<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div style="margin: 0px; font-family: Helvetica;">In this issue:</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">1. OUCH! Newsletter on Windows XP De-Support</div>
<div style="margin: 0px; font-family: Helvetica;">2. The Weakness of Passwords</div>
<div style="margin: 0px; font-family: Helvetica;">3. For Fun: Help Desk</div>
<div style="margin: 0px; font-family: Helvetica;">4. The Story Behind the Breach at Target, Inc.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">-------------------------------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica;">1. OUCH! Newsletter on Windows XP De-Support</div>
<div style="margin: 0px; font-family: Helvetica;">-------------------------------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">The March issue of OUCH! explains why Microsoft is ending support for Windows XP on April 8th. Learn what this means to people and the steps they can take to protect themselves. Please download and share OUCH!
with others.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;"><a href="http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201403_en.pdf">Download the Issue</a> (PDF)</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">-------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica;">2. The Weakness of Passwords</div>
<div style="margin: 0px; font-family: Helvetica;">-------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">Hold Security, the same security firm that discovered the online circulation of 153 million user names and passwords during last year’s Adobe breach, has tracked almost
<a href="http://arstechnica.com/security/2014/02/360-million-recently-compromised-passwords-for-sale-online/">
360 million compromised login credentials for sale in underground crime forums</a>. The find, containing an additional 1.25 billion records containing only email addresses, came from multiple breaches, and were likely served as user names and corresponding
passwords.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">The find is big enough that it likely came from hacks on poorly secured Web servers that store large caches of user credentials. </div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">The risk is biggest for users who choose the same password for multiple services. Once an attacker has someone’s email address and password for one site, the credentials can be used to compromise every other
site account that users the same user name and password.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;"><a href="http://arstechnica.com/information-technology/2013/06/the-secret-to-online-safety-lies-random-characters-and-a-password-manager/">This article covers everything you would want to know about online safety,
including using lies, random characters and a password manager</a>.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;"><a href="http://kb.mit.edu/confluence/x/3wNt">Learn about best password practices for MIT</a>.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">------------------------------</div>
<div style="margin: 0px; font-family: Helvetica;">3. For Fun: <a href="http://www2.navarrocollege.edu/facultystaff/staff_pages/mrobinson/shared/images/Help_Desk_05.jpg">
Help Desk</a></div>
<div style="margin: 0px; font-family: Helvetica;">------------------------------</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">-------------------------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica;">4. The Story Behind the Breach at Target, Inc.</div>
<div style="margin: 0px; font-family: Helvetica;">-------------------------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;"><a href="http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data">Businessweek.com has written an in-depth article and posted a video</a> explaining how Target Stores
were breached and their systems infected with malware, leading to one of the biggest data thefts in retail history. According to the investigation conducted after the discovery of the theft, Target employees failed to respond to several alerts made by their
security system, provided by FireEye. Had Target security staff responded appropriately to the alarms, they could have prevented the transmission of the stolen credit card data. </div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">Even without human intervention, the breach could’ve been stopped, according to the article. “The system has an option to automatically delete malware as it’s detected. But according to two people who audited
FireEye’s performance after the breach, Target’s security team turned that function off.” While not unusual, it puts pressure on a team to quickly find and neutralize the infected computers. </div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">It was clear, according to the article, that Target was getting warnings of a serious compromise; even the company’s antivirus system by Symantec, identified suspicious behavior over several days around Thanksgiving
-- pointing to the same server identified by FireEye.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;"><a href="http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data">Read the full story on Businessweek.com</a></div>
<div style="margin: 0px; font-family: Helvetica;"><br>
</div>
<div apple-content-edited="true">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<br>
</div>
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div style="margin: 0px; font-family: Helvetica;">=======================================================================================</div>
<div style="margin: 0px; font-family: Helvetica;">Read all archived Security FYI Newsletter articles and submit comments online at
<a href="http://securityfyi.wordpress.com/"><span style="color: rgb(4, 46, 238);">http://securityfyi.wordpress.com/</span></a>.</div>
<div style="margin: 0px; font-family: Helvetica;">=======================================================================================</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
Monique Buchanan<br>
IT Security Communications Consultant<br>
Information Systems & Technology (IS&T)<br>
Massachusetts Institute of Technology<br>
<a href="http://ist.mit.edu/secure">http://ist.mit.edu/secure</a><br>
tel: 617.253.2715<br>
<br>
<span style="font-family: Helvetica;">"Distrust and caution are the parents of security" - Benjamin Franklin</span></div>
</div>
</div>
<br>
</body>
</html>