NCSAM at MIT Wrapped Up

NCSAM 2014 is officially over.

Thank you to all who participated in the events hosted by MIT, including the desk in the Student Center, the talk by Nathan Freitas on Tor going mobile, and the Shred IT effort in the Stata Center lobby. Special thanks to the IS&T Site Team, DITR, Facilities, Cintas Document Management, and The Tor Project for their efforts and time.

How did we do?

  • We had about 150 visitors to the student desk.
  • The talk on Tor was attended by 50 people.
  • At the shredding event we collected nine large bins of paper and at least 2 full pallets of hard drives and floppy disks.

Several people have asked when we will repeat the shredding event. It is possible this may become an annual or bi-annual event; we will be sure to let the community know when the next one is happening.

Due to busy schedules, we are also considering video-taping the security talks, which are schedule to happen every two months. A schedule of upcoming talks will be shared when it becomes available.

Apple Issues iCloud Security Advisory

Last week Apple issued a security warning about attacks attempting to steal information from iCloud users with fraudulent certificates. An Apple support page warns users to heed invalid certificate warnings while visiting iCloud, saying they should never enter login information into websites that present certificate warnings.

Learn to verify that your browser is securely connected to

Program in Applied Cyber Security at MIT

Have you ever considered taking advantage of the amazing educational opportunities at MIT?

MIT Professional Education is organized under the School of Engineering, and provides continuing education courses and lifelong learning opportunities for science and engineering professionals at all levels. MIT faculty teach all Professional Education offerings.

I was poking around their site last week and wouldn’t you know it: a course in Applied Cyber Security is being offered in 2015. According the course description, “experts from academia, the military, and industry share their knowledge to give participants the principles, the state of the practice, and strategies for the future.”

Learn more.

Malicious Ebola-Themed Emails

Fake emails that purport to be from the World Health Organization are inviting people to download an attachment or click a link for more information about the Ebola virus.

Last week US-CERT, a division of the Department of Homeland Security, issued an advisory warning users about spam campaigns that use the Ebola virus to bait users into inadvertently downloading malware. Once the malware program is on the victim’s machine, it can grab shots off the webcam, take control of the machine remotely, or steal passwords.

Read the full story online.

For Your Calendar: Free Webcasts from SANS

Do you have about an hour of free time and want to learn something new from experts in the security field? You can find free webcasts hosted by through their upcoming webcasts page. Recent webcasts are archived. These are some of the topics, among others:

  • What’s in your software? Reduce risk from third-party and open source components (sponsor: Veracode)
  • Watering hole attacks: Detect end-user compromise before the damage is done (sponsor: AlienVault)
  • Zen and the art of network segmentation (sponsor: Tufin Technologies)
  • Ramping up your phishing program (special from SANS)
  • Be ready for a breach with intelligent response (sponsor: McAfee/Intel Security)

You have to log in to to access the material. MIT is a member of SANS, so there is no cost. Much of the information in the Security FYI newsletter comes from SANS sources.

Video: Cybercrime Exposed

In this 2-minute video, Trend Micro educates about the ins and outs of phishing scams, what you might lose when you fall victim, and what you can do to stay protected. This cybercrime exposé specifically looks at a phishing operation that was in affect in Brazil during the 2014 World Cup. Criminals hosted phishing site templates, malware and the victims’ personal documents in an online sharing site. It lured victims to click their links, then stole their money.

Knowing the different tactics used by bad guys will help you avoid becoming a victim of cyber crime.

View the video on YouTube.

Updates on Disabling SSL 3.0

Due to the recent POODLE flaw, Apple will stop supporting SSL 3.0 for push notifications and switch to the TLS encryption standard. Apple announced on its developer site that it will make the switch on October 29.

The push notification service from Apple forwards notifications of third-party applications to iOS devices; it may include badges, sounds or custom text alerts. Apple notes that providers that only support SSL 3.0 will need to transfer to TLS as soon as possible to ensure the service continues to perform as expected.

Other vendors are also updating their services. Twitter already notified users that is has disabled SSL 3.0 support.

Mozilla advised Firefox users to install a Mozilla security add-on that disables SSL 3.0. It will be disabling the old protocol in Firefox 34, the next version of its browser, by the end of November.

University of Michigan researchers have detailed how to disable SSL 3.0 for Internet Explorer and other sites.

Read the story online.


Get every new post delivered to your Inbox.

Join 67 other followers