[IS&T Security-FYI] Newsletter, May 9, 2008

Monique Yeaton myeaton at MIT.EDU
Fri May 9 12:06:56 EDT 2008 

  In this issue:

1. 2008 Internet Security Trends
2. Safeguards for SSNs


-----------------------------------------
1. 2008 Internet Security Trends
-----------------------------------------

Ironport Systems compiles a report each year on Internet Security  
Trends. This year's report, covering the year 2007, is now available.  
Specific observations include:

-- Email threats increased 100 percent, to more than 120 billion spam  
messages daily. That’s about 20 spam messages per day for every person  
on the planet.

-- Email threats have become more dangerous. Past spam attacks were  
primarily selling some type of product. In 2007, more than 83 percent  
of spam contained a URL. In accordance with a trend towards the  
blending of different malware techniques, URL-based viruses increased  
256 percent.

-- The "self defending bot network" was introduced. The Storm trojan  
is perhaps one of the most sophisticated botnets ever observed. The  
quality and technical sophistication show that these threats are being  
developed by professional engineers.

-- Viruses no longer make headlines, because virus writers have  
evolved from previous mass distribution attacks. Viruses are much more  
polymorphic and typically associated with the proliferation of very  
sophisticated botnets such as Feebs (Feebs is the research name for a  
self-propagating email worm that gives attackers remote access to  
infected computers for the purposes of stealing personal information)  
and Storm.

You can download the report from www.ironport.com/securitytrends/.
Note: On the page to download the 2008 report there's a required  
registration form to fill out. I've already downloaded the file, so if  
you'd like a copy of the PDF and don't want to register, let me know  
and I can email it to you.


------------------------------
2. Safeguards for SSNs
------------------------------

Last December, MIT launched a program to protect personally  
identifying information (PII) in response to concerns about identity  
theft. The initial focus of the program is to identify all the places  
at MIT where Social Security numbers (SSNs) have been collected or  
recorded - computer systems as well as paper files.

In parallel, the program is working to reduce MIT's risks by limiting  
the number of places where SSNs are collected, reducing the number of  
people with access to SSNs, and ensuring that SSNs needed for business  
purposes are effectively protected.

Since the data collection effort encompasses the whole campus, members  
of the PII Team are available to talk with groups or individuals about  
different protection methods, from using cross-cut shredders to  
replacing SSNs with MIT ID numbers on forms.

The PII Team is interested in hearing from community members. If you  
encounter SSNs, especially in unexpected places, or want to request a  
presentation, contact the team at pii-protect at mit.edu. To learn more  
about MIT initiatives to protect sensitive information, visit https://web.mit.edu/infoprotect/initiatives/initiatives.html 
  (certificate required).


=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security

More information about the ist-security-fyi mailing list