<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="margin: 0px; line-height: normal; font-family: Helvetica; min-height: 17px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica;" class="">In this issue:</div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica;" class=""><br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica;" class="">1. Android Security Patch Released by Google</div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica;" class="">2. Microsoft Security Updates for May 2016</div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica;" class="">3. What’s the Problem with the Internet of Things?</div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica;" class=""><br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica; min-height: 17px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica;" class=""><span style="text-decoration: underline" class=""><b class="">1. Android Security Patch Released by Google</b></span></div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica; min-height: 17px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica;" class="">A vulnerability on Android phones was patched this month, as announced in an
<a href="https://source.android.com/security/bulletin/2016-05-01.html" class="">Android Security Bulletin</a>. Android users are encouraged to accept the updates to their devices. Nexus users can receive the patch through an over-the-air update. Partners were
notified and source code released to the Android Open Source Project repository. </div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica; min-height: 17px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica;" class="">The flaw has been
<a href="http://arstechnica.com/security/2016/05/5-year-old-android-vulnerability-exposes-texts-and-call-histories/" class="">
unpatched for the past five years</a>, allowing low-privileged apps to access sensitive data. The vulnerability poses the biggest risk to the user base running versions 4.3 and earlier. However, even on devices running 4.4 or higher, a malicious application
can modify sensitive OS properties. Attackers often combine such exploits with a low-severity exploit to increase their reach into a targeted phone.</div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica; min-height: 17px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica; min-height: 17px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica;" class=""><span style="text-decoration: underline" class=""><b class="">2. Microsoft Security Updates for May 2016</b></span></div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica; min-height: 17px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica;" class="">On May 10, Microsoft released sixteen
<a href="https://technet.microsoft.com/en-us/library/security/ms16-may.aspx" class="">
security bulletins</a>, eight of which are rated critical. They address 51 security vulnerabilities in Microsoft Windows, Internet Explorer (IE), Office, SharePoint Server and Office Web Apps. A patch for Adobe Flash Player is also included, to resolve vulnerabilities
in supported editions on Windows 8.1, Windows Server 2012, Windows Server 2012 RT 8.1, and Windows 10.</div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica; min-height: 17px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica;" class="">The
<a href="https://nakedsecurity.sophos.com/2016/01/07/stop-using-internet-explorer-after-next-tuesday-sort-of/" class="">
critical vulnerabilities in IE</a> should be patched right away. Even if you are not using IE, it runs in the background as a component of Windows and can still be attacked by hackers.</div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica; min-height: 17px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Arial;" class="">As of this month, all Windows updates will be available only through the
<a href="http://catalog.update.microsoft.com/" class="">Microsoft Update Catalog</a>, and not through the Download Center. You can also accept the updates as they occur through Windows Update. You may need to restart your machine after installing patches. Happy
patching!</div>
<div style="margin: 0px; line-height: normal; font-family: Arial; min-height: 16px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Arial; min-height: 16px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica;" class=""><span style="text-decoration: underline" class=""><b class="">3. What’s the Problem with the Internet of Things?</b></span></div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica; min-height: 17px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica;" class="">The
<a href="https://en.wikipedia.org/wiki/Internet_of_Things" class="">Internet of Things (IoT)</a> is the network of all kinds of technology being connected via the Internet. So not just our smart phones, tablets, laptops and computers, but also “things” such
as refrigerators, lights, heating and cooling systems and security systems. These connected devices can make our lives easier, by providing ways to turn them on or off, or set other configurations when we’re not at home. </div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica; min-height: 17px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica;" class="">With this convenience comes risk. The biggest issue is that these IoT devices are made by manufacturers whose main interest is profit, not security. For example, some have default
passwords that are posted on the Internet and cannot be easily changed. Unlike a phone or computer, the software in these devices can quickly become outdated without a way to update it. </div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica; min-height: 17px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica;" class="">OUCH! has a few tips on what you can do to protect your IoT devices.
<a href="https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201605_en.pdf" class="">
See the May Issue</a> (.pdf) to learn more.</div>
<div style="margin: 0px; line-height: normal; font-family: Helvetica;" class=""><br class="">
</div>
<div class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="color: rgb(0, 0, 0); font-family: Avenir; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="color: rgb(0, 0, 0); font-family: Avenir; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<br class="">
Monique Buchanan<br class="">
Communications Specialist<br class="">
Information Systems & Technology (IS&T)<br class="">
Massachusetts Institute of Technology<br class="">
<a href="http://ist.mit.edu" class="">http://ist.mit.edu</a><br class="">
tel: 617.253.2715</div>
<div style="color: rgb(0, 0, 0); font-family: Avenir; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<br class="">
</div>
<br class="Apple-interchange-newline">
</div>
</div>
</div>
<br class="">
</div>
<br class="Apple-interchange-newline">
</div>
<br class="Apple-interchange-newline">
<br class="Apple-interchange-newline">
</div>
<br class="">
</body>
</html>