<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Avenir, sans-serif;">
<div>
<p style="margin: 0px; font-family: Helvetica;">In this issue:</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;">1. Cloud Security Research at MIT</p>
<p style="margin: 0px; font-family: Helvetica;">2. Event: Laptop Tagging and Registration, May 6th</p>
<p style="margin: 0px; font-family: Arial;">3. WordPress Releases Update to Address Zero Day Flaw</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;">----------------------------------------------</p>
<p style="margin: 0px; font-family: Helvetica;">1. Cloud Security Research at MIT</p>
<p style="margin: 0px; font-family: Helvetica;">----------------------------------------------</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;">For several years, computer science researchers at MIT have been reviewing and attempting to address the problem of attacks on data in the cloud. A recent method designed by faculty in MIT’s Department of Electrical
Engineering and Computer Science would thwart attacks by disguising memory-access patterns. The scheme would be implemented in custom-built chips that write multiple data queries at the point where data is accessed, serving as a sort of decoy for attackers
who are spying on other people’s data.</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;"><a href="http://newsoffice.mit.edu/2015/cloud-security-chips-0223">Read the full MIT News story</a>.</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;">---------------------------------------------------------------------</p>
<p style="margin: 0px; font-family: Helvetica;">2. Event: Laptop Tagging and Registration, May 6th</p>
<p style="margin: 0px; font-family: Helvetica;">---------------------------------------------------------------------</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;">Come next week to Lobby 10 to register and tag your laptop. This is the last opportunity to do so this semester!</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;">Where: <b>Lobby of Building 10</b></p>
<p style="margin: 0px; font-family: Helvetica;">When: <b>Wed., May 6th, 11:00 am - 1:15 pm</b></p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;">How to pay: $10 cash (no cards) or MIT Cost Object</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;">Just as you might register a bike with the police, you can also register your laptop. Information Systems & Technology partners with MIT Police to provide STOP (Security Tracking of Office Property) tags for laptops.
The tag is affixed to the device, has a unique number, and is registered with a world-wide database.</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;">Capt. Cheryl Vossmer of the MIT Police says that although a STOP tag is not software that can track a device via GPS or other means, it has been very effective at providing a way for lost or stolen laptops to
be returned to their rightful owners.</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;">Read <a href="https://www.stoptheft.com/">
<span style="color: rgb(71, 135, 255);">recovery stories here</span></a> of laptops with STOP tags.</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;">Laptop tagging and registration takes a break during the summer and we will post the next laptop tagging session when available.
<a href="http://kb.mit.edu/confluence/display/istcontrib/MIT+Police+Laptop+Tagging+and+Registration">
<span style="color: rgb(71, 135, 255);">Laptop registration at MIT</span></a>. </p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;">------------------------------------------------------------------------------</p>
<p style="margin: 0px; font-family: Arial;">3. WordPress Releases Update to Address Zero Day Flaw</p>
<p style="margin: 0px; font-family: Helvetica;">------------------------------------------------------------------------------</p>
<p style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</p>
<p style="margin: 0px; font-family: Arial;">This week <a href="https://wordpress.org/news/2015/04/wordpress-4-2-1/">
WordPress released a critical update</a> to fix a vulnerability in its content management system that could be exploited to hijack web admin accounts. An exploit for the vulnerability was released over the weekend. </p>
<p style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</p>
<p style="margin: 0px; font-family: Arial;">Attackers could exploit the flaw by embedding malicious code in a comment. If the attacker has previously made an innocuous post that gets approved by a site administrator, the new comment containing the code would
post automatically and the code would execute. The WordPress update brings the most current version to 4.2.1.</p>
<p style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;"></p>
<p style="margin: 0px; font-family: Arial;"><a href="http://www.zdnet.com/article/millions-of-wordpress-sites-vulnerable-to-hijacking-after-zero-day-exploit-released/">Read the story in the news</a>.</p>
</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div id="">
<div>
<p style="margin: 0px; font-family: Helvetica;">=======================================================================================</p>
<p style="margin: 0px; font-family: Helvetica;">Read all archived Security FYI Newsletter articles and submit comments online at
<a href="http://securityfyi.wordpress.com/"><span style="color: rgb(4, 46, 238);">http://securityfyi.wordpress.com/</span></a>.</p>
<p style="margin: 0px; font-family: Helvetica;">=======================================================================================</p>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Monique Buchanan</div>
<div>Social Communications Specialist</div>
<div>Information Systems & Technology, MIT</div>
<div>tel: 617.253.2715</div>
<div>www.ist.mit.edu</div>
<div><br>
</div>
</div>
</div>
</body>
</html>