[IS&T Security-FYI] Security FYI Newsletter, March 4, 2015

Wed Mar 4 10:27:25 EST 2015

In this issue:

1. Anthem Data Breach
2. EVENT: Laptop Tagging and Registration on March 4th
3. Firefox 36 Fixes Critical Flaws

-------------------------------
1. Anthem Data Breach
-------------------------------

If you are on the MIT Health Plan, you may have received an email from MIT Medical and MIT Benefits regarding the Anthem Data Breach. Anthem was the target of a sophisticated cyber attack that exposed personal data on almost 80 million customers. Read the news story here<http://www.computerworld.com/article/2888267/anthems-now-says-788m-were-affected-by-breach.html>.

Attackers may have been able to access personal information from current and former members of Anthem and Blue Cross and Blue Shield (BCBSMA) insurance companies, including names, medical IDs, social security numbers, street addresses, email information and employment information, but no financial data.

The message from MIT outlines the impact this breach may have on current or former MIT members or their families who were or are on the MIT Health Plan. Only those who have received care in the fourteen states listed here<https://www.anthemfacts.com/> could be affected.

If Anthem and/or BCBSMA believe you have been affected, they will contact you directly. Further information has been posted on the Anthem website<https://www.anthemfacts.com/>.

The FBI says that it is "close" to identifying the parties responsible for the Anthem breach, but will not disclose the information until it is "absolutely sure." Read the news story here<http://www.bloomberg.com/news/articles/2015-02-24/fbi-is-close-to-finding-hackers-in-anthem-health-care-data-theft>.

----------------------------------------------------------------------------
2. EVENT: Laptop Tagging and Registration on March 4th
----------------------------------------------------------------------------

Today there is an opportunity to register and tag your laptop.

Where: Lobby of Building 10
When: Wed., March 4th, 11:00 am - 1:15 pm

Cost: $10 cash (no cards) or MIT Cash Object

Just as you might register a bike with the police, you can also register your laptop. Information Systems & Technology partners with MIT Police to provide STOP (Security Tracking of Office Property) tags for laptops. The tag is affixed to the device, has a unique number, and is registered with a world-wide database.

Capt. Cheryl Vossmer of the MIT Police says that although a STOP tag is not software that can track a device via GPS or other means, it has been very effective at providing a way for lost or stolen laptops to be returned to their rightful owners.

Read recovery stories here<https://www.stoptheft.com/> of laptops with STOP tags.

Learn more about laptop registration at MIT<http://kb.mit.edu/confluence/display/istcontrib/MIT+Police+Laptop+Tagging+and+Registration>. The next laptop tagging session is on April 1st, 2015.

-------------------------------------------
3. Firefox 36 Fixes Critical Flaws
-------------------------------------------

Mozilla has released Firefox 36, which includes fixes for 17 security issues. Three of the flaws are considered critical. The newest version of the browser also supports the HTTP/2 protocol. Read what’s new in this version of Firefox here<https://www.mozilla.org/en-US/firefox/36.0/releasenotes/>.

The big emphasis in Firefox 36 is in the area of Web security. Starting with Firefox 36, Mozilla is now phasing out a number of 1,024-bit root certificates that are used for Web encryption. The move is part of a planned migration toward more secure encryption certificates that use 2,048-bit or higher encryption keys.

Also as part of Firefox 36, the browser is no longer accepting insecure RC4 encryption ciphers. RC4 at one point was a widely deployed encryption technology, but it has been shown to be theoretically exploitable.

Read the news story here<http://www.eweek.com/enterprise-apps/firefox-36-gains-http2-support-fixes-critical-vulnerabilities.html>.

=======================================================================================
Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
=======================================================================================

Monique Buchanan
Social Communications Specialist
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu
tel: 617.253.2715

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20150304/78a35025/attachment.htm