[IS&T Security-FYI] SFYI Newsletter, March 30, 2010

Tue Mar 30 15:40:34 EDT 2010

In this issue:

1. Mac OS X Security Updates
2. ID Theft Hits 3.3 Million College Students
3. Tip of the Week: Blackberry Security

---------------------------------------
1. Mac OS X Security Updates
---------------------------------------

The security updates released on March 29 by Apple includes fixes for  
88 security holes. The combination Mac OS X 10.6.3/Security Update  
2010-002 for Mac OS X 10.5.x is a large file and may take up to an  
hour to install, depending on the type of computer being used.

Some flaws addressed in the update include:
AppKit Spellchecker used by Cocoa-based applications in Leopard
CoreAudio/CoreMedia/QuickTime in Snow Leopard
Safari concerning CoreTypes in Leopard/Snow Leopard
DiskImage in Leopard/Snow Leopard
Image RAW in Leopard/Snow Leopard

It can be downloaded as a free update via Software Update or as a  
downloadable installer at the Apple Downloads site: http://support.apple.com/downloads/

Details on the update:
http://support.apple.com/kb/HT4077

-------------------------------------------------------
2. ID Theft Hits 3.3 Million College Students
-------------------------------------------------------

Thieves stole computer discs from Oakdale, Minnesota-based Educational  
Credit Management Corp. (ECMC), getting sensitive information about  
federal student loans. It is believed to be one of the largest cases  
of student identity theft in the U.S., affecting 5 percent of all  
students with federal loans.

Congressional sources said the data were stored on discs contained in  
a safe. The stolen data include names, addresses, dates of birth and  
Social Security numbers. No bank account or other financial  
information was included in the data. Storing this data on removable  
devices was "a clear violation of our company policies and protocols,"  
according to David Hawn, chief business development officer for ECMC.  
He was not able to reveal if the data was encrypted. So far none of  
the data was found to be misused.

Putting data on removable devices is not unique to ECMC. A study  
released by Ipswitch File Transfer shows that 90 percent of IT and  
security professionals use thumb drives or external devices to move  
data. Few bother encrypting data on those devices. Per new  
Massachusetts data breach regulations, all entities that store  
sensitive data of MA residents on removable devices must have that  
data encrypted.

Read the full story here:
http://www.washingtonpost.com/wp-dyn/content/article/2010/03/26/AR2010032605475.html

The response from ECMC is posted here:
http://www.ecmc.org/details/Announcement.html

-------------------------------------------------
3. Tip of the Week: Blackberry Security
-------------------------------------------------

Here are 5 tips posted by ITworld.com for keeping the information on  
your smartphone safe:

1. Set a password
2. Choose the right encryption
3. Lock down Bluetooth connectivity
4. Give on-device data extra protection
5. Wipe discarded devices

Full information on all 5 tips can be found here:
http://www.itworld.com/personal-tech/100637/blackberry-security-five-tips-keep-your-smartphone-safe

= 
= 
= 
========================================================================

Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB 
 >

NOTE: The previous SFYI issue sent was on March 8th. We skipped a few  
weeks due to the editor being on vacation. Look for a regular posting  
of the issues starting next week.

Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS, SSN, OR OTHER PERSONAL  
INFORMATION!
Ignore emails asking you to provide yours. MIT will *NEVER* ask you  
for this information through email.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100330/a4d52699/attachment.htm