[IS&T Security-FYI] SFYI Newsletter, April 25, 2011

Monique Yeaton myeaton at MIT.EDU
Mon Apr 25 16:59:34 EDT 2011 

In this issue:


1. Cyberlockers & Copyright

2. What is the iPhone Tracking?

3. Lost Data Rarely Encrypted



------------------------------------

1. Cyberlockers & Copyright

------------------------------------


Cyberlockers are 3rd party file sharing services. Examples of cyberlockers are Dropbox, RapidShare, and Megaupload, which provide users with password-protected spaces online where files can be shared with and downloaded by business colleagues or friends.


Much more convenient than sending file attachments, cyberlockers are very useful for transferring documents or photos between two or more people. Perhaps you're collaborating on a presentation, or are putting together an online photo album for your family. Simply drop the files in the cyberlocker window through your browser.


The concern by copyright holders is that cyberlockers can hold large files as well, such as movies or music. It is common practice for people to share .avi movies and .mp3 songs through a cyberlocker. They are more difficult to monitor, and are invisible to surveillance tools used by anti-piracy groups and copyright holders.


Cyberlocker service providers are well aware of these risks. For example, the Dropbox terms of use state that compliance with DMCA is required, and that users will only upload, post or otherwise transmit data and/or files that they have the lawful right to use, copy, distribute, transmit or display.


Learn more: <http://paidcontent.org/article/419-how-cyberlockers-became-the-biggest-problem-in-piracy/>



-----------------------------------------

2. What is the iPhone Tracking?

-----------------------------------------


3G iPhones have been in the news recently regarding the phone's ability to track user location and store that information on the device. What exactly is the concern regarding this feature?


The concern is that the data is unencrypted and gives anyone with access to your phone or your computer a way to grab the data and extrapolate a person's whereabouts and routines.


Two members of the University of Exeter discovered the log file and created a tool that lets users see a visualization of the data. They say there's no evidence of that information being sent to Apple or anyone else.


CNET has put together a FAQ to help users understand more about the data being collected, what the risks are, and what users can do about it:

<http://news.cnet.com/8301-13579_3-20055885-37.html>


The researches acknowledge that there's no way to turn the tracking feature off. The suggestions offered in the FAQ include making use of the free "Find My iPhone" service by Apple to do a remote wipe if it's lost or stolen. Users can also encrypt the phone's backup files stored by iTunes on their computer.



--------------------------------------

3. Lost Data Rarely Encrypted

--------------------------------------


The Identity Theft Resource Center (ITRC) has been analyzing data breaches from the start of January 2011 to April 2011. During that time, the ITRC counted 130 breaches, exposing a total of 9.5 million records. Their study relied on statements released by breached companies or reliable news reports.


A disturbing find is that lost data of a sensitive nature rarely seems to be protected. According to the ITRC, just 1% of lost data in 2011 was secured using encryption, and only 5% was password protected.


MIT is committed to protecting sensitive data using administrative, technical and physical safeguards, including encryption. MIT asks that all members of the community pay special attention any time this type of data crosses their desks. Learn what employees at MIT can do to mitigate risk: <http://web.mit.edu/infoprotect/overview/index.html>.



Read the story in the news: <http://www.informationweek.com/news/security/attacks/229402094>


===========================================================================================


To read all current and archived articles online, visit the Security-FYI Blog at <http://securityfyi.wordpress.com/>



Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20110425/739b0920/attachment.htm

More information about the ist-security-fyi mailing list