. Dubbed "Flame," this malware can sniff network traffic, take screenshots, record audio conversations, intercept a keyboard, and
more, according to Kaspersky Lab. It is currently targeting mostly countries in the Middle East, with Iran being the hardest hit.</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px">
<br>
</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">While Flame shares characteristics with malware like Stuxnet and Duqu, Kaspersky concludes that they were probably developed by two separate groups. However, there are some links which could indicate
that the creators of Flame had access to technology used in the Stuxnet project.</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px">
<br>
</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">A researcher at Kaspersky, Alexander Gostev wrote: "Flame can easily be described as one of the most complex threats ever discovered. It's big and incredibly sophisticated. It pretty much redefines
the notion of cyberwar and cyberespionage."</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px">
<br>
</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Read some more about Flame at
<a href="http://www.pcworld.com/article/256508/the_flame_virus_your_faqs_answered.html">
PCWorld</a> and at <a href="http://en.wikipedia.org/wiki/Flame_(malware)">Wikipedia</a>.</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height: 16.0px">
<br>
</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">===================================================================================</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Read all Security FYI Newsletter articles and submit comments online at
<a href="http://securityfyi.wordpress.com/"><span style="text-decoration: underline ; color: #1e37ee">http://securityfyi.wordpress.com/</span></a>.</p>
<p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">===================================================================================</p>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; ">Monique
Yeaton</span></span></span></span></div>
<div style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; ">IT
Security Communications Consultant</span></span></span></span></span></span></div>
<div style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; ">MIT
Information Services & Technology (IS&T)</span></span></span></span></span></span></div>
<div style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; ">(617)
253-2715</span></span></span></span></span></span></div>
<div style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; "><span class="Apple-style-span" style="font-size: 12px; ">http://ist.mit.edu/security</span></span></span></span></span></span></div>
<div style="font-size: 12px; "><br class="khtml-block-placeholder">
</div>
<br class="Apple-interchange-newline">
</span></span></span></span></span></span></span></div>
</span></div>
</div>
</div>
</body>
</html>